...
Dereferencing a null pointer can lead to a denial of service. In multithreaded programs, null pointer dereferences can violate cache coherency policies and can cause resource leaks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP01-J | Low | Likely | High | P3 | L3 |
Automated Detection
Null pointer dereferences can happen in path-dependent ways. Limitations of automatic detection tools can require manual inspection of code [Hovemeyer 2007] to detect instances of null pointer dereferences. Annotations for method parameters that must be non-null can reduce the need for manual inspection by assisting automated null pointer dereference detection; use of these annotations is strongly encouraged.
| Tool | Version | Checker | Description |
|---|
FB.CORRECTNESS.NP_ALWAYS_NULL_EXCEPTION
FB.CORRECTNESS.NP_ARGUMENT_MIGHT_BE_NULL
FB.BAD_PRACTICE.NP_BOOLEAN_RETURN_NULL
FB.BAD_PRACTICE.NP_CLONE_COULD_RETURN_NULL
FB.CORRECTNESS.NP_CLOSING_NULL
FB.STYLE.NP_DEREFERENCE_OF_READLINE_VALUE
FB.BAD_PRACTICE.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT
FB.CORRECTNESS.NP_GUARANTEED_DEREF
FB.CORRECTNESS.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATH
FB.STYLE.NP_IMMEDIATE_DEREFERENCE_OF_READLINE
FB.STYLE.NP_LOAD_OF_KNOWN_NULL_VALUE
FB.CORRECTNESS.NP_NONNULL_FIELD_NOT_INITIALIZED_IN_CONSTRUCTOR
FB.CORRECTNESS.NP_NONNULL_PARAM_VIOLATION
FB.CORRECTNESS.NP_NONNULL_RETURN_VIOLATION
FB.STYLE.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE
FB.CORRECTNESS.NP_NULL_ON_SOME_PATH_EXCEPTION
FB.STYLE.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLE
FB.CORRECTNESS.NP_NULL_ON_SOME_PATH
FB.CORRECTNESS.NP_NULL_PARAM_DEREF
FB.CORRECTNESS.NP_NULL_PARAM_DEREF_NONVIRTUAL
FB.CORRECTNESS.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS
FB.STYLE.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE
FB.CORRECTNESS.NP_STORE_INTO_NONNULL_FIELD
FB.CORRECTNESS.NP_UNWRITTEN_FIELD
FB.STYLE.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD
FB.CORRECTNESS.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE
Null pointer dereference in method on exception path
Method does not check for null argument
Method with Boolean return type returns explicit null
Clone method may return null
close() invoked on a value that is always null
Dereference of the result of readLine() without nullcheck
equals() method does not check for null argument
Null value is guaranteed to be dereferenced
Value is null and guaranteed to be dereferenced on exception path
Immediate dereference of the result of readLine()
Load of known null value
Non-null field is not initialized
Method call passes null to a non-null parameter
Method may return null, but is declared @Nonnull
Possible null pointer dereference due to return value of called method
Possible null pointer dereference in method on exception path
Possible null pointer dereference on branch that might be infeasible
Possible null pointer dereference
Method call passes null for non-null parameter (deref)
Non-virtual method call passes null for non-null parameter
Method call passes null for non-null parameter (deref all)
Parameter must be non-null but is marked as nullable
Store of null value into field annotated @Nonnull
Read of unwritten field
Read of unwritten public or protected field
Nullcheck of value previously dereferenced
v7.5
| The Checker Framework |
| Nullness Checker | Null pointer errors (see Chapter 3) | ||||||
| CodeSonar |
| JAVA.DEEPNULL.PARAM.EACTUAL JAVA.DEEPNULL.EFIELD JAVA.DEEPNULL.FIELD JAVA.NULL.PARAM.ACTUAL JAVA.NULL.DEREF JAVA.DEEPNULL.DEREF JAVA.DEEPNULL.RET.EMETH JAVA.DEEPNULL.RET.METH JAVA.NULL.RET.ARRAY JAVA.NULL.RET.BOOL JAVA.NULL.RET.OPT JAVA.STRUCT.UPD JAVA.STRUCT.DUPD JAVA.STRUCT.UPED JAVA.DEEPNULL.PARAM.ACTUAL | Actual Parameter Element may be null Field Element may be null (deep) Field may be null (deep) Null Parameter Dereference Null Pointer Dereference Null Pointer Dereference (deep) Return Value may Contain null Element Return Value may be null Return null Array Return null Boolean Return null Optional Unchecked Parameter Dereference Unchecked Parameter Dereference (deep) Unchecked Parameter Element Dereference (deep) null Passed to Method (deep) | ||||||
| Coverity | v7.5 | FORWARD_NULL | Implemented | ||||||
| Fortify |
| Missing_Check_against_Null | Implemented | ||||||
| Findbugs |
| NP_DEREFERENCE_OF_READLINE_VALUE | Implemented | ||||||
| Parasoft Jtest |
| CERT.EXP01.NP CERT.EXP01.NCMD | Avoid NullPointerException Ensure that dereferenced variables match variables which were previously checked for "null" | |||||||
| PVS-Studio |
| V6008, V6073, V6093 | |||||||
| SonarQube |
| Null pointers should not be dereferenced "toString()" and "clone()" methods should not return null Null should not be returned from a "Boolean" method "@NonNull" values should not be set to null | |||||||
| SpotBugs |
| NP_DEREFERENCE_OF_READLINE_VALUE NP_IMMEDIATE_DEREFERENCE_OF_READLINE NP_ALWAYS_NULL NP_NULL_ON_SOME_PATH NP_NULL_ON_SOME_PATH_EXCEPTION NP_NULL_PARAM_DEREF NP_NULL_PARAM_DEREF_NONVIRTUAL NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS NP_TOSTRING_COULD_RETURN_NULL | Implemented |
Related Vulnerabilities
Java Web Start applications and applets particular to JDK version 1.6, prior to update 4, were affected by a bug that had some noteworthy security consequences. In some isolated cases, the application or applet's attempt to establish an HTTPS connection with a server generated a NullPointerException [SDN 2008]. The resulting failure to establish a secure HTTPS connection with the server caused a denial of service. Clients were temporarily forced to use an insecure HTTP channel for data exchange.
Related Guidelines
Null Pointer Dereference [XYH] | |
CWE-476, NULL Pointer Dereference |
Android Implementation Details
Android applications are more sensitive to NullPointerException because of the constraint of the limited mobile device memory. Static members or members of an Activity may become null when memory runs out.
Bibliography
[API 2006] | |
| [API 2014] | Class java.util.Optional |
"Defect ID 00-0001" | |
[SDN 2008] | |
| [ Seacord 2015 ] | |
| [Urma 2014] | Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional! |
...
...