界: Code Quality
代码质量不佳会导致不可预测的行为。对于用户来说,通常表现为可用性差。对于攻击者来说,提供了以意外方式对系统施加压力的机会。
Redundant Null Check
Abstract
该程序可能会间接引用一个 null 指针,从而造成分段故障。
Explanation
如果不符合程序员的一个或多个假设,则通常会出现 null 指针异常。此问题至少有三种类型:check-after-dereference、dereference-after-check 和 dereference-after-store。如果程序在检查可能为
大多数 null 指针问题会导致一般软件可靠性问题,但如果攻击者可能有意触发 null 指针间接引用,他们可以使用生成的异常绕过安全逻辑以发动拒绝服务攻击,或使应用程序显示调试信息,这些信息在规划后续攻击时十分有用。
示例 1:在以下代码中,程序员会确认对象
null 的指针是否为 null 之前间接引用该指针,则会发生 check-after-dereference 错误。如果程序明确检查过 null,并确定该指针为 null,但仍继续间接引用该指针,则会出现 dereference-after-check 错误。此类错误通常是由于错别字或程序员疏忽造成的。如果程序明确将指针设置为 null,但稍后却间接引用该指针,则将出现 dereference-after-store 错误。此错误通常是因为程序员在声明变量时将该变量初始化为 null 所致。大多数 null 指针问题会导致一般软件可靠性问题,但如果攻击者可能有意触发 null 指针间接引用,他们可以使用生成的异常绕过安全逻辑以发动拒绝服务攻击,或使应用程序显示调试信息,这些信息在规划后续攻击时十分有用。
示例 1:在以下代码中,程序员会确认对象
foo 为 null,然后错误地对其进行间接引用。如果在 if 语句中检查 foo 时其为 null,则会发生 null 间接引用,从而导致 null 指针异常。示例 2:在下列代码中,程序员假设变量
if (foo is null) {
foo.SetBar(val);
...
}
foo 不是 null,并通过间接引用该对象来确认此假设。但是,程序员稍后通过检查 foo 是否为 null 发现事实与该假设相反。如果在 if 指令中检查时发现 foo 可能是 null,则在间接引用它时可能也为 null,并可能引起 null 指针异常。间接引用不安全,或者无需后续检查。示例 3:在下列代码中,程序员会将变量
foo.SetBar(val);
...
if (foo is not null) {
...
}
foo 明确设置为 null。之后,程序员会间接引用 foo,而未检查对象是否为 null 值。
Foo foo = null;
...
foo.SetBar(val);
...
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 476
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [14] CWE ID 476
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [13] CWE ID 476
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [15] CWE ID 476
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [11] CWE ID 476
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [12] CWE ID 476
[7] Standards Mapping - Common Weakness Enumeration Top 25 2024 [21] CWE ID 476
[8] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[12] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[13] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[14] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.dotnet.redundant_null_check
Abstract
该程序可能会间接引用一个 null 指针,从而造成分段故障。
Explanation
如果不符合程序员的一个或多个假设,则通常会出现 null 指针异常。此问题至少有三种类型:check-after-dereference、dereference-after-check 和 dereference-after-store。如果程序在检查可能为
大多数 null 指针问题会导致一般软件可靠性问题,但如果攻击者可能有意触发 null 指针间接引用,他们可以使用生成的异常绕过安全逻辑以发动拒绝服务攻击,或使应用程序显示调试信息,这些信息在规划后续攻击时十分有用。
示例 1:在下列代码中,程序员假设变量
null 的指针是否为 null 之前间接引用该指针,则会发生 check-after-dereference 错误。如果程序明确检查过 null,并确定该指针为 null,但仍继续间接引用该指针,则会出现 dereference-after-check 错误。此类错误通常是由于错别字或程序员疏忽造成的。如果程序明确将指针设置为 null,但稍后却间接引用该指针,则将出现 dereference-after-store 错误。此错误通常是因为程序员在声明变量时将该变量初始化为 null 所致。大多数 null 指针问题会导致一般软件可靠性问题,但如果攻击者可能有意触发 null 指针间接引用,他们可以使用生成的异常绕过安全逻辑以发动拒绝服务攻击,或使应用程序显示调试信息,这些信息在规划后续攻击时十分有用。
示例 1:在下列代码中,程序员假设变量
ptr 不是 NULL。当程序员间接引用该指针时,这个假设就会清晰的体现出来。当程序员检查 ptr 是否为 NULL 时,就会与该假设发生矛盾。当在 if 语句中检查时,如果 ptr 可以为 NULL,则在其间接引用时也将为 NULL,并引起 segmentation fault。示例 2:在下列代码中,程序员会确认变量
ptr->field = val;
...
if (ptr != NULL) {
...
