CWE-462 在关联列表中具有重复Key
Duplicate Key in Associative List (Alist)
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: Low
基本描述
Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.
扩展描述
A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 694 cwe_View_ID: 1000 cwe_Ordinal: Primary
适用平台
Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C#', 'cwe_Prevalence': 'Undetermined'}]
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | ['Quality Degradation', 'Varies by Context'] |
可能的缓解方案
Architecture and Design
策略:
Use a hash table instead of an alist.
Architecture and Design
策略:
Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry.
示例代码
例
The following code adds data to a list and then attempts to sort the data.
bad Python
while (foo()): #now assume there is a string data with a key basename
queue.sort()
Since basename is not necessarily unique, this may not sort how one would like it to be.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CLASP | Duplicate key in associative list (alist) | ||
| CERT C Secure Coding | ENV02-C | Beware of multiple environment variables with the same effective name |