A NullPointerException is thrown in case of an attempt to dereference a null value. The dereference may be a function call, a read or write of a field, or an array access. NPE.RET.UTIL is reported for the result of a method call from a class from the 'java.util' package being dereferenced, in case where this method was described in the knowledge base as the one which can return a null value.

Example 1

     private Map<String, String> paths = new HashMap<String, String>();
     public void addPath(String name, String path) {
         paths.put(name, path);
     private String getNormalizedPath(String name) throws IOException {
         return paths.get(name).toLowerCase();

NPE.RET.UTIL is reported for line 24, since the value returned by 'paths.get(name)' call can be null.

Related checkers

Security training

Application security training materials provided by Secure Code Warrior.


This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.