CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
常见后果
影响范围: Availability
技术影响: DoS: Resource Consumption (CPU)
潜在缓解措施
阶段: Architecture and Design Implementation
描述: Do not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application.
检测方法
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: SOAR Partial
方法: Manual Static Analysis - Source Code
有效性: SOAR Partial
方法: Automated Static Analysis - Source Code
有效性: High
方法: Architecture or Design Review
有效性: High
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| 7 Pernicious Kingdoms | - | Catching NullPointerException | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | ERR08-J | Do not catch NullPointerException or any of its ancestors | - |