@Nullable and SonarQube 'Conditionally execute

2020-08-22 03:32发布

问题:

Package has following package-info.java:

@ParametersAreNonnullByDefault
package foo;
import javax.annotation.ParametersAreNonnullByDefault;

Class has the following method:

private static String toIsoString(@Nullable Instant dateTime) {
  return dateTime == null ? null : dateTime.toString();
}

On which SonarQube (Version 6.2, SonarJava 4.14.0.11784) gives the following warning (squid:S2583):

How can I convince SonarQube that the code is actually correct?

Interestingly, SonarLint plugin (3.0.0.2041) in Idea doesn't generate the same warning.

回答1:

Apparently, this problem was caused by us using sonar-scanner without specifying sonar.java.libraries. Since it's multimodule maven project it wasn't clear to us how to specify sonar.java.libraries correctly.

Nicolas Peru, from SonarSource, suggested that we should use sonar maven plugin, instead of sonar-scanner, as the plugin has access to build classpath of the project. Indeed that solved this problem for us.



回答2:

The JavaDoc of @Nullable says (emphasis mine)

This annotation is useful mostly for overriding a Nonnull annotation. Static analysis tools should generally treat the annotated items as though they had no annotation, unless they are configured to minimize false negatives.

Correspondingly, SonarJava ignores the annotation.

If you'd like to challenge the course of action taken in SonarJava, please open a thread :-)