对于下面提到的代码,我面临以下安全警告:
if (null != FacesContext.getCurrentInstance()) {
FacesContext context = FacesContext.getCurrentInstance();
if ((null != context.getApplication())
&& (null != context.getApplication().getVariableResolver())) {
if (null != context.getApplication().getVariableResolver()
.resolveVariable(context, "userBean")) {
Object requestObject = context.getApplication()
.getVariableResolver().resolveVariable(context,
"userBean");
String pRange = ((UserBean) requestObject)
.getPageSize_REM();
page_range = Integer.parseInt(pRange);
}
}
}
我进入强化报告的警告是:
摘要:GrantAccessBackingBean.java中的getList()方法可以
取消引用行上的空指针
2357因为它不检查
返回resolveVariable()的值,
可能会返回null。下沉:
GrantAccessBackingBean.java:2353
requestObject = resolveVariable(...):
VariableResolver.resolveVariable可能
传回NULL()2351
.resolveVariable(上下文,“ userBean”))
{2352对象requestObject =
context.getApplication()2353
.getVariableResolver()。resolveVariable(上下文,
2354“ userBean”);
尽管我正在检查所有空参考条件,但这仍然给了我。有什么建议吗?提前致谢
最佳答案
我的猜测是报告无法确定
if (null != context.getApplication().getVariableResolver()
.resolveVariable(context, "userBean"))
和
Object requestObject = context.getApplication()
.getVariableResolver()
.resolveVariable(context, "userBean");
评估相同。
为什么不将代码更改为
Object requestObject = context.getApplication()
.getVariableResolver()
.resolveVariable(context, "userBean");
if (requestObject != null)
{
}
看看是否有帮助。
(如果不这样做,它将至少摆脱现在为每个空检查提供的重复调用)