rspec/rules/S2259/java/rule.adoc

== Why is this an issue?

A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures.


Note that when they are present, this rule takes advantage of ``++@CheckForNull++`` and ``++@Nonnull++`` annotations defined in https://jcp.org/en/jsr/detail?id=305[JSR-305] to understand which values are and are not nullable except when ``++@Nonnull++`` is used on the parameter to ``++equals++``, which by contract should always work with null.

=== Noncompliant code example

[source,java]
----
@CheckForNull
String getName(){...}

public boolean isNameEmpty() {
  return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked
}
----

[source,java]
----
Connection conn = null;
Statement stmt = null;
try{
  conn = DriverManager.getConnection(DB_URL,USER,PASS);
  stmt = conn.createStatement();
  // ...

}catch(Exception e){
  e.printStackTrace();
}finally{
  stmt.close();   // Noncompliant; stmt could be null if an exception was thrown in the try{} block
  conn.close();  // Noncompliant; conn could be null if an exception was thrown 
}
----

[source,java]
----
private void merge(@Nonnull Color firstColor, @Nonnull Color secondColor){...}

public  void append(@CheckForNull Color color) {
    merge(currentColor, color);  // Noncompliant; color should be null-checked because merge(...) doesn't accept nullable parameters
}
----

[source,java]
----
void paint(Color color) {
  if(color == null) {
    System.out.println("Unable to apply color " + color.toString());  // Noncompliant; NullPointerException will be thrown
    return;
  }
  ...
}
----

== Resources

* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference
* https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[CERT, EXP34-C.] - Do not dereference null pointers
* https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

* 'XXXX' is nullable here and method 'YYY' don't accept nullable argument
* NullPointerException might be thrown as 'XXXX' is nullable here


include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 23 Mar 2015, 13:15:46 Freddy Mallet wrote:
@Ann, could you review this sub-task ? Thanks

=== on 24 Mar 2015, 12:47:38 Samuel Mercier wrote:
first example is wrong, since ``++instanceof++`` would return ``++false++`` if ``++obj++`` is ``++null++``.

Interestingly, from null/notnull point of view, ``++a instanceof b++`` is equivalent to ``++a != null++``

=== on 24 Mar 2015, 13:45:55 Samuel Mercier wrote:
\[~ann.campbell.2] I updated the first non compliant code snippet.

=== on 24 Mar 2015, 15:02:13 Samuel Mercier wrote:
Removed message * NullPointerException will be thrown as 'XXXX' is for sure null here, since we are currently unable to make distinction between @Nullable and if (... == null)

=== on 19 Sep 2019, 05:14:31 QXO wrote:
This code shouldnot should not be a issue ( in `url.substring(0,start)` url never not null)

It's sonarqube(7.9.1) check implements issue, please fix the issue:)

----
public String testSonarNullCheckIssue(final String url,final boolean isUrl) { 
   int start = url != null && isUrl ? url.indexOf('?') : -1;
   if(start != -1 ){ 
       return url.substring(0,start);
   }
   return url;
} {code}

ref: https://drive.google.com/open?id=1MuZMBm8bkwz_Q5mZIwEaDsJoh-qaopW_
----

=== on 19 Sep 2019, 07:24:31 Alexandre Gigleux wrote:
Thanks for the feedback [~qxo]!

Can you report the FP in the community forum \https://community.sonarsource.com/tags/c/bug/fp/java so it gets more visibility and be addressed?

JIRA comments are not convenient to manage FPs.

Thanks

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			Note that when they are present, this rule takes advantage of ``++@CheckForNull++`` and ``++@Nonnull++`` annotations defined in https://jcp.org/en/jsr/detail?id=305[JSR-305] to understand which values are and are not nullable except when ``++@Nonnull++`` is used on the parameter to ``++equals++``, which by contract should always work with null.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`----`
			`@CheckForNull`
			`String getName(){...}`

			`public boolean isNameEmpty() {`
			`return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked`
			`}`
			`----`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`----`
			`Connection conn = null;`
			`Statement stmt = null;`
			`try{`
			`conn = DriverManager.getConnection(DB_URL,USER,PASS);`
			`stmt = conn.createStatement();`
			`// ...`

			`}catch(Exception e){`
			`e.printStackTrace();`
			`}finally{`
			`stmt.close(); // Noncompliant; stmt could be null if an exception was thrown in the try{} block`
			`conn.close(); // Noncompliant; conn could be null if an exception was thrown`
			`}`
			`----`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`----`
			`private void merge(@Nonnull Color firstColor, @Nonnull Color secondColor){...}`

			`public void append(@CheckForNull Color color) {`
			`merge(currentColor, color); // Noncompliant; color should be null-checked because merge(...) doesn't accept nullable parameters`
			`}`
			`----`

RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 2000-2999 2020-06-30 12:48:07 +02:00			`----`
			`void paint(Color color) {`
			`if(color == null) {`
			`System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown`
			`return;`
			`}`
			`...`
			`}`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00			`* https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[CERT, EXP34-C.] - Do not dereference null pointers`
			`* https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== Message`

			`* 'XXXX' is nullable here and method 'YYY' don't accept nullable argument`
			`* NullPointerException might be thrown as 'XXXX' is nullable here`

RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`include::../highlighting.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== on 23 Mar 2015, 13:15:46 Freddy Mallet wrote:`
			`@Ann, could you review this sub-task ? Thanks`

			`=== on 24 Mar 2015, 12:47:38 Samuel Mercier wrote:`
			first example is wrong, since ``++instanceof++`` would return ``++false++`` if ``++obj++`` is ``++null++``.

			Interestingly, from null/notnull point of view, ``++a instanceof b++`` is equivalent to ``++a != null++``

			`=== on 24 Mar 2015, 13:45:55 Samuel Mercier wrote:`
			`\[~ann.campbell.2] I updated the first non compliant code snippet.`

			`=== on 24 Mar 2015, 15:02:13 Samuel Mercier wrote:`
			`Removed message * NullPointerException will be thrown as 'XXXX' is for sure null here, since we are currently unable to make distinction between @Nullable and if (... == null)`

			`=== on 19 Sep 2019, 05:14:31 QXO wrote:`
			This code shouldnot should not be a issue ( in `url.substring(0,start)` url never not null)

			`It's sonarqube(7.9.1) check implements issue, please fix the issue:)`

			`----`
			`public String testSonarNullCheckIssue(final String url,final boolean isUrl) {`
			`int start = url != null && isUrl ? url.indexOf('?') : -1;`
			`if(start != -1 ){`
			`return url.substring(0,start);`
			`}`
			`return url;`
			`} {code}`

			`ref: https://drive.google.com/open?id=1MuZMBm8bkwz_Q5mZIwEaDsJoh-qaopW_`
			`----`

			`=== on 19 Sep 2019, 07:24:31 Alexandre Gigleux wrote:`
			`Thanks for the feedback [~qxo]!`

			`Can you report the FP in the community forum \https://community.sonarsource.com/tags/c/bug/fp/java so it gets more visibility and be addressed?`

			`JIRA comments are not convenient to manage FPs.`

			`Thanks`

			`include::../comments-and-links.adoc[]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`