CS.CMP.VAL.NULL

Entity of a type parameter without reference constraints in a generic type is compared with 'null'.

Vulnerability and risk

If a type parameter in a generic type has no reference contraints, it can be substituted with a value type. Comparing value type entities with 'null' always returns false and is therefore useless.

Example 1

1  namespace Namespace {
2      class Foo<T1> where T1: class {
3          T1 t;
4          bool checkT() {
5              return (t == null);  // OK - cannot be a value type
6          }
7      }
8      class Bar<T2> where T2: struct {
9          T2 t;
10         bool setT(T2 arg) {
11             if (arg != null)     // defect
12                 t = arg;
13         }
14     }
15 }

Security training

Application security training materials provided by Secure Code Warrior.