REDUN.NULL is reported when a variable that always has null value is used in an expression .

Vulnerability and risk

A programmer may forget to initialize the variable with its actual value or variable is redundant.

Mitigation and prevention

Use a null constant or initialize the variable properly.

Example 1

     String search(Collection<String> strings, String prefix) {
         String res = null;
         for (final String string : strings) {
             if (string.startsWith(prefix)) {
                 return string;
         return res;

REDUN.NULL is reported for the snippet on line 17: variable 'res' is always null here.

Security training

Application security training materials provided by Secure Code Warrior.