REDUN.NULL

REDUN.NULL is reported when a variable that always has null value is used in an expression .

Vulnerability and risk

A programmer may forget to initialize the variable with its actual value or variable is redundant.

Mitigation and prevention

Use a null constant or initialize the variable properly.

Example 1

Copy

10
11
12
13
14
15
16
17
18
     String search(Collection<String> strings, String prefix) {
         String res = null;
         for (final String string : strings) {
             if (string.startsWith(prefix)) {
                 return string;
             }
         }
         return res;
     }

REDUN.NULL is reported for the snippet on line 17: variable 'res' is always null here.

External guidance

CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

Null Dereference Training Video - Test your skills with a training example