ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6555/java/rule.adoc

80 lines
2.0 KiB
Plaintext
Raw Blame History

== Why is this an issue?
A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures.
== How to fix it
=== Code examples
==== Noncompliant code example
[source,java,diff-id=1,diff-type=noncompliant]
----
public boolean isNameEmpty(String givenName, String familyName) {
if (givenName != null && familyName != null) {
return givenName.isEmpty() && familyName.isEmpty();
}
return familyName.isEmpty(); // Noncompliant; familyName may be null
}
----
==== Compliant solution
[source,java,diff-id=1,diff-type=compliant]
----
public boolean isNameEmpty(String givenName, String familyName) {
if (givenName != null && familyName != null) {
return givenName.isEmpty() && familyName.isEmpty();
}
if (familyName != null) {
return familyName.isEmpty();
}
return true;
}
----
==== Noncompliant code example
[source,java,diff-id=2,diff-type=noncompliant]
----
void paint(Color color) {
if (color == null) {
System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown
return;
}
//...
}
----
==== Compliant solution
[source,java,diff-id=2,diff-type=compliant]
----
void paint(Color color) {
if (color == null) {
System.out.println("Unable to apply color.");
return;
}
//...
}
----
== Resources
* https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference
* https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[CERT, EXP34-C.] - Do not dereference null pointers
* https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
* Fix this access on a value that can be null
'''
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink