JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
Java

JAVA.FUNCS.APE : Array Parameter Empty (Java)

Summary

An empty array is passed to a method instead of an array of the proper size.

It is often convenient to use a literal or a unique object instead of explicitly constructing new instances, when the same object is used many times, since distinct objects are created at each new statement, which affects the performance of the code. Moreover, objects used instead of literals are often short-lived and consequently must be claimed back from the garbage-collector.

Properties

Class Name Array Parameter Empty (Java)
Significance reliability
Mnemonic JAVA.FUNCS.APE
Categories
CWE CWE:628 Function Call with Incorrectly Specified Arguments
OWASP-2021 OWASP-2021:A4 Insecure design
OWASP-2025 OWASP-2025:A06 Insecure Design
Availability Available for Java and Kotlin.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Array Parameter Empty (Java)"

Example

In the following code example an empty array (new String[0]) is passed as parameter to the toArray method. This lead to a code inefficiency if the set is not empty. As reported in the Java documentation for toArray(), if an array is not big enough, another new array of the same runtime type is allocated. Therefore new String[0] would be instanced for nothing.

public class ArrayFactory {

  public static String[] toArray(Set<String> set) {
      return set.toArray(new String[0]); // "Array Parameter Empty (Java)" warning issued here
  }
}

The programmer could modify the program to address the problem as follows.

public class ArrayFactory {

  public static String[] toArray(Set<String> set) {
      return set.toArray(new String[set.size()]);
  }
}

Resolution

Use factory methods or the automatic boxing mechanism instead of the instantiation of a primitive wrapper class.

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.