CWE-230: Improper Handling of Missing Values

Description

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

This Android application has registered to handle a URL when sent an intent:


// ...// 
// ...// 


String URL = intent.getStringExtra("URLToOpen");int length = URL.length();
// ...// 
if("com.example.URLHandler.openURL".equals(intent.getAction())) {}@Overridepublic void onReceive(Context context, Intent intent) {}IntentFilter filter = new IntentFilter("com.example.URLHandler.openURL");MyReceiver receiver = new MyReceiver();registerReceiver(receiver, filter);public class UrlHandlerReceiver extends BroadcastReceiver {}

The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 23, 2024 2:39