I've been messing around with security issues and vulnerabilities lately, and in my research I came across an article that intrigued me.
According to OWASP :
Description It is generally bad practice to catch NullPointerException.
Programmers typically catch NullPointerException under three circumstances:
1 - The program contains a null pointer dereference. Catching the resulting exception was easier than fixing the underlying problem.
2 - The program explicitly throws a NullPointerException to signal an error condition.
3 -The code is part of a harness test that supplies unexpected input to the classes under test. Of these three circumstances, only the last is acceptable.
That is, according to this text, the only acceptable situation for capturing NullPointerException
is in test cases, where the input may be something unexpected.
Why is not it a good idea to capture NullPointerException
?
Since it is not a good idea, how should I proceed if this exception is plausible within a scope?
How can NullPointerException
be a threat to my system?