NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL.
NULL pointer dereferences typically cause the application to crash. In some cases, they may be exploitable for denial of service or potentially for code execution.
普遍性
中
覆盖 2 种语言
影响
中
建议审查
预防
已记录
2 个修复示例
2 预防
2 预防
如何修复此漏洞
Go
查看全部 Go 详情 →
Unsafe Type Assertion Without Ok Check
MEDIUM
Use the two-value form of type assertion or type switch to handle failures gracefully
- func processData(data interface{}) { - m := data.(map[string]interface{}) - fmt.Println(m["key"]) + func processData(data interface{}) error { + m, ok := data.(map[string]interface{}) + if !ok { + return errors.New("invalid data type") + } + fmt.Println(m["key"]) + return nil }
JavaScript
查看全部 JavaScript 详情 →
Non-Null Assertion Without Null Check
LOW
Replace non-null assertions (!) with explicit null checks or optional chaining
interface Config { database?: { host: string; port: number; }; } function connect(config: Config) { - const host = config.database!.host; - const port = config.database!.port; + if (!config.database) { + throw new Error('Database configuration is required'); + } + const { host, port } = config.database; return createConnection(host, port); }
3 检测
3 检测
查找代码中的漏洞
使用Shoulder扫描代码中的NULL Pointer Dereference模式。 2 规则.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=476 # Or scan entire project npx @shoulderdev/cli trust .
检测规则 (2)
🐹
Go
1 rules
4 警告信号
4 警告信号
代码审查中需要关注的内容
这些模式表明潜在的NULL Pointer Dereference漏洞。在代码审查和安全审计中注意查找。
Non-null assertion (!), used on '...' without explicit null/undefined check. This may cause runtime crashes if the value
typescript-non-null-assertion