rspec/rules/S2259/java/rule.adoc

== Why is this an issue?

A reference to `null` should never be dereferenced/accessed.
Doing so will cause a `NullPointerException` to be thrown.
At best, such an exception will cause abrupt program termination.
At worst, it could expose debugging information that would be useful to an attacker,
or it could allow an attacker to bypass security measures.

Note that when they are present, this rule takes advantage of nullability annotations,
like `@CheckForNull` or `@Nonnull`, defined in https://jcp.org/en/jsr/detail?id=305[JSR-305]
to understand which values can be null or not.
`@Nonnull` will be ignored if used on the parameter of the `equals` method, which by contract should always work with null.

== How to fix it

=== Code examples

==== Noncompliant code example

include::noncompliant-code.adoc[]

==== Compliant solution

include::compliant-code.adoc[]

== Resources

* CWE - https://cwe.mitre.org/data/definitions/476[CWE-476 - NULL Pointer Dereference]
* CERT, EXP34-C. - https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[Do not dereference null pointers]
* CERT, EXP01-J. - https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[Do not use a null in a case where an object is required]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

* 'XXXX' is nullable here and method 'YYY' don't accept nullable argument
* NullPointerException might be thrown as 'XXXX' is nullable here


include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]