CWE-395
Use of NullPointerException Catch to Detect NULL Pointer Dereference
AI Translation Available
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
Status
draft
Abstraction
base
Affected Platforms
Java
Extended Description
AI Translation
Programmers typically catch NullPointerException under three circumstances:
- The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
- The program explicitly throws a NullPointerException to signal an error condition.
- The code is part of a test harness that supplies unexpected input to the classes under test.
Of these three circumstances, only the last is acceptable.
Technical Details
AI Translation
Common Consequences
availability
Impacts
dos: resource consumption (cpu)
Detection Methods
automated static analysis - binary or bytecode
dynamic analysis with manual results interpretation
manual static analysis - source code
automated static analysis - source code
architecture or design review
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application.