CWE-395
Use of NullPointerException Catch to Detect NULL Pointer Dereference
Draft
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Nazwa: Use of NullPointerException Catch to Detect NULL Pointer Dereference
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
Informacje ogólne
Sposoby wprowadzenia
ImplementationOdpowiednie platformy
Język
Name: Java (Undetermined)Typowe konsekwencje
| Zakres | Wpływ | Prawdopodobieństwo |
|---|---|---|
| Availability | DoS: Resource Consumption (CPU) |
Potencjalne środki zaradcze
Phases : Architecture and Design // ImplementationDo not extensively rely on catching exceptions (especially for validating user input) to handle errors. Handling exceptions can decrease the performance of an application.
Metody wykrywania
Automated Static Analysis - Binary or Bytecode
Skuteczność : SOAR PartialDynamic Analysis with Manual Results Interpretation
Skuteczność : SOAR PartialManual Static Analysis - Source Code
Skuteczność : SOAR PartialAutomated Static Analysis - Source Code
Skuteczność : HighArchitecture or Design Review
Skuteczność : HighUwagi dotyczące mapowania podatności
Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Odniesienia
REF-6
Seven Pernicious Kingdoms: A Taxonomy of Software Security ErrorsKatrina Tsipenyuk, Brian Chess, Gary McGraw.
https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf
REF-1479
State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and EvaluationGregory Larsen, E. Kenneth Hong Fong, David A. Wheeler, Rama S. Moorthy.
https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx
Zgłoszenie
| Nazwa | Organizacja | Data | Data wydania | Version |
|---|---|---|---|---|
| 7 Pernicious Kingdoms | Draft 3 |
Modyfikacje
| Nazwa | Organizacja | Data | Komentarz |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Other_Notes, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Other_Notes, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Description, Other_Notes | |
| CWE Content Team | MITRE | updated Detection_Factors, Relationships | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Detection_Factors, References | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
