ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1696/csharp/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

71 lines
1.3 KiB
Plaintext
Raw Blame History

== Why is this an issue?
``++NullReferenceException++`` should be avoided, not caught. Any situation in which ``++NullReferenceException++`` is explicitly caught can easily be converted to a ``++null++`` test, and any behavior being carried out in the catch block can easily be moved to the "is null" branch of the conditional.
=== Noncompliant code example
[source,csharp]
----
public int GetLengthPlusTwo(string str)
{
int length = 2;
try
{
length += str.Length;
}
catch (NullReferenceException e)
{
log.info("argument was null");
}
return length;
}
----
=== Compliant solution
[source,csharp]
----
public int GetLengthPlusTwo(string str)
{
int length = 2;
if (str != null)
{
length += str.Length;
}
else
{
log.info("argument was null");
}
return length;
}
----
== Resources
* CWE - https://cwe.mitre.org/data/definitions/395[CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Do not catch NullReferenceException; test for null instead.
=== Highlighting
throw new NullReferenceException()
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink