CodeQL documentation

Property access on null or undefined

ID: js/property-access-on-non-object
Kind: problem
Security severity: 
Severity: error
Precision: high
Tags:
   - correctness
   - external/cwe/cwe-476
Query suites:
   - javascript-security-and-quality.qls

Click to see the query in the CodeQL repository

Attempting to read or write a property of null or undefined will cause an exception at runtime.

Recommendation

Carefully inspect the property access in question. If the problem was not detected during testing, this could either be because it is in dead code, or because it is not covered by a test. In the former case, delete the dead code in question. In the latter case, consider adding a new test.

Example

In the following example, function f declares a variable result, then invokes another function computeInterestingResult (not shown) and stores the result in res, and finally returns result.value. Since result has not been initialized, it will still have its default value undefined, causing a runtime exception.

function f() {
  var result;
  res = computeInterestingResult();
  return result.value;
}

The assignment to res is presumably a typo; instead, it should be assigned to result:

function f() {
  var result;
  result = computeInterestingResult();
  return result.value;
}

References

  • © GitHub, Inc.
  • Terms
  • Privacy