[RSPEC-2637] "@NonNull" values should not be set to null - SonarSource

Details

Type: Bug Detection
Status: Active
Resolution: Unresolved
Labels:
- cert
- cwe

Message:

Hide
* "xxx" is marked "@yyy" but is set to null.
* Parameter n to this call is marked "@yyy" but null could be passed.
* "xxx" is marked "@yyy" but is not initialized in this constructor
* This method's return value is marked "@yyy" but null is returned.

Show
* "xxx" is marked "@yyy" but is set to null. * Parameter n to this call is marked "@yyy" but null could be passed. * "xxx" is marked "@yyy" but is not initialized in this constructor * This method's return value is marked "@yyy" but null is returned.
Default Severity:
Minor
Impact:
Low
Likelihood:
Low
Default Quality Profiles:

Sonar way
Targeted languages:

Objective-C
Covered Languages:

C, C++, Java
Remediation Function:
Constant/Issue
Constant Cost:
15min
Analysis Scope:

Main Sources
Implementation details:
- java-top

CERT:
EXP01-J.
CWE:
CWE-476

FindBugs:
NP_NONNULL_.*, NP_NULL_PARAM_DEREF.*,NP_STORE_INTO_NONNULL_FIELD,NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE

Description

Fields, parameters and return values marked @NotNull, @NonNull, or @Nonnull are assumed to have non-null values and are not typically null-checked before use. Therefore setting one of these values to null, or failing to set such a class field in a constructor, could cause {{NullPointerException}}s at runtime.

Noncompliant Code Example

public class MainClass {
  
  @Nonnull
  private String primary;
  private String secondary;
  
  public MainClass(String color) {
    if (color != null) {
      secondary = null;
    }
    primary = color;  // Noncompliant; "primary" is Nonnull but could be set to null here
  }
  
  public MainClass() { // Noncompliant; "primary" Nonnull" but is not initialized
  }
  
  @Nonnull
  public String indirectMix() {
    String mix = null;
    return mix;  // Noncompliant; return value is Nonnull, but null is returned.}}
  }

See

MITRE CWE-476 - NULL Pointer Dereference
CERT, EXP01-J. - Do not use a null in a case where an object is required

Attachments

Issue Links

is implemented by

CPP-1521 C rule: "nonnull" pointers should not be set to null

Closed

CPP-1677 C++ Rule: "nonnull" pointers should not be set to null

Closed

CPP-2312 Add 12 rules for Objective-C based on symbolic execution

Closed

SONARJAVA-1563 Rule S2637: "@NonNull" values should not be set to null

Closed

is related to

SONARJAVA-1648 NPE on S2637 on void method annotated with @Nonnull using empty return statement

Closed

CPP-2402 Improve S2637 RSPEC to reflect the rule implementation

Open

SONARJAVA-1681 FP on S2637: Usages of "this" for fields

Closed

SONARJAVA-1977 FP on S2637: Default no-arg constructors for JPA entities

Closed

SONARJAVA-1978 FP on S2637: variable with initializers

Closed

(4 is related to)

Options

Progress

Sub-Tasks

C-Family: "nonnull" pointers should not be set to null

RSPEC-3724

Active

Unassigned

Activity

People

Assignee:

Unassigned

Reporter:

Ann Campbell

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

20/Feb/15 7:12 PM

Updated:

10/Mar/20 6:32 PM