java 如何避免 Fortify 中的误报“Null Dereference”错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12898142/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to avoid false positive "Null Dereference" error in Fortify
提问by Duccio Fabbri
I'm using "HP Fortify v3.50" on a java project and I find lots of false positive on "Null Dereference", because Fortify doesn't see the control against null is in another method. How can I reduce false positives and maintain the rule?
我在一个 java 项目中使用“HP Fortify v3.50”,我发现“Null Dereference”有很多误报,因为 Fortify 没有看到对 null 的控制是在另一种方法中。如何减少误报并维护规则?
Here is a POC
这是一个 POC
public class MyClass {
public static void main(String[] args) {
String string01 = null;
String string02 = null;
int i;
if (args[0].equals("A")) {
string01 = "X";
string02 = "Y";
}
if (!isNull(string02)){
i = string02.length();} //False Positive
else {
i = string02.length();
} // Yes, it is an error!
}
public static boolean isNull(Object toBeTested){
return (null == toBeTested);
}
}
Result:
结果:
[E8837DB548E01DB5794FA71F3D5F51C8 : medium : Null Dereference : controlflow ]
MyClass.java(13) : Assigned null : string02
MyClass.java(16) : Branch not taken: (!args[0].equals("A"))
MyClass.java(20) : Branch taken: (!isNull(string02)) //False Positive
MyClass.java(21) : Dereferenced : string02
[E8837DB548E01DB5794FA71F3D5F51C9 : medium : Null Dereference : controlflow ]
MyClass.java(13) : Assigned null : string02
MyClass.java(16) : Branch not taken: (!args[0].equals("A"))
MyClass.java(20) : Branch not taken: isNull(string02)
MyClass.java(23) : Dereferenced : string02
回答by lavamunky
This looks more like an SCA issue that you should take to their support team. Alternatively just audit it as not an issue. This isn't something that can be fixed with a custom rule.
这看起来更像是一个 SCA 问题,您应该将其提交给他们的支持团队。或者只是将其审核为不是问题。这不是可以通过自定义规则解决的问题。
回答by WaltHouser
Dereferencing a null pointer or entering an infinite loop could enable a denial-of-service attack, but it could also create the conditions necessary for an attacker to take advantage of some poorly thought-out error handling code.
取消引用空指针或进入无限循环可能会导致拒绝服务攻击,但它也可能为攻击者利用一些经过深思熟虑的错误处理代码创造必要的条件。
See https://cwe.mitre.org/data/definitions/476.htmland https://www.owasp.org/index.php/Null_Dereference
见https://cwe.mitre.org/data/definitions/476.html和https://www.owasp.org/index.php/Null_Dereference
