NPE.STAT
A NullPointerException is thrown in case of an attempt to dereference a null value. The dereference may be a function call, a read or write of a field, or an array access. NPE.STAT is reported for the result of a method call being dereferenced when the source code of the method is unavailable, but statistics indicate that it can return null. Statistics are gathered for the null checks applied to the values returned by methods.
Example 1
public void printAbsoluteParentPath() {
final File parent = f.getParentFile();
if (parent != null) {
String absolutePath = parent.getAbsolutePath();
System.out.println("absolute path " + absolutePath);
}
}
public void printCanonicalParentPath() throws IOException {
final File parent = f.getParentFile();
if (parent != null) {
String canonicalPath = parent.getCanonicalPath();
System.out.println("canonical path: " + canonicalPath);
}
}
public void printParentPath() throws IOException {
String path = f.getParentFile().getPath();
System.out.println("path " + path);
}
NPE.STAT is reported for line 39, since the value returned by 'getParentFile()' is usually checked for null before dereferencing, so there is a possibility of an NPE here.
Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.
Extension
This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.