SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2024.2

Sometimes null is returned intentionally to account for zero available instancesSome APIs intentionally return a null reference to indicate that instances are unavailable. This practice can lead to denial-of-service vulnerabilities when the client code does not fails to explicitly handle the null return case.

Non-Compliant Code Example

value case. A null value is an example of an in-band error indicator, which is discouraged by ERR52-J. Avoid in-band error indicators. For methods that return a set of values using an array or collection, returning an empty array or collection is an excellent alternative to returning a null value, as most callers are better equipped to handle and empty set than a null value.

Noncompliant Code Example

This noncompliant code example returns a null ArrayList when the size of the ArrayList is 0. The class Inventory contains a getStock() method that constructs a list of items that have 0 inventory and returns the list of items to the caller. The erroneous behavior is caused due to the server returning null while the client forgets to add in a check for such a value. This non-compliant example shows how the check item != null condition is missing from the if condition in class Client.

Code Block
bgColor#FFCCCC

class Inventory {
  private final static int[] itemHashtable<String, Integer> items;
    public Inventory() {
    itemitems = new int[20]Hashtable<String, Integer>();	
  }

  public static int[] getStock() { List<String> getStock() {
    List<String> stock = new ArrayList<String>();
    Enumeration itemKeys = items.keys();
    while (itemKeys.hasMoreElements()) {
      Object value = itemKeys.nextElement();
      if((items.get(value)) == 0) {  		
        stock.add((String)value);	 
      }
    }
    
    if(itemitems.lengthsize() == 0) {	
      return null;
    } else {
      return item;stock;
    }	
  }
}

  public class Client {
    public static void main(String[] args) {
      Inventory ivinv = new Inventory();
  
    List<String> items int[] item = Inventoryinv.getStock();
	  if (Arrays.asList(item[1]).contains(1)) {
	    System.out.println("Almost out of stock!" + item(items.size());
	  }
    }
}

Compliant Solution

Wiki Markup
This compliant solution eliminates the {{null}} return and simply returns the {{item}} array as is even if it is zero-length. The client can effectively handle this situation without exhibiting erroneous behavior. Be careful that the client does not try to access individual elements of a zero-length array such as {{item\[1\]}} while following this recommendation.

}

When the size of this list is 0, a null value is returned with the assumption that the client will install the necessary checks. In this code example, the client lacks any null value check, causing a NullPointerException at runtime.

Compliant Solution

Instead of returning a null value, this compliant solution simply returns the List, even when it is empty. 

Code Block
bgColor#ccccff
class Inventory {
  private final Hashtable<String, Integer> items;
  public Inventory() {
    items = new Hashtable<String, Integer>();	
  }

  public List<String> getStock() {
    List<String> stock = new ArrayList<String>();
    Integer noOfItems; // Number of items left in the inventory
    Enumeration itemKeys = items.keys();
    while (itemKeys.hasMoreElements()
Code Block
bgColor#ccccff

class Inventory {
  private static int[] item;
    public Inventory() {
    item  Object value = new int[20];
    item[2] = 1;  //quantity of item 2 remaining is 1, almost out! 
  }

  public static int[] getStock() {itemKeys.nextElement();
		
      if((noOfItems = items.get(value)) == 0) {  		
        stock.add((String)value);	 
      }
    }	
    return item;stock; // Return list (possibly zero-length)
  }
}

public class Client {
  public static void main(String[] args) {
    Inventory ivinv = new Inventory();  
    int[]List<String> itemitems = Inventoryinv.getStock();
    if (Arrays.asList(item[1]).contains(1System.out.println(items.size());
  }
}

The client can handle this situation effectively without being interrupted by runtime exceptions. When returning arrays rather than collections, ensure that the client avoids attempts to access individual elements of a zero-length array. This prevents an ArrayOutOfBoundsException from being thrown.

Compliant Solution

This compliant solution returns an explicit empty list, which is an equivalent, permissible technique.

Code Block
bgColor#ccccff
public List<String> getStock() {
  List<String> stock = new ArrayList<String>();
  Integer noOfItems; // Number of items left in the inventory
  Enumeration itemKeys = items.keys();
  while (itemKeys.hasMoreElements()) {
    Object value = System.out.println("Almost out of stock!" + item);
    }itemKeys.nextElement();
		
    if((noOfItems = items.get(value)) == 0) {  		
      stock.add((String)value);	 
    }
  }	
  
  if(l.isEmpty()) {
    return Collections.EMPTY_LIST; // Always zero-length
  } else {
    return stock; // Return list 
  }
}

// Class Client ...

Applicability

Returning a null value rather than a zero-length array or collection may lead to denial-of-service vulnerabilities when the client code fails to handle null return values properly.

Automatic detection is straightforward; fixing the problem typically requires programmer intervention.

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.MET55.COLNULLReturn empty arrays and collections instead of null
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1168


Bibliography

[Bloch 2008]Item 43, "Return Empty Arrays or Collections, Not Nulls"


...

Image Added Image Added Image Added