要加强的一点是，首先使用无条件的 null 初始化变量，然后再进行更改.

What fortify do not like is the fact that you initialize the variable with null first, without condition, and then change it.

这应该起作用:

String sortName;
if (lastName != null && lastName.length() > 0) {
   sortName = lastName;
} else {
   sortName = null;
}
sortOptions.setSortField(sortName);

(或根据需要使用三元运算符)

(Or use the ternary operator if you prefer)

这样，您只初始化一次 sortName ，并明确表明 null 值在某些情况下是正确的，而不是您忘记了某些情况，从而导致变量在意外情况下保持 null 的状态.

This way you initialize sortName only once, and explicitely show that a null value is the right one in some cases, and not that you forgot some cases, leading to a var staying null while it is unexpected.

空取消引用错误是在代码 sortName = lastName; 的行上，而不是setter的调用:forify不想让您有条件地更改a的值设置为 null 而不在所有分支中都这样做的变量.

The Null dereference error was on the line of code sortName = lastName; not the call of the setter : fortify do not want you to conditionnally change the value of a variable that was set to null without doing so in all the branches.