NULL Pointer Dereference (CWE-476) - Security Vulnerability

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL.

NULL pointer dereferences typically cause the application to crash. In some cases, they may be exploitable for denial of service or potentially for code execution.

Verbreitung

Mittel

2 Sprachen abgedeckt

Auswirkung

Mittel

Review empfohlen

Prävention

Dokumentiert

2 Fix-Beispiele

2 Prävention

So behebst du diese Schwachstelle

🐹 Go Alle anzeigen Go Details →

Unsafe Type Assertion Without Ok Check MEDIUM

Use the two-value form of type assertion or type switch to handle failures gracefully

+7 -3 go

- func processData(data interface{}) {
-     m := data.(map[string]interface{})
-     fmt.Println(m["key"])
+ func processData(data interface{}) error {
+     m, ok := data.(map[string]interface{})
+     if !ok {
+         return errors.New("invalid data type")
+     }
+     fmt.Println(m["key"])
+     return nil
  }

🟨 JavaScript Alle anzeigen JavaScript Details →

Non-Null Assertion Without Null Check LOW

Replace non-null assertions (!) with explicit null checks or optional chaining

+4 -2 javascript

  interface Config {
    database?: {
      host: string;
      port: number;
    };
  }
  
  function connect(config: Config) {
-   const host = config.database!.host;
-   const port = config.database!.port;
+   if (!config.database) {
+     throw new Error('Database configuration is required');
+   }
+   const { host, port } = config.database;
    return createConnection(host, port);
  }

3 Erkennung

Finden Sie Schwachstellen in Ihrem Code

Verwenden Sie Shoulder, um Ihren Code nach NULL Pointer Dereference-Mustern zu scannen. 2 Regeln.

Terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=476

# Or scan entire project
npx @shoulderdev/cli trust .

Erkennungsregeln (2)

🐹 Go 1 rules

Unsafe Type Assertion Without Ok Check MEDIUM

Type assertion without two-value form can panic at runtime.

🔷 Typescript 1 rules

Non-Null Assertion Without Null Check LOW

The non-null assertion operator (!) bypasses null/undefined checks at compile time without runtime safety, causing crashes when values are unexpectedly null.

4 Warnzeichen

Worauf bei Code-Reviews zu achten ist

Diese Muster weisen auf potenzielle NULL Pointer Dereference-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.

🔵

Non-null assertion (!), used on '...' without explicit null/undefined check. This may cause runtime crashes if the value typescript-non-null-assertion

🔍

Scanne deine Codebasis nach NULL Pointer Dereference

Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.

npx shoulder trust Alle Regeln durchsuchen