TL;DR – Using AssertJ can lead to severe issues (or at least unexpected behaviour) in your code. The assertions framework for unit testing handles NULL-values different from what is commonly expected…

Try it yourself: Google “how to check for blank string” – I got about 44 million results. Strings are probably the most common data structures we programmers hand around. In the cross-language String-environment there are well established meanings and commonly shared understandings.

Especially when it comes to the well-known difficulties regarding null strings vs empty strings (and blank strings) it is worth for everyone to follow already wide-spread naming conventions.

AssertJ – Blank vs Null Strings

With Apache Commons StringUtils and Hibernate Validator Constraints two popular and widely adapted projects already established a de-facto definition for a blank string:

“A blank String is a CharSequence that is empty (“”), null or whitespace only.”

While recently investigating a bug in one of our systems, I stumbled upon a slight divergent and unexpected string handling in AssertJ, a fluent assertions framework for Java. This AssertJ misbehaviour has potential to lead to severe troubles – which is why I would argue it’s a bug. As it turns out …

String s = null;

… passes. This is definitely not expected behaviour, since (following the definition above) a null string is commonly considered to be a blank string and vise-versa. So if you’re also used to Apache Commons StringUtils and Hibernate Validators behaviour, you wanna make sure your tests actually also expect the correct behaviour.

Do you know further libraries that follow a different blank string definition or if you have a different opinion about all of this, drop me message via Twitter!

Jan Brennenstuhl

Jan is a software engineer, web security enthusiast & clean code artist. He lives in Berlin, is currently working for Zalando SE and loves his bonsai trees, coffee & road cycling.

jbspeakr jbspeakr

Often supporting open source software is just fixing one tiny thing you stumbled upon. However, getting ready and diving into even the smallest piece of source-code can lead to surprising results. I fixed a small HTTP header extractor for the Spring Security OAuth project recently. Here’s what happened.