REDUN.NULL

REDUN.NULL is reported when a variable that always has null value is used in an expression .

Vulnerability and risk

A programmer may forget to initialize the variable with its actual value or variable is redundant.

Mitigation and prevention

Use a null constant or initialize the variable properly.

Example 1

10     String search(Collection<String> strings, String prefix) {
11         String res = null;
12         for (final String string : strings) {
13             if (string.startsWith(prefix)) {
14                 return string;
15             }
16         }
17         return res;
18     }

REDUN.NULL is reported for the snippet on line 17: variable 'res' is always null here.

External guidance

• CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

• Null Dereference Training Video - Test your skills with a training example