Abstract:The method Equals() in Program.cs can dereference a null pointer on

1. Abstract:
2.  
3. The method Equals() in Program.cs can dereference a null pointer on line 19, thereby raising a NullException.
4.  
5.  
6. Explanation:
7.  
8. Null pointer errors are usually the result of one or more programmer assumptions being violated.
9.  
10. In this case the variable can be null when it is dereferenced at line 19, thereby raising a NullException.
11.  
12. Most null pointer issues result in general software reliability problems, but if an attacker can intentionally trigger a null pointer dereference, the attacker may be able to use the resulting exception to bypass security logic or to cause the application to reveal debugging information that will be valuable in planning subsequent attacks.
13.  
14. Example 1: In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a null pointer exception when it attempts to call the Trim() method.
15.  
16.  
17. string cmd = null;
18. ...
19. cmd = Environment.GetEnvironmentVariable("cmd");
20. cmd = cmd.Trim();
21.  
22.  
23.  
24.  
25. Instance ID: CE307A60AE76EB68D6DA1A9EDEB8F21F
26.  
27. Priority Metadata Values:
28.  
29. IMPACT: 3.0
30.  
31. LIKELIHOOD: 0.8
32.  
33. Legacy Priority Metadata Values:
34.  
35. SEVERITY: 3.0
36.  
37. CONFIDENCE: 5.0