CWE-228: Improper Handling of Syntactically Invalid Structure
Description
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
This Android application has registered to handle a URL when sent an intent: The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called.
// ...//
// ...//
String URL = intent.getStringExtra("URLToOpen");int length = URL.length();
// ...//
if("com.example.URLHandler.openURL".equals(intent.getAction())) {}@Overridepublic void onReceive(Context context, Intent intent) {}IntentFilter filter = new IntentFilter("com.example.URLHandler.openURL");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-229: Improper Handling of Values
CWE-233: Improper Handling of Parameters
CWE-237: Improper Handling of Structural Elements
CWE-241: Improper Handling of Unexpected Data Type
CWE-703: Improper Check or Handling of Exceptional Conditions
CWE-707: Improper Neutralization
Visit http://cwe.mitre.org/ for more details.