5

This is my code:

const a = function(obj) {
  for (let key in obj) {
    if (!obj.hasOwnProperty(key)) {
      continue;
    }
    console.info(key.split('_'));
  }
};
a({a_b: 123});

I thought there is no problem at all but SonarQube gives me a critical error:

TypeError can be thrown as "key" might be null or undefined here.

The word key in key.split('_') is highlighted. Indicating variable key can be undefined/null here.

I tried to pass in something like {[undefined]: 123}, and the variable key becomes a string "undefined" instead of real undefined.

Hence. I am wondering will the key be undefined/null in any possible situation? Or is it just a False Positive?

Here is a screenshot:

Picture

SCLeo
  • 353
  • 3
  • 14
  • @Aᴍɪʀ That was a typo, the console.info is inside the for loop and the error still exists. – SCLeo Nov 03 '16 at 02:04
  • `key` is defined at updated Question. Not certain what you are trying to determine? – guest271314 Nov 03 '16 at 02:05
  • 3
    Hmmm. Maybe there's a bug in SonarQube. I've never worked with it. Keys in objects are always strings, so there's no way `key` become `undefined`. – Aᴍɪʀ Nov 03 '16 at 02:08
  • @Aᴍɪʀ `{}` would have an `undefined` key. Or, at least log `undefined` at `console` if passed to `for..in`. – guest271314 Nov 03 '16 at 02:08
  • 2
    @guest271314 no, that's just the output of the command as it gets evaluated by console. – Aᴍɪʀ Nov 03 '16 at 02:09
  • @Aᴍɪʀ What is occurring at `for (let j in {}) console.log(j)` ? – guest271314 Nov 03 '16 at 02:10
  • @Aᴍɪʀ `console.log()` is not reached? – guest271314 Nov 03 '16 at 02:12
  • 1
    @guest271314 try `for (let j in {}) console.log('x:'+j)`, see what you got. – Takahiro Nov 03 '16 at 02:12
  • @Aᴍɪʀ, ooops :) – Takahiro Nov 03 '16 at 02:14
  • 1
    @Aᴍɪʀ He already deleted them... Anyway, thanks for indicating the fact that "Keys in objects are always strings". I definitely read that sentence somewhere else before and now I just recognized it. It should be a bug of SonarQube then. – SCLeo Nov 03 '16 at 02:18
  • The actual bug in your code is the [`obj.hasOwnProperty` call](http://stackoverflow.com/a/13296897/1048572). – Bergi Nov 03 '16 at 09:12
  • @Bergi Why that is a bug? – SCLeo Nov 03 '16 at 21:48
  • @SCLeo Because it doesn't work if your object has an `hasOwnProperty` property (which is usually more probably than `obj` inheriting some enumerable properties). It needs to be `Object.prototype.hasOwnProperty.call(obj)`, or you should just omit it completely. – Bergi Nov 04 '16 at 16:16
  • @Bergi Please, please don't give SonarQube more ideas about things to complain about. –  Nov 04 '16 at 16:26
  • @Bergi Oh yea, that is true... But I don't think I will ever have that problem. The reason I add hasOwnProperty here is to prevent prototype pollution... – SCLeo Nov 05 '16 at 03:22
  • @torazaburo Actually, that would be one good thing more linters should complain about :-) – Bergi Nov 05 '16 at 18:29

1 Answers1

8

That's a known bug in the SonarQube JavaScript analyser which was fixed a few months ago. You should upgrade to the latest version of the JavaScript plugin.

Pierre-Yves
  • 1,476
  • 10
  • 15