An RI.IGNOREDNEW warning appears when there is a call to a constructor method and the result of this method call is ignored. In some cases, it may cause an error (for example, Thread class, because user should start the thread after initialization).

Vulnerability and risk

Misunderstanding of method behavior will cause flaws in application logic.

Mitigation and prevention

Store the value return by the method, for example a=a.trim().

Example 1

      public void runMyProcessing() {
         Runnable myRunnable = new Runnable() {
             public void run() {
                 // do actual processing...
         new Thread(myRunnable); // ignored!

RI.IGNOREDNEW is reported for line 15: Newly created object of type 'java.lang.Thread' is ignored.

Security training

Application security training materials provided by Secure Code Warrior.