A null return value is an example of an in-band error indicator, which is discouraged by Guideline 52, “Avoid in-band error indicators.” For methods that return a set of values using an array or collection, returning an empty array or collection is an excellent alternative to returning a null value, as most callers are better equipped to handle an empty set than a null value. This practice can lead to denial-of-service vulnerabilities when the client code fails to explicitly handle the null return value case. Some APIs intentionally return a null reference to indicate that instances are unavailable. Return an empty array or collection instead of a null value for methods that return an array or collection Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
0 Comments
Leave a Reply. |