DerScanner
Home / Vulnerability Database / C-sharp : Error handling: catching NullReferenceException
C#

C-sharp : Error handling: catching NullReferenceException

Classification

OWASP MASVS
V7: 7.6.(L1/L2/L1+R/L2+R)
OWASP ASVS
Error Handling and Logging
PCI DSS 4.0
6.2.4
CWE
CWE-395

Overview

Catch exceptions of NullReferenceException type is usually considered to be a bad practice.

Catch NullReferenceException usually occurs in one of three cases:

  1. There was a null pointer dereference. The developer decided that it is easier to catch an exception than to solve the problem that caused it.
  2. Application deliberately throws NullReferenceException to report an error.
  3. NullReferenceException catcher is part of the mechanism of testing, in which the application is given incorrect data as an input.

Catching NullReferenceException is acceptable only in the latter case.

References

  1. CWE-395: Use of NullReferenceException Catch to Detect NULL Pointer Dereference
LOW

DerScanner Severity Score

Do you want to fix C-sharp : Error handling: catching NullReferenceException in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined