Duplicate Key in Associative List (Alist)

Incomplete Variant

Structure: Simple

Description

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

Extended Description

A duplicate key entry -- if the alist is designed properly -- could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.

Common Consequences 1

Scope: Other

Impact: Quality DegradationVaries by Context

Potential Mitigations 2

Phase: Architecture and Design

Use a hash table instead of an alist.

Phase: Architecture and Design

Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry.

Demonstrative Examples 1

The following code adds data to a list and then attempts to sort the data.

Code Example:Bad
Python
python

Since basename is not necessarily unique, this may not sort how one would like it to be.

References 1

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

Likelihood of Exploit

Low

Applicable Platforms

Languages:

C : UndeterminedC++ : UndeterminedJava : UndeterminedC# : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Use of Multiple Resources with Duplicate Identifier (CWE-694)

Taxonomy Mapping

CLASP
CERT C Secure Coding