A NullPointerException is thrown in case of an attempt to dereference a null value. The dereference may be a function call, a read or write of a field, or an array access. NPE.RET is reported for the result of a method call being dereferenced when there is a path on which the value coming from a method call returns null.

As of release 2023.2, this checker supports Jakarta EE.

Example 1

     Reader getReader(String configurationPath) throws IOException {
         File file = new File(configurationPath);
         if (file.exists()) {
             return new BufferedReader(new FileReader(file));
         return null;
     Reader getDefaultReader() throws IOException {
         return getReader("conf");
     public void init() throws IOException {
     private String load(Reader reader) throws IOException {
         StringBuffer sb = new StringBuffer();
         char[] buffer = new char[1024];
         int length;
         while ((length = > 0) {
             sb.append(buffer, 0, length);
         return sb.toString();

NPE.RET is reported for line 29, since the value returned by 'getDefaultReader()' call can be null and it is passed into the 'load(Reader reader)' method as a parameter, where it would be dereferenced.

Security training

Application security training materials provided by Secure Code Warrior.


This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.