Container contents are never initialized¶
ID: java/empty-containerKind: problemSecurity severity: Severity: errorPrecision: very-highTags: - quality - reliability - correctness - external/cwe/cwe-561Query suites: - java-security-and-quality.qls
Click to see the query in the CodeQL repository
A method that queries the contents of a collection or map (such ascontainsKey orisEmpty) is invoked on an object that is known to be empty. Such method calls do not return interesting results, and may indicate missing code or a logic error.
Recommendation¶
Either remove the collection/map if it is unnecessary, or ensure that it contains the elements it was meant to contain.
Example¶
The following example code iterates over an array of objects to determine whether it contains duplicate elements. It maintains a collectionseen, which is intended to contain all the elements seen so far in traversing the array. If the current element is already contained in that collection then the method returnstrue, indicating that a duplicate has been found.
Note, however, that no elements are ever actually added toseen, so the method always returnsfalse.
booleancontainsDuplicates(Object[]array){java.util.Set<Object>seen=newjava.util.HashSet<Object>();for(Objecto:array){if(seen.contains(o))returntrue;}returnfalse;}
To fix this problem, a statementseen.add(o); should be added to the end of the loop body to ensure thatseen is correctly maintained.
References¶
Java API Specification:Collection,Map.
Common Weakness Enumeration:CWE-561.