NOTE: WORK IN PROGRESS (Just grabbing the topic before someone else)
Sometimes null is returned intentionally to account for zero available instances. This practice can lead to vulnerabilities when the client code does not handle the null return case.
...
The erroneous behavior is caused due to the server getStock returning null while the client main forgets to add in a check for such a value. This noncompliant example shows how the check item != null condition is missing from the if condition in class Clientfunction main.
| Code Block | ||
|---|---|---|
| ||
import#include java.util.Arrays;<stdio.h> classtypedef Inventorystruct { privateint static intitem[20] item; int public Inventory() { item = new int[20]; } public static int[] getStock() { if(item.length == 0) return null; else return item; } } public class Clientlength; } Inventory; int* getStock(Inventory iv); int main (int argc, char* argv[]) { Inventory iv; int i; int* item; iv.length = 0; item = getStock(iv); for (i = 0; i < 20; i++) { public static voidif main(Stringitem[i] args== 1) { printf("Almost out of Inventorystock ivof = new Inventory(item: %d", i); } } return int[] item = Inventory.getStock(); 0; } int* getStock(Inventory iv) { if (Arrays.asList(item[1]).contains(1)iv.length == 0) { System.out.println("Almost out of stock!" + item); } return NULL; } else { return iv.item; } } |
Compliant Solution
Wiki Markup null}} return and simply returns the {{item}} array as is even if it is zero-length. The client main function can effectively handle this situation without exhibiting erroneous behavior. Be careful that the client does not try to access individual elements of a zero-length array such as {{item\[1\]}} while following this recommendation.
| Code Block | ||
|---|---|---|
| ||
import#include java.util.Arrays;<stdio.h> classtypedef Inventorystruct { privateint static intitem[20] item; int public Inventory() { item = new int[20]; item[2] = 1; //quantity of item 2 remaining is 1, almost out! } public static int[] getStock() { return item; } } public class Client { public static void main(String[] args) { Inventory iv = new Inventory(); int[] item = Inventory.getStock(length; } Inventory; int* getStock(Inventory iv); int main (int argc, char* argv[]) { Inventory iv; int i; int* item; iv.length = 0; item = getStock(iv); for (i = 0; i < 20; i++) { if (item[i] == 1) { printf("Almost out of stock of item: %d", i); if (Arrays.asList(item[1]).contains(1)) {} } return System.out.println("Almost out of stock!" + item); } }0; } int* getStock(Inventory iv) { return iv.item; } |
Risk Assessment
Returning null rather than a zero-length array may lead to vulnerabilities when the client code does not handle null properly.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MET03 MSC19-J C | low | unlikely | high | P1 | L3 |
Other Languages
Java: https://www.securecoding.cert.org/confluence/display/java/This rule appears in the Java Secure Coding Standard as MET03-J. + For + methods + that + return + an + array + or + collection + prefer + returning + an + empty + array + or + collection + over + a + null + value.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 43: return empty arrays or collections, not nulls |
...
MET02-J. Avoid ambiguous uses of overloading 09. Methods (MET) MET30-J. Follow the general contract while overriding the equals method 49. Miscellaneous (MSC)