...
A method should not return a value or error code that does not accurately specify the object state. Clients should be able to rely on the value for performing critical decisions.
Noncompliant Code Example
As shown in this example, noncompliant methods can silently corrupt the state of the object if they do not return a value that the developer can intuitively interpret.
Code Block | ||
---|---|---|
| ||
public void updateNode(int id, int newValue){ Node current = root; while(current != null){ if(current.getId() == id){ current.setValue(newValue); break; } current = current.next; } } |
Compliant Solution
This compliant solution returns the result of the operation; true
for success and false
for failure.
Code Block | ||
---|---|---|
| ||
public boolean updateNode(int id, int newValue){ Node current = root; while(current != null){ if(current.getId() == id){ current.setValue(newValue); return true; // Node successfully updated } current = current.next; } return false; } |
Compliant Solution
This compliant solution returns the updated Node
so that the developer can simply check for a null
value lest the operation fails. Return values for methods can vary depending on the control flow or the information that the developer finds more useful.
Code Block | ||
---|---|---|
| ||
public Node updateNode(int id, int newValue){ Node current = root; while(current != null){ if(current.getId() == id){ current.setValue(newValue); return current; } current = current.next; } return null; } |
Compliant Solution
This solution combines the best of both worlds - exceptions and status codes. In this case, an exception is thrown if the operation is not successful. This ensures that the client has to handle the event wherein the Node
is not found. If the Node
is found, it is updated and returned.
Code Block | ||
---|---|---|
| ||
public Node updateNode(int id, int newValue) throws IdNotFoundException { Node current = root; while(current != null){ if(current.getId() == id){ current.setValue(newValue); return current; } current = current.next; } throw new NodeNotFoundException(); } |
Risk Assessment
Failure to provide appropriate feedback through return values, error codes and exceptions can lead to inconsistent object state and unexpected program behavior.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MET09-J | medium | probable | medium | P8 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Other Languages
This guideline is similar to the C Secure Coding Standard recommendation ERR02-C. Avoid in-band error indicators
This guideline is similar to the C++ Secure Coding Standard recommendation ERR02-CPP. Avoid in-band error indicators
Bibliography
Wiki Markup |
---|
\[[Ware 2008|AA. Bibliography#Ware 08]\] \[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 393|http://cwe.mitre.org/data/definitions/393.html] "Return of Wrong Status Code" and [CWE ID 389|http://cwe.mitre.org/data/definitions/393.html] "Error Conditions, Return Values, Status Codes" |
...