DerScanner
Home / Vulnerability Database / Java : Error handling: catching NullPointerException
Java

Java : Error handling: catching NullPointerException

Classification

OWASP MASVS
V7: 7.6.(L1/L2/L1+R/L2+R)
OWASP ASVS
Error Handling and Logging
PCI DSS 4.0
6.2.4
CWE
CWE-395

Overview

Catch exceptions of NullPointerException type is usually considered to be a bad practice.

Catch NullPointerException usually occurs in one of three cases:

  1. There was a null pointer dereference. The developer decided that it is easier to catch an exception than to solve the problem that caused it.
  2. Application deliberately throws NullPointerException to report an error.
  3. NullPointerException catcher is part of the mechanism of testing, in which the application is given incorrect data as an input.

Catching NullPointerException is acceptable only in the latter case.

References

  1. CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference
  2. Class NullPointerException
LOW

DerScanner Severity Score

Do you want to fix Java : Error handling: catching NullPointerException in your application?

See also

Java

Java : Race condition

Java

Java : Text4Shell Vulnerability

Java

Java : JNI usage