Catch NullPointerException

NVD Categorization

CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference: Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

Description

It is generally a bad practice to catch NullPointerException.

Programmers typically catch NullPointerException under three circumstances:

The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
The program explicitly throws a NullPointerException to signal an error condition.
The code is part of a test harness that supplies unexpected input to the classes under test.

Of these three circumstances, only the last is acceptable.

Risk Factors

TBD

Examples

The following code mistakenly catches a NullPointerException.

try {
  mysteryMethod();
} catch (NullPointerException npe) {
  ...
}

References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

CWE 79.

Watch Star

Catch NullPointerException

NVD Categorization

Description

Risk Factors

Examples

References

Important Community Links

Upcoming OWASP Global Events

Catch NullPointerException

NVD Categorization

Description

Risk Factors

Examples

Related Attacks

Related Vulnerabilities

Related Controls

References

Important Community Links

Upcoming OWASP Global Events