CWE-462: Duplicate Key in Associative List (Alist)

Description

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

Extended Description

A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Impact: Quality Degradation, Varies by Context — Notes:

Potential Mitigations

Architecture and Design: Use a hash table instead of an alist. (N/A)
Architecture and Design: Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry. (N/A)

Applicable Platforms

C (N/A, Undetermined)
C++ (N/A, Undetermined)
Java (N/A, Undetermined)
C# (N/A, Undetermined)

Demonstrative Examples

Intro: The following code adds data to a list and then attempts to sort the data.

Body: Since basename is not necessarily unique, this may not sort how one would like it to be.

alist = [] while (foo()): #now assume there is a string data with a key basename queue.append(basename,data) queue.sort()

Notes

No notes available.

← Back to CWE list