测试版 Shoulder 目前处于测试阶段 — 结果有时可能不正确。您的反馈塑造我们接下来要修复的内容。 分享反馈
🔒

NULL Pointer Dereference

🛡️ 2 条规则检测到此问题

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL.

NULL pointer dereferences typically cause the application to crash. In some cases, they may be exploitable for denial of service or potentially for code execution.

普遍性
覆盖 2 种语言
影响
建议审查
预防
已记录
2 个修复示例
2 预防
2 预防

如何修复此漏洞

Unsafe Type Assertion Without Ok Check MEDIUM

Use the two-value form of type assertion or type switch to handle failures gracefully

+7 -3 go
- func processData(data interface{}) {
-     m := data.(map[string]interface{})
-     fmt.Println(m["key"])
+ func processData(data interface{}) error {
+     m, ok := data.(map[string]interface{})
+     if !ok {
+         return errors.New("invalid data type")
+     }
+     fmt.Println(m["key"])
+     return nil
  }
  
Non-Null Assertion Without Null Check LOW

Replace non-null assertions (!) with explicit null checks or optional chaining

+4 -2 javascript
  interface Config {
    database?: {
      host: string;
      port: number;
    };
  }
  
  function connect(config: Config) {
-   const host = config.database!.host;
-   const port = config.database!.port;
+   if (!config.database) {
+     throw new Error('Database configuration is required');
+   }
+   const { host, port } = config.database;
    return createConnection(host, port);
  }
  
3 检测
3 检测

查找代码中的漏洞

使用Shoulder扫描代码中的NULL Pointer Dereference模式。 2 规则.

终端
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=476

# Or scan entire project
npx @shoulderdev/cli trust .
4 警告信号
4 警告信号

代码审查中需要关注的内容

这些模式表明潜在的NULL Pointer Dereference漏洞。在代码审查和安全审计中注意查找。

🔵
Non-null assertion (!), used on '...' without explicit null/undefined check. This may cause runtime crashes if the value typescript-non-null-assertion
🔍

扫描你的代码库: NULL Pointer Dereference

Shoulder CLI 在整个代码库中找到易受攻击的模式。