Duplicate key in associative list (alist)

From OWASP

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Overview

Associative lists should always have unique keys, since having non-unique keys can often be mistaken for an error.

Consequences

Unspecified.

Exposure period

Design: The use of a safe data structure could be used.

Platform

Languages: Although alists generally are used only in languages like Common Lisp - due to the functionality overlap with hash tables - an alist could appear in a language like C or C++.

Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Low

Avoidance and mitigation

Design: Use a hash table instead of an alist.

Design: Use an alist which checks the uniqueness of hash keys with each entry before inserting the entry.

Discussion

A duplicate key entry - if the alist is designed properly - could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an association list are not recommended and should not be allowed.

Examples

In Python:

alist = []
while (foo()):
  #now assume there is a string data with a key basename
  queue.append(basename,data)
queue.sort()

Since basename is not necessarily unique, this may not sort how one would like it to be.

Related problems

Not available.

Retrieved from "http://www.owasp.org/index.php/Duplicate_key_in_associative_list_%28alist%29"

Categories: OWASP ASDR Project | OWASP Honeycomb Project | Vulnerability | General Logic Error Vulnerability | OWASP CLASP Project

Views

Personal tools

Log in / create account

Reference

search

Toolbox