更新时间:2023-02-17 13:29:20
要加强的一点是,首先使用无条件的 null
初始化变量,然后再进行更改.
What fortify do not like is the fact that you initialize the variable with null
first, without condition, and then change it.
这应该起作用:
String sortName;
if (lastName != null && lastName.length() > 0) {
sortName = lastName;
} else {
sortName = null;
}
sortOptions.setSortField(sortName);
(或根据需要使用三元运算符)
(Or use the ternary operator if you prefer)
这样,您只初始化一次 sortName
,并明确表明 null
值在某些情况下是正确的,而不是您忘记了某些情况,从而导致变量在意外情况下保持 null
的状态.
This way you initialize sortName
only once, and explicitely show that a null
value is the right one in some cases, and not that you forgot some cases, leading to a var staying null
while it is unexpected.
空取消引用错误是在代码 sortName = lastName;
的行上,而不是setter的调用:forify不想让您有条件地更改a的值设置为 null
而不在所有分支中都这样做的变量.
The Null dereference error was on the line of code sortName = lastName;
not the call of the setter : fortify do not want you to conditionnally change the value of a variable that was set to null
without doing so in all the branches.