AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Ignoring Method Return Values

Error conditions might be ignored producing unstable software state

Severity

Low

Fix Cost

Low

Trust Level

High

Sometimes methods have return values that denote error conditions, success or failures. Not checking these values upon return is like not handling exceptions. Failures might result of critical errors and should be handled correctly. Otherwise the application continues to run in an unstable state leaving itself vulnerable to further attacks.

            
                public void ProcessCart(Transaction transaction)
{
   if(transaction.IsValid())
   {
      ProcessTransaction(transaction);
   }
   else
   {
      // return with error
   }
}

protected bool ProcessTransaction(Transaction trx)
{
 if(process(trx))
 {
   return true;
 }
 
 return false;
}
                 
            

Sometimes methods have return values that denote error conditions, success or failures. Not checking these values upon return is like not handling exceptions. Failures might result of critical errors and should be handled correctly. Otherwise the application continues to run in an unstable state leaving itself vulnerable to further attacks.

            
public void processCart(Transaction transaction)
{
if(transaction.IsValid())
{
processTransaction(transaction);
}
else
{
// return with error
}
}

protected boolean processTransaction(Transaction trx)
{
if(process(trx))
{
return true;
}
 
return false;
}
                 
            

Sometimes methods have return values that denote error conditions, success or failures. Not checking these values upon return is like not handling exceptions. Failures might result of critical errors and should be handled correctly. Otherwise the application continues to run in an unstable state leaving itself vulnerable to further attacks.

            
public void processCart(Transaction transaction)
{
if(transaction.IsValid())
{
processTransaction(transaction);
}
else
{
// return with error
}
}

protected boolean processTransaction(Transaction trx)
{
if(process(trx))
{
return true;
}
 
return false;
}
                 
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!