CS.NRE.CHECK.MUST
An object reference value that is positively checked for null will be dereferenced either explicitly, or through a call to a function that can dereference it, without checking for null.
Vulnerability and risk
Dereferencing a null object reference is a critical runtime problem that will crash the application on some operating systems and throw a runtime exception on others.
Example 1
Copy
public class A {
public void foo() {
A a = new A();
if (a == null)
a.foo();
}
}
Klocwork produces an issue report (CS.NRE.CHECK.MUST) at line 5 for variable 'a'. Variable 'a' is compared with null value at line 4, and therefore can be expected to be null when it is dereferenced at line 5.
External guidance
Security training
Application security training materials provided by Secure Code Warrior.