开发者

Explanation and fix for Possible null pointer dereference of

Code review tool is complaining Possible null pointer dereference of safeScanWarnings in saveSafeScan(...) At the line if (safeScanWarnings != Null & safeScanWarnings.size() > 0)

I am wondering how is this possible? Is this because we are returning the collection by reference?

protected void saveSafeScan(final Response response, final Dtec dtec) throws dtecException
    {
        Collection<String> safeScanWarnings = dtec.getSafeScanWarnings();
        if (safeScanWarnings!=null && safeScanWarnings.size()>0)
        {
            Iterator<String> iterator = safeScanWarnings.iterator();

            int i = 0;
            while (iterator.hasNext())
            {
                String safeScanCode = iterator.next();
                if (i == 0)
                {
                    response.setSafeScanCode(safeScanCode);
                    response.setSafeScanCodeText(getMessage(String.format("DTECRE开发者_开发知识库SPONSE_SAFESCANCODE_%s",
                            StringUtils.trimToEmpty(safeScanCode))));
                }
                SafeScanWarning safeScan = new SafeScanWarning();
                safeScan.setCode(safeScanCode);
                safeScan.setMessage(String.format("DTECRESPONSE_SAFESCANCODE_%s", StringUtils.trimToEmpty(safeScanCode)));
                safeScan.setPriority(i);
                response.getSafeScanWarnings().add(safeScan);
                i++;
            }
        }
    }


If it's really pointing to that line, it looks like a bug in the code review tool to me.

As it's a local variable, there's no chance that it'll be changed by anything else between the nullity check and the size() call - so there's no way it'll throw a NullPointerException.


There is a branch of statement that, if executed, guarantees that a null value will be dereferenced, which would generate a NullPointerException when the code is executed. Of course, the problem might be that the branch or statement is infeasible and that the NullPointerException cannot ever be thrown. Deciding that is beyond the ability of FindBugs.


Attribute "dtec" should be securised:

    if (null!=dtec && null!=safeScanWarnings && safeScanWarnings.size()>0)
    {
      Collection<String> safeScanWarnings = dtec.getSafeScanWarnings();
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