...
| Code Block | ||
|---|---|---|
| ||
private Object myState = null;
// Sets some internal state in the library
void setfile(Object state) {
if (state == null) {
// Handle null state
}
// Defensive copy here when state is mutable
if (isInvalidState(state)) {
// Handle invalid state
}
myState = state;
}
// Performs some action using the state passed earlier
void useState() {
if (myState == null) {
// Handle no state (e.g. null) condition
}
// ...
}
|
Exceptions
MET01MET00-EX0: Parameter validation inside a method may be omitted when the stated contract of a method requires that the caller must validate arguments passed to the method. In this case, the validation must be performed by the caller for all invocations of the method.
MET01MET00-EX1: Parameter validation may be omitted for parameters whose type adequately constrains the state of the parameter. This constraint should be clearly documented in the code.
...
| Code Block | ||
|---|---|---|
| ||
public int product(int x, int y) {
long result = (long) x * y;
if (result < Integer.MIN_VALUE || result > Integer.MAX_VALUE) {
// handle error
}
return (int) result;
}
|
MET01MET00-EX2: Complete validation of all parameters of all methods may introduce added cost and complexity that exceeds its value for all but the most critical code. See, for example, NUM00-J. Detect or prevent integer overflow exception NUM00-EX2. In such cases, consider parameter validation at API boundaries, especially those that may involve interaction with untrusted code.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MET01MET00-J | high | likely | high | P9 | L2 |
Related Vulnerabilities
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7cb58d36d7438b9d-4c74d48d-44b8468d-94c6b725-8af6646659b6c76b259f8dcf"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 38: Check parameters for validity | ]]></ac:plain-text-body></ac:structured-macro> |
...