Wiki Markup |
---|
Methods return values to communicate failure or success and at other times, to update the caller's objects or fields. Security risks can arise if return values are simply ignored or if suitable action is not taken on their receipt. Return values may be ignored intentionally or even unintentionally. For example, when getter methods that return a value are named after an action, such as {{ProcessBuilder.redirectErrorStream()}}, a programmer may not realize that a return value is expected. Incidentally, the only purpose of the {{redirectErrorStream()}} method is to tell using a return value, whether the process builder merges standard error and standard output. The action of actually redirecting the error stream is performed by its overloaded single argument version. It is important to read the API documentation so that return values are not ignored |
...
Noncompliant Code Example
This noncompliant code example attempts to delete a file, but does not check whether the operation has succeeded.
Code Block | ||
---|---|---|
| ||
.
{mc}
Another example is ignoring the return value from add() on a HashSet. If duplicate, false will be returned.
{mc}
h2. Noncompliant Code Example
This noncompliant code example attempts to delete a file, but does not check whether the operation has succeeded.
{code:bgColor=#FFcccc}
File someFile = new File("someFileName.txt");
// do something with someFile
someFile.delete();
|
Compliant Solution
This compliant solution checks the (boolean
) value returned by the delete()
method and, if necessary, handles the error.
Code Block | ||
---|---|---|
| ||
{code}
h2. Compliant Solution
This compliant solution checks the ({{boolean}}) value returned by the {{delete()}} method and, if necessary, handles the error.
{code:bgColor=#ccccff}
File someFile = new File("someFileName.txt");
// do something with someFile
if (!someFile.delete()) {
// handle the fact that the file has not been deleted
}
|
Noncompliant Code Example
...
{code} h2. Noncompliant Code Example This noncompliant code example ignores the return value of the {{String.replace}} method. As a result, the original string is not updated even though it seems otherwise. The {{String.replace()}} method does not modify the state of the {{String}} but instead, returns a reference to a new {{String}} object with the replacements in place. |
...
{code | ||
:bgColor | =#FFcccc | }
public class Ignore {
public static void main(String[] args) {
String original = "insecure";
original.replace( 'i', '9' );
System.out.println(original);
}
}
|
Compliant Solution
This compliant solution correctly updates the original
String
object by assigning to it the return value.
Code Block | ||
---|---|---|
| ||
{code} h2. Compliant Solution This compliant solution correctly updates the {{original}} {{String}} object by assigning to it the return value. {code:bgColor=#ccccff} public class DoNotIgnore { public static void main(String[] args) { String original = "insecure"; original = original.replace( 'i', '9' ); System.out.println(original); } } {code} Another source of security vulnerabilities caused by ignoring return values is detailed in [FIO02-J. Keep track of bytes read and account for character encoding while reading data]. |
...
h2. Risk Assessment |
...
Ignoring method return values can lead to unanticipated program behavior. |
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP00- J | medium | probable | medium | P8 | L2 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
This rule appears in the C Secure Coding Standard as EXP12-C. Do not ignore values returned by functions.
This rule appears in the C++ Secure Coding Standard as EXP12-CPP. Do not ignore values returned by functions or methods.
References
...
|| Rule || Severity || Likelihood || Remediation Cost || Priority || Level || | EXP00- J | medium | probable | medium | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} | h3. Automated Detection TODO h3. Related Vulnerabilities Search for vulnerabilities resulting from the violation of this rule on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+EXP02-J]. h2. Other Languages This rule appears in the C Secure Coding Standard as [seccode:EXP12-C. Do not ignore values returned by functions]. This rule appears in the C+\+ Secure Coding Standard as [cplusplus:EXP12-CPP. Do not ignore values returned by functions or methods]. h2. References \[[API 06|AA. Java References#API 06]\] method [delete()|http://java.sun.com/javase/6/docs/api/java/io/File.html#delete()] \[[API 06|AA. Java References#API 06]\] method [replace()|http://java.sun.com/javase/6/docs/api/java/lang/String.html#replace(char,%20char)] \[[Green 08|AA. Java References#Green 08]\] ["String.replace"|http://mindprod.com/jgloss/gotchas.html] \[[Pugh 09|AA. Java References#Pugh 09]\] misusing putIfAbsent \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 252|http://cwe.mitre.org/data/definitions/252.html] "Unchecked Return Value" |
...
----
[!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_left.png!|04. Expressions (EXP)] [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_up.png!|04. Expressions (EXP)] [!The CERT Sun Microsystems Secure Coding Standard for Java^button_arrow_right.png!|EXP01-J. Do not compare String objects using equality or relational operators]
|