NPE.STAT

A NullPointerException is thrown in case of an attempt to dereference a null value. The dereference may be a function call, a read or write of a field, or an array access. NPE.STAT is reported for the result of a method call being dereferenced when the source code of the method is unavailable, but statistics indicate that it can return null. Statistics are gathered for the null checks applied to the values returned by methods.

Example 1

22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
     public void printAbsoluteParentPath() {
         final File parent = f.getParentFile();
         if (parent != null) {
             String absolutePath = parent.getAbsolutePath();
             System.out.println("absolute path " + absolutePath);
         }
     }
 
     public void printCanonicalParentPath() throws IOException {
         final File parent = f.getParentFile();
         if (parent != null) {
             String canonicalPath = parent.getCanonicalPath();
             System.out.println("canonical path: " + canonicalPath);
         }
     }
 
     public void printParentPath() throws IOException {
         String path = f.getParentFile().getPath();
         System.out.println("path " + path);
     }

NPE.STAT is reported for line 39, since the value returned by 'getParentFile()' is usually checked for null before dereferencing, so there is a possibility of an NPE here.

Related checkers

• NPE.CONST
• NPE.COND
• NPE.RET
• NPE.RET.UTIL

External guidance

• CWE-476: NULL Pointer Dereference
• CERT EXP01-J: Do not use a null in a case where an object is required

Security training

Application security training materials provided by Secure Code Warrior.

• Null Dereference Training Video - Test your skills with a training example

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.