Some APIs intentionally return a null reference to indicate that instances are unavailable. This practice can lead to denial-of-service vulnerabilities when the client code fails to explicitly handle the null return value case. A null value is an example of an in-band error indicator, which is discouraged by ERR52-J. Avoid in-band error indicators. For methods that return a set of values using an array or collection, returning an empty array or collection is an excellent alternative to returning a null value, as most callers are better equipped to handle and empty set than a null value.
Noncompliant Code Example
This noncompliant code example returns a null
ArrayList when the size of the
ArrayList is 0. The class
Inventory contains a
getStock() method that constructs a list of items that have 0 inventory and returns the list of items to the caller.
When the size of this list is 0, a null value is returned with the assumption that the client will install the necessary checks. In this code example, the client lacks any null value check, causing a
NullPointerException at runtime.
Instead of returning a null value, this compliant solution simply returns the
List, even when it is empty.
The client can handle this situation effectively without being interrupted by runtime exceptions. When returning arrays rather than collections, ensure that the client avoids attempts to access individual elements of a zero-length array. This prevents an
ArrayOutOfBoundsException from being thrown.
This compliant solution returns an explicit empty list, which is an equivalent, permissible technique.
Returning a null value rather than a zero-length array or collection may lead to denial-of-service vulnerabilities when the client code fails to handle null return values properly.
Automatic detection is straightforward; fixing the problem typically requires programmer intervention.
|Item 43, "Return Empty Arrays or Collections, Not Nulls"