Duplicate Key in Associative List (Alist)ID: 462 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: INCOMPLETE |
Abstraction Type: Base |
Description
Duplicate keys in associative lists can lead to non-unique keys
being mistaken for an error.
Extended DescriptionA duplicate key entry -- if the alist is designed properly -- could be
used as a constant time replace function. However, duplicate key entries
could be inserted by mistake. Because of this ambiguity, duplicate key
entries in an association list are not recommended and should not be
allowed.
Likelihood of Exploit: Low
Applicable PlatformsLanguage: CLanguage: C++Language: JavaLanguage: .NET
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | Quality degradationVaries by context | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Architecture and Design | | Use a hash table instead of an alist. | | |
Architecture and Design | | Use an alist which checks the uniqueness of hash keys with each entry
before inserting the entry. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-462 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following code adds data to a list and then attempts to sort the
data.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CLASP | | Duplicate key in associative list (alist) | |
CERT C Secure Coding | ENV02-C | Beware of multiple environment variables with the same
effective name | |
CERT C++ Secure Coding | ENV02-CPP | Beware of multiple environment variables with the same
effective name | |
References:None