-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Create rule S6555: Null pointers should not be dereferenced (#1703)
- Loading branch information
1 parent
27f9347
commit 261d315
Showing
3 changed files
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| { | ||
| "title": "Null pointers should not be dereferenced", | ||
| "type": "BUG", | ||
| "status": "ready", | ||
| "remediation": { | ||
| "func": "Constant\/Issue", | ||
| "constantCost": "10min" | ||
| }, | ||
| "tags": [ | ||
| "cwe", | ||
| "cert", | ||
| "symbolic-execution" | ||
| ], | ||
| "extra": { | ||
| "replacementRules": [ | ||
|
|
||
| ], | ||
| "legacyKeys": [ | ||
|
|
||
| ] | ||
| }, | ||
| "defaultSeverity": "Major", | ||
| "ruleSpecification": "RSPEC-6555", | ||
| "sqKey": "S6555", | ||
| "scope": "Main", | ||
| "securityStandards": { | ||
| "CERT": [ | ||
| "EXP34-C.", | ||
| "EXP01-J." | ||
| ], | ||
| "CWE": [ | ||
| 476 | ||
| ] | ||
| }, | ||
| "defaultQualityProfiles": [], | ||
| "quickfix": "unknown" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| == Why is this an issue? | ||
|
|
||
| A reference to ``++null++`` should never be dereferenced/accessed. Doing so will cause a ``++NullPointerException++`` to be thrown. At best, such an exception will cause abrupt program termination. At worst, it could expose debugging information that would be useful to an attacker, or it could allow an attacker to bypass security measures. | ||
|
|
||
|
|
||
|
|
||
| === Noncompliant code example | ||
|
|
||
| [source,java] | ||
| ---- | ||
| @CheckForNull | ||
| String getName() { | ||
| boolean condition = getCondition(); | ||
| return condition ? "name" : null; | ||
| } | ||
| public boolean isNameEmpty() { | ||
| return getName().length() == 0; // Noncompliant; the result of getName() could be null, but isn't null-checked | ||
| } | ||
| ---- | ||
|
|
||
| [source,java] | ||
| ---- | ||
| void paint(Color color) { | ||
| if (color == null) { | ||
| System.out.println("Unable to apply color " + color.toString()); // Noncompliant; NullPointerException will be thrown | ||
| return; | ||
| } | ||
| ... | ||
| } | ||
| ---- | ||
|
|
||
| == Resources | ||
|
|
||
| * https://cwe.mitre.org/data/definitions/476[MITRE, CWE-476] - NULL Pointer Dereference | ||
| * https://wiki.sei.cmu.edu/confluence/x/QdcxBQ[CERT, EXP34-C.] - Do not dereference null pointers | ||
| * https://wiki.sei.cmu.edu/confluence/x/aDdGBQ[CERT, EXP01-J.] - Do not use a null in a case where an object is required | ||
|
|
||
| ifdef::env-github,rspecator-view[] | ||
|
|
||
| ''' | ||
| == Implementation Specification | ||
| (visible only on this page) | ||
|
|
||
| === Message | ||
|
|
||
| * Fix this access on a value that can be null | ||
|
|
||
| ''' | ||
| endif::env-github,rspecator-view[] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| { | ||
| } |