}
ptr 为 NULL,然后错误地对其进行间接引用。如果在 if 语句中检查 ptr 时其为 NULL,则会发生 null dereference,从而导致分段故障。示例 3:在下列代码中,程序员忘记了字符串
if (ptr == null) {
ptr->field = val;
...
}
'\0' 实际上为 0 还是 NULL,从而间接引用 null 指针并引发分段故障。示例 4:在下列代码中,程序员会将变量
if (ptr == '\0') {
*ptr = val;
...
}
ptr 明确设置为 NULL。之后,程序员会间接引用 ptr,而未检查对象是否为 null 值。
*ptr = NULL;
...
ptr->field = val;
...
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 476
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [14] CWE ID 476
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [13] CWE ID 476
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [15] CWE ID 476
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [11] CWE ID 476
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [12] CWE ID 476
[7] Standards Mapping - Common Weakness Enumeration Top 25 2024 [21] CWE ID 476
[8] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[12] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[13] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[14] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.controlflow.cpp.redundant_null_check
Abstract
该程序可能会间接引用一个 null 指针,从而引起 null 指针异常。
Explanation
如果不符合程序员的一个或多个假设,则通常会出现 null 指针异常。具体来说,如果程序明确检查过
大部分 null 指针问题会导致出现一般的软件可靠性问题,但如果攻击者可以故意使程序间接引用 null 指针,那么他们可能就会利用引发的异常发动 denial of service 攻击,或使应用程序泄漏调试信息,这些信息对于他们制定接下来的攻击计划是十分有价值的。
示例 1:在下列代码中,程序员会确认变量
null,并确定该指针为 null,但仍继续间接引用该对象,则会出现 dereference-after-check 错误。此类错误通常是由于错别字或程序员疏忽造成的。大部分 null 指针问题会导致出现一般的软件可靠性问题,但如果攻击者可以故意使程序间接引用 null 指针,那么他们可能就会利用引发的异常发动 denial of service 攻击,或使应用程序泄漏调试信息,这些信息对于他们制定接下来的攻击计划是十分有价值的。
示例 1:在下列代码中,程序员会确认变量
foo 为 null,然后错误地对其进行间接引用。如果在 if 语句中检查 foo 时其为 null,则会发生 null dereference,从而导致 null 指针异常。
if (foo == null) {
foo.setBar(val);
...
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 476
[2] Standards Mapping - Common Weakness Enumeration Top 25 2019 [14] CWE ID 476
[3] Standards Mapping - Common Weakness Enumeration Top 25 2020 [13] CWE ID 476
[4] Standards Mapping - Common Weakness Enumeration Top 25 2021 [15] CWE ID 476
[5] Standards Mapping - Common Weakness Enumeration Top 25 2022 [11] CWE ID 476
[6] Standards Mapping - Common Weakness Enumeration Top 25 2023 [12] CWE ID 476
[7] Standards Mapping - Common Weakness Enumeration Top 25 2024 [21] CWE ID 476
[8] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001094
[9] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-5 Denial of Service Protection (P1)
[10] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-5 Denial of Service Protection
[11] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[12] Standards Mapping - OWASP Top 10 2004 A9 Application Denial of Service
[13] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.9
[14] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP6080 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP6080 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP6080 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP6080 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP6080 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP6080 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP6080 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002400 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002400 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002400 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002400 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002400 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002400 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002400 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002400 CAT II
[29] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002400 CAT II
[30] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002400 CAT II
[31] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002400 CAT II
[32] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002400 CAT II
[33] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002400 CAT II
[34] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002400 CAT II
[35] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002400 CAT II
[36] Standards Mapping - Web Application Security Consortium Version 2.00 Denial of Service (WASC-10)
[37] Standards Mapping - Web Application Security Consortium 24 + 2 Denial of Service
desc.internal.java.null_dereference_dereference_after_check