NPE.RET.UTIL

A NullPointerException is thrown in case of an attempt to dereference a null value. The dereference may be a function call, a read or write of a field, or an array access. NPE.RET.UTIL is reported for the result of a method call from a class from the 'java.util' package being dereferenced, in case where this method was described in the knowledge base as the one which can return a null value.

Example 1

17
18
19
20
21
22
23
24
25
     private Map<String, String> paths = new HashMap<String, String>();
 
     public void addPath(String name, String path) {
         paths.put(name, path);
     }
 
     private String getNormalizedPath(String name) throws IOException {
         return paths.get(name).toLowerCase();
     }

NPE.RET.UTIL is reported for line 24, since the value returned by 'paths.get(name)' call can be null.

Related checkers

• NPE.CONST
• NPE.COND
• NPE.RET
• NPE.STAT

External guidance

• CERT EXP01-J: Do not use a null in a case where an object is required
• CWE-476: NULL Pointer Dereference

Security training

Application security training materials provided by Secure Code Warrior.

• Null Dereference Training Video - Test your skills with a training example

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.