I have a scenario where I am using Lombok @Builder annotation.Previously I was using static inner builder class but now with the use of Lombok I removed it.
But I am seeing fortify issue of null dereference in the following line of code.Also it makes sense as I am checking for null before but later when using toBuilder I am not checking null.How can I fix this fortify issue, should I do a null check for "requestCheck" again when using toBuilder. requestCheck is a object of type Foo.
public Foo checkLatestMessage(Foo requestCheck){
if (requestCheck != null && requestCheck.isCheckLatestMessage()) { // null check
getLatestMessage(messages);
}
if (someOtherCondition) {
return requestCheck.toBuilder().addMessages(messages).build(); //Null dereference
}
}
Previously I had the code written in the following way when I was using static inner builder class and not Lombok which did not give any fortify issue.How can I achieve this same thing with Lombok Builder so that I don't have to do a null check.
return new Foo.Builder(requestCheck).addMessages(messages).build();
If it is possible for requestCheck to be a null, then it should be correctly handled.
public Foo checkLatestMessage(Foo requestCheck){
if (requestCheck != null) { // null check
if(requestCheck.isCheckLatestMessage()) {
getLatestMessage(messages);
}
if (someOtherCondition) {
return requestCheck.toBuilder().addMessages(messages).build();
}
}
}
Or you could return as soon as requestCheck is null.
public Foo checkLatestMessage(Foo requestCheck){
if (requestCheck == null) { // null check
return null;
}
if(requestCheck.isCheckLatestMessage()) {
getLatestMessage(messages);
}
if (someOtherCondition) {
return requestCheck.toBuilder().addMessages(messages).build();
}
}