Description
Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.
A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.
Potential Impact
Other
Quality Degradation, Varies by Context
Demonstrative Examples
alist = []while (foo()): #now assume there is a string data with a key basenamequeue.append(basename,data)queue.sort()Mitigations & Prevention
Use a hash table instead of an alist.
Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry.
Related Weaknesses
Taxonomy Mappings
- CLASP: — Duplicate key in associative list (alist)
- CERT C Secure Coding: ENV02-C — Beware of multiple environment variables with the same effective name
Frequently Asked Questions
What is CWE-462?
CWE-462 (Duplicate Key in Associative List (Alist)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.
How can CWE-462 be exploited?
Attackers can exploit CWE-462 (Duplicate Key in Associative List (Alist)) to quality degradation, varies by context. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-462?
Key mitigations include: Use a hash table instead of an alist.
What is the severity of CWE-462?
CWE-462 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.