CWE-476 NULL Pointer Dereference
What this means
SiteShadow flagged code paths where null/None/undefined values may be dereferenced without checks. In many systems this is "just" a crash, but in security contexts it can become a reliability or availability issue.
Why it matters
Null dereferences can crash services or expose unexpected behavior.
- Denial of service: attackers can trigger crashes repeatedly.
- Unexpected fallbacks: error handling can accidentally skip checks ("fail open").
- In native code, memory safety issues can sometimes be exploited beyond crashes.
Safer examples
1) Validate inputs and required fields early
Reject requests missing required fields (see CWE-20).
2) Use type-safe patterns
Use optional types and static analysis to force handling of missing values.
3) Fail closed on auth/security checks
If a value required for auth is missing, treat it as unauthorized, not "skip check."
How SiteShadow detects it (high level)
- Detects dereferences/field access on nullable values with missing guard checks.
- Prioritizes dereferences that happen in request-handling or auth/security-sensitive code paths.
References
- CWE-476: https://cwe.mitre.org/data/definitions/476.html
---