Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A method should not return a value or error code that does not accurately specify the object state. Clients should be able to rely on the value for performing critical decisions.

Noncompliant Code Example

As shown in this example, noncompliant methods can silently corrupt the state of the object if they do not return a value that the developer can intuitively interpret.

Code Block
bgColor#FFCCCC
public void updateNode(int id, int newValue){		
  Node current = root;
  while(current != null){
    if(current.getId() == id){
      current.setValue(newValue);
      break;
    }
    current = current.next;
  }
}

Compliant Solution

This compliant solution returns the result of the operation; true for success and false for failure.

Code Block
bgColor#CCCCFF
public boolean updateNode(int id, int newValue){		
  Node current = root;
  while(current != null){
    if(current.getId() == id){
      current.setValue(newValue);
      return true; // Node successfully updated
    }
    current = current.next;
  }
  return false;
}

Compliant Solution

This compliant solution returns the updated Node so that the developer can simply check for a null value lest the operation fails. Return values for methods can vary depending on the control flow or the information that the developer finds more useful.

Code Block
bgColor#CCCCFF
public Node updateNode(int id, int newValue){	
  Node current = root;
  while(current != null){
    if(current.getId() == id){
      current.setValue(newValue);
      return current;
    }
    current = current.next;
  }
  return null;
}

Compliant Solution

This solution combines the best of both worlds - exceptions and status codes. In this case, an exception is thrown if the operation is not successful. This ensures that the client has to handle the event wherein the Node is not found. If the Node is found, it is updated and returned.

Code Block
bgColor#CCCCFF
public Node updateNode(int id, int newValue) throws IdNotFoundException {
  Node current = root;
  while(current != null){
    if(current.getId() == id){
      current.setValue(newValue);
      return current;
    }
    current = current.next;
  }	
  throw new NodeNotFoundException();
}

Risk Assessment

Failure to provide appropriate feedback through return values, error codes and exceptions can lead to inconsistent object state and unexpected program behavior.

Guideline

Severity

Likelihood

Remediation Cost

Priority

Level

MET09-J

medium

probable

medium

P8

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Other Languages

This guideline is similar to the C Secure Coding Standard recommendation ERR02-C. Avoid in-band error indicators

This guideline is similar to the C++ Secure Coding Standard recommendation ERR02-CPP. Avoid in-band error indicators

Bibliography

Wiki Markup
\[[Ware 2008|AA. Bibliography#Ware 08]\]
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 393|http://cwe.mitre.org/data/definitions/393.html] "Return of Wrong Status Code" and [CWE ID 389|http://cwe.mitre.org/data/definitions/393.html] "Error Conditions, Return Values, Status Codes"

...