Methods return values to communicate failure or success and at other times, to update the caller's objects or fields. Security risks canmay arise when ifmethod return values are simply ignored or if suitable action is not takenwhen the invoking method fails to take suitable action on their receipt. Return values may be ignored intentionally or even unintentionally. For example, when When getter methods that return a value are named after an action, such as {{ProcessBuilder.redirectErrorStream()}} for example, a programmer may fail notto realize that a return value is expected. Incidentally,Note that the only purpose of the {{redirectErrorStream()}} method is toreport tellvia usingits a return value, whether the process builder merges standard error and standard output.; Thethe actionmethod ofthat actually performs redirectingredirection of the error stream is performed by itsthe overloaded single -argument version. It is important to read the API documentation so that return values are not ignored.
{mc}
Another example is ignoring the return value from add() on a HashSet. If duplicate, false will be returned.
{mc}
h2. Noncompliant Code Example (File deletion)
This noncompliant code example attempts to delete a file, but doesfails notto check whether the operation has succeeded.
{code:bgColor=#FFcccc}
File someFile = new File("someFileName.txt");
// do something with someFile
someFile.delete();
{code}
h2. Compliant Solution
This compliant solution checks the ({{boolean}}) value returned by the {{delete()}} method and, ifhandles necessary,errors handlesas the errorappropriate.
{code:bgColor=#ccccff}
File someFile = new File("someFileName.txt");
// do something with someFile
if (!someFile.delete()) {
// handle thefailure factto thatdelete the file has not been deleted
}
{code}
h2. Noncompliant Code Example (String replacement)
This noncompliant code example ignores the return value of the {{String.replace}} method. As a result,, and so fails to update the original string is not updated even though it seems otherwise. The {{String.replace()}} method doescannot not modify the state of the {{String}} (because {{String}} but instead, objects are immutable); rather, it returns a reference to a new {{String}} object withcontaining the replacementsdesired in placeresult.
{code:bgColor=#FFcccc}
public class Ignore {
public static void main(String[] args) {
String original = "insecure";
original.replace( 'i', '9' );
System.out.println(original);
}
}
{code}
h2. Compliant Solution
This compliant solution correctly updates the {{originalString}} reference {{Stringoriginal}} objectwith bythe assigningreturn tovalue itfrom the return value{{String.replace}} method.
{code:bgColor=#ccccff}
public class DoNotIgnore {
public static void main(String[] args) {
String original = "insecure";
original = original.replace( 'i', '9' );
System.out.println(original);
}
}
{code}
Another source of security vulnerabilities caused by ignoring return values is detailed inSee also guideline [FIO02-J. Keep track of bytes read and account for character encoding while reading data].
h2. Risk Assessment
Ignoring method return values can lead to unanticipated program behavior.
|| Guideline || Severity || Likelihood || Remediation Cost || Priority || Level ||
| EXP00-J | medium | probable | medium | {color:#cc9900}{*}P8{*}{color} | {color:#cc9900}{*}L2{*}{color} |
h3. Automated Detection
The Coverity Prevent Version 5.0 *CHECKED_RETURN* checker can detect the instance where Value returned from a function is not checked for errors before being used.
h3. Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the [CERT website|https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+EXP02-J].
h2. Other Languages
This guideline appears in the C Secure Coding Standard as [seccode:EXP12-C. Do not ignore values returned by functions].
This guideline appears in the C+\+ Secure Coding Standard as [cplusplus:EXP12-CPP. Do not ignore values returned by functions or methods].
h2. Bibliography
\[[API 2006|AA. Bibliography#API 06]\] method [delete()|http://java.sun.com/javase/6/docs/api/java/io/File.html#delete()]
\[[API 2006|AA. Bibliography#API 06]\] and method [replace()|http://java.sun.com/javase/6/docs/api/java/lang/String.html#replace(char,%20char)]
\[[Green 2008|AA. Bibliography#Green 08]\] ["String.replace"|http://mindprod.com/jgloss/gotchas.html]
\[[Pugh 2009|AA. Bibliography#Pugh 09]\] misusing putIfAbsent
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 252|http://cwe.mitre.org/data/definitions/252.html] "Unchecked Return Value"
\[[Pugh 2009|AA. Bibliography#Pugh 09]\] misusing putIfAbsent
----
[!The CERT Oracle Secure Coding Standard for Java^button_arrow_left.png!|04. Expressions (EXP)] [!The CERT Oracle Secure Coding Standard for Java^button_arrow_up.png!|04. Expressions (EXP)] [!The CERT Oracle Secure Coding Standard for Java^button_arrow_right.png!|EXP01-J. Do not compare String objects using equality or relational operators]
|