CWE

Duplicate Key in Associative List (Alist)

ID: 462		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Base

Description

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

Extended Description

A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.

Likelihood of Exploit: Low

Applicable Platforms
Language: C
Language: C++
Language: Java
Language: .NET

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Scope	Technical Impact	Notes
Other	Quality degradation Varies by context

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design		Use a hash table instead of an alist.
Architecture and Design		Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry.

Relationships

Related CWE	Type	View	Chain
CWE-462 ChildOf CWE-907	Category	CWE-888

Demonstrative Examples   (Details)

1. The following code adds data to a list and then attempts to sort the data.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CLASP		Duplicate key in associative list (alist)
CERT C Secure Coding	ENV02-C	Beware of multiple environment variables with the same effective name
CERT C++ Secure Coding	ENV02-CPP	Beware of multiple environment variables with the same effective name

References:
None