Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Missing Check against Null  RSS feed

 
Vibhas Kumar
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Freinds!! I am facing the following security warning for the code mentioned below:



The warning that I am getting in fortify Report is :

Abstract: The method getList() in GrantAccessBackingBean.java can dereference a null pointer on
line 2357 because it does not check the return value of resolveVariable(), which might
return null.
Sink: GrantAccessBackingBean.java:2353 requestObject = resolveVariable(...) :
VariableResolver.resolveVariable may return NULL()
2351 .resolveVariable(context, "userBean")) {
2352 Object requestObject = context.getApplication()
2353 .getVariableResolver().resolveVariable(context,
2354 "userBean");



Though I am checking the all null reference condition still it is giving me. Any suggestion ? Thanks in advance
 
Ilari Moilanen
Ranch Hand
Posts: 199
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You do not check if the requestObject is null or not. You just check if the method returns null the first time you call it. The second time you call it it might return null so your code does not quarantee that the resulting object (requestObject) is not null.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!