4e0e265d9e
They redirect to https://wiki.sei.cmu.edu. Fix broken links for open rules. Remove broken links from closed rules. Remove links in Java rules for CERT C rules with no obvious replacement. Expand broken tinyurl to CERT.
64 lines
1.4 KiB
Plaintext
64 lines
1.4 KiB
Plaintext
== Why is this an issue?
|
|
|
|
``++NullPointerException++`` should be avoided, not caught. Any situation in which ``++NullPointerException++`` is explicitly caught can easily be converted to a ``++null++`` test, and any behavior being carried out in the catch block can easily be moved to the "is null" branch of the conditional.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
public int lengthPlus(String str) {
|
|
int len = 2;
|
|
try {
|
|
len += str.length();
|
|
}
|
|
catch (NullPointerException e) {
|
|
log.info("argument was null");
|
|
}
|
|
return len;
|
|
}
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
public int lengthPlus(String str) {
|
|
int len = 2;
|
|
|
|
if (str != null) {
|
|
len += str.length();
|
|
}
|
|
else {
|
|
log.info("argument was null");
|
|
}
|
|
return len;
|
|
}
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* CWE - https://cwe.mitre.org/data/definitions/395[CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference]
|
|
* CERT - https://wiki.sei.cmu.edu/confluence/display/java/ERR08-J.+Do+not+catch+NullPointerException+or+any+of+its+ancestors[ERR08-J. Do not catch NullPointerException or any of its ancestors]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Make the dereference of XXX conditional on its not being null
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|