Try this: Copy Code if (connection != null && conection.State != ConnectionState.Closed) { conection.Close (); } But better, use a using block around your connection creation so it is automatically closed and disposed when it goes out of scope. Difference Between FileInputStream and FileReader in Java, Introduction about the error with example. For an attacker it provides an opportunity to stress the system in unexpected ways. Test every line of code and potential execution path. Fix Suggenstion 11Null Dereference. "The good news about computers is that they do what you tell them to do. Connect and share knowledge within a single location that is structured and easy to search. Most null-pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null-pointer dereference, the attacker may be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information Also, the term 'pointer' is bad (but maybe it comes from the FindBugs tool): Java doesn't have pointers, it has references. Could you share the minimal test case? Understand that English isn't everyone's first language so be lenient of bad
When it comes to these specific properties, you're safe. Reject from the input, any character you don't want in the path. Software Security | Null Dereference - Micro Focus In this paper we discuss some of the challenges of using a null dereference analysis in practice, and reasons why developers may not feel it necessary to change code to prevent ever possible null dereference. Null Dereference Issue New: May 7, 2019 which is not fixed and in the parser, it checks cwe no in also the sample you provided does not contain any cwe no in and in fortify parser it uses this method to extract cwe no which raise problem: If you never set a variable to null you can never have an unexpected null.