CWE-232 未定义值处理不恰当

Improper Handling of Undefined Values

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown


The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.


  • cwe_Nature: ChildOf cwe_CWE_ID: 229 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 229 cwe_View_ID: 699 cwe_Ordinal: Primary


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
Integrity Unexpected State


In this example, an address parameter is read and trimmed of whitespace.

bad Java

String address = request.getParameter("address");
address = address.trim();
String updateString = "UPDATE shippingInfo SET address='?' WHERE email=''";
emailAddress = con.prepareStatement(updateString);
emailAddress.setString(1, address);

If the value of the address parameter is null (undefined), the servlet will throw a NullPointerException when the trim() is attempted.


标识 说明 链接


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Undefined Value Error
The CERT Oracle Secure Coding Standard for Java (2011) ERR08-J Do not catch NullPointerException or any of its ancestors