Ignored error status of call¶
ID: java/ignored-error-status-of-callKind: problemSecurity severity: Severity: recommendationPrecision: highTags: - quality - reliability - error-handling - external/cwe/cwe-391Query suites: - java-code-quality.qls - java-security-and-quality.qls
Click to see the query in the CodeQL repository
Many methods in the Java Development Kit (for examples, see the references below) return status values (for example, as anint) to indicate whether the method execution finished normally. They may return an error code if the method did not finish normally. If the method result is not checked, exceptional method executions may cause subsequent code to fail.
Recommendation¶
You should insert additional code to check the return value and take appropriate action.
Example¶
The following example uses thejava.io.InputStream.read method to read 16 bytes from an input stream and store them in an array. However,read may not actually be able to read as many bytes as requested, for example because the stream is exhausted. Therefore, the code should not simply rely on the arrayb being filled with precisely 16 bytes from the input stream. Instead, the code should check the method’s return value, which indicates the number of bytes actually read.
java.io.InputStreamis=(...);byte[]b=newbyte[16];is.read(b);
References¶
SEI CERT Oracle Coding Standard for Java: EXP00-J. Do not ignore values returned by methods.
Java API Specification: java.util.Queue.offer.
Java API Specification: java.util.concurrent.BlockingQueue.offer.
Java API Specification, java.util.concurrent.locks.Condition: await, awaitUntil, awaitNanos.
Java API Specification, java.io.File: createNewFile, delete, mkdir, renameTo, setLastModified, setReadOnly, setWritable(boolean), setWritable(boolean, boolean).
Java API Specification, java.io.InputStream: skip, read(byte[]), read(byte[], int, int).
Common Weakness Enumeration:CWE-391.