...
| Code Block | ||
|---|---|---|
| ||
class Inventory {
private static int[] item;
public Inventory() {
item = new int[20];
item[2] = 1; //quantity of item 2 remaining is 1, almost out!
}
public static int[] getStock() {
return item;
}
}
public class Client {
public static void main(String[] args) {
Inventory iv = new Inventory();
int[] item = Inventory.getStock();
if (Arrays.asList(item[1]).contains(1)) {
System.out.println("Almost out of stock!" + item);
}
}
}
|
Risk Assessment
TODOReturning null rather than a zero-length array may lead to vulnerabilities when the client code does not handle null properly.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MET03-J | ?? low ?? | unlikely | ?? high | P?? | L?? |
Automated Detection
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 43: return empty arrays or collections, not nulls |