Why is this an issue?
NullReferenceException should be avoided, not caught. Any situation in which NullReferenceException is explicitly caught
can easily be converted to a null test, and any behavior being carried out in the catch block can easily be moved to the "is null" branch
of the conditional.
Noncompliant code example
public int GetLengthPlusTwo(string str)
{
int length = 2;
try
{
length += str.Length;
}
catch (NullReferenceException e)
{
log.info("argument was null");
}
return length;
}
Compliant solution
public int GetLengthPlusTwo(string str)
{
int length = 2;
if (str != null)
{
length += str.Length;
}
else
{
log.info("argument was null");
}
return length;
}
Resources
- MITRE, CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference
