SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 80

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 81

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: simplified EXP01-EX0

...

EXP01-EX0: A method may dereference an object parameter without testing it for null if the following conditions hold:

  • The object must be a method argument, and not previously accessed
  • There does not exist a better alternate behavior for handling null objects. That is, the method may choose not to do the null check for performance reasons, or it may not have a better alternative for handling the null object.
  • The method must provide API documentation to this effect; that it does not gracefully handle null objects.

method documents that it throws a NullPointerException.

Risk Assessment

Dereferencing a null pointer can lead to a denial of service. In multithreaded programs, null pointer dereferences can violate cache coherency policies and can cause resource leaks.

...

CERT C Secure Coding Standard

EXP34-C. Do not dereference null pointers

CERT C++ Secure Coding Standard

EXP34-CPP. Ensure a null pointer is not dereferenced

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2c3d6015fdefa1ca-168e2622-47794d7d-99148788-6b746d1b3b84a7e69e83df60"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

Null Pointer Dereference [XYH]

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE-476. NULL pointer dereference

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="39cebe0cf9f21cc9-c0d8f6b5-433f4b73-a9a0a9a1-f0a68031e928f9064b8d7aa6"><ac:plain-text-body><![CDATA[

[[API 2006

AA. References#API 06]]

[Method doPrivileged()

http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8637f61e8f837dba-ec153923-42d64b62-b2da9afd-eba3b2a45c80f101fec6b952"><ac:plain-text-body><![CDATA[

[[Hovemeyer 2007

AA. References#Hovemeyer 07]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="062e87f13f3461fd-6feb9841-4e4c4ee7-92eba3dc-a7f113da6b140375265d1e77"><ac:plain-text-body><![CDATA[

[[Reasoning 2003

AA. References#Reasoning 03]]

Defect ID 00-0001

]]></ac:plain-text-body></ac:structured-macro>

 

Null Pointer Dereference

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d6715a4716ac9a21-f5d3c9fb-4f9449cb-b916ad8d-c772cc2642062ca4d3f48a59"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. References#SDN 08]]

[Bug ID 6514454

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6514454]

]]></ac:plain-text-body></ac:structured-macro>

...