rspec/rules/S2259/java/rule.adoc

A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures.


Note that when they are present, this rule takes advantage of ``++@CheckForNull++`` and ``++@Nonnull++`` annotations defined in https://jcp.org/en/jsr/detail?id=305[JSR-305] to understand which values are and are not nullable except when ``++@Nonnull++`` is used on the parameter to ``++equals++``, which by contract should always work with null.

== Noncompliant Code Example

----
@CheckForNull
String getName(){...}

public boolean isNameEmpty() {
  return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked
}
----

----
Connection conn = null;
Statement stmt = null;
try{
  conn = DriverManager.getConnection(DB_URL,USER,PASS);
  stmt = conn.createStatement();
  // ...

}catch(Exception e){
  e.printStackTrace();
}finally{
  stmt.close();   // Noncompliant; stmt could be null if an exception was thrown in the try{} block
  conn.close();  // Noncompliant; conn could be null if an exception was thrown 
}
----

----
private void merge(@Nonnull Color firstColor, @Nonnull Color secondColor){...}

public  void append(@CheckForNull Color color) {
    merge(currentColor, color);  // Noncompliant; color should be null-checked because merge(...) doesn't accept nullable parameters
}
----

----
void paint(Color color) {
  if(color == null) {
    System.out.println("Unable to apply color " + color.toString());  // Noncompliant; NullPointerException will be thrown
    return;
  }
  ...
}
----

include::../see.adoc[]

ifdef::rspecator-view[]
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::rspecator-view[]
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
Force linebreaks 2021-02-02 15:02:10 +01:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			Note that when they are present, this rule takes advantage of ``++@CheckForNull++`` and ``++@Nonnull++`` annotations defined in https://jcp.org/en/jsr/detail?id=305[JSR-305] to understand which values are and are not nullable except when ``++@Nonnull++`` is used on the parameter to ``++equals++``, which by contract should always work with null.
Add rules 2000-2999 2020-06-30 12:48:07 +02:00
			`== Noncompliant Code Example`

			`----`
			`@CheckForNull`
			`String getName(){...}`

			`public boolean isNameEmpty() {`
			`return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked`
			`}`
			`----`

			`----`
			`Connection conn = null;`
			`Statement stmt = null;`
			`try{`
			`conn = DriverManager.getConnection(DB_URL,USER,PASS);`
			`stmt = conn.createStatement();`
			`// ...`

			`}catch(Exception e){`
			`e.printStackTrace();`
			`}finally{`
			`stmt.close(); // Noncompliant; stmt could be null if an exception was thrown in the try{} block`
			`conn.close(); // Noncompliant; conn could be null if an exception was thrown`
			`}`
			`----`

			`----`
			`private void merge(@Nonnull Color firstColor, @Nonnull Color secondColor){...}`

			`public void append(@CheckForNull Color color) {`
			`merge(currentColor, color); // Noncompliant; color should be null-checked because merge(...) doesn't accept nullable parameters`
			`}`
			`----`

			`----`
			`void paint(Color color) {`
			`if(color == null) {`
			`System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown`
			`return;`
			`}`
			`...`
			`}`
			`----`

			`include::../see.adoc[]`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
			`ifdef::rspecator-view[]`
			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`
			`endif::rspecator-view[]`