BETA Shoulder is in beta — Findings may sometimes be wrong. Your feedback shapes what we fix next. Share feedback
Shoulder.dev

Understand what every change actually did to your system.
🔒

NULL Pointer Dereference

🛡️ 2 rules detect this

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL.

NULL pointer dereferences typically cause the application to crash. In some cases, they may be exploitable for denial of service or potentially for code execution.

Prevalence
Medium
2 languages covered
Impact
Medium
Review recommended
Prevention
Documented
2 fix examples
2 Prevention
2 Prevention

How to fix this vulnerability

🐹 Go View all Go details →
Unsafe Type Assertion Without Ok Check MEDIUM

Use the two-value form of type assertion or type switch to handle failures gracefully

+7 -3 go 
- func processData(data interface{}) {
-     m := data.(map[string]interface{})
-     fmt.Println(m["key"])
+ func processData(data interface{}) error {
+     m, ok := data.(map[string]interface{})
+     if !ok {
+         return errors.New("invalid data type")
+     }
+     fmt.Println(m["key"])
+     return nil
  }
🟨 JavaScript View all JavaScript details →
Non-Null Assertion Without Null Check LOW

Replace non-null assertions (!) with explicit null checks or optional chaining

+4 -2 javascript 
  interface Config {
    database?: {
      host: string;
      port: number;
    };
  }
  
  function connect(config: Config) {
-   const host = config.database!.host;
-   const port = config.database!.port;
+   if (!config.database) {
+     throw new Error('Database configuration is required');
+   }
+   const { host, port } = config.database;
    return createConnection(host, port);
  }
3 Detection
3 Detection

Find vulnerabilities in your code

Use Shoulder to scan your codebase for NULL Pointer Dereference patterns. 2 rules.

terminal
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=476

# Or scan entire project
npx @shoulderdev/cli trust .

Detection Rules (2)

4 Warning Signs
4 Warning Signs

What to watch for in code reviews

These patterns indicate potential NULL Pointer Dereference vulnerabilities. Look for these during code reviews and security audits.

🔵
Non-null assertion (!), used on '...' without explicit null/undefined check. This may cause runtime crashes if the value typescript-non-null-assertion
🔍

Scan your codebase for NULL Pointer Dereference

Shoulder CLI finds vulnerable patterns across your entire codebase.

npx shoulder trust Browse all rules