RI.IGNOREDCALL

An RI.IGNOREDCALL error appears if there is a call to a method for an immutable class. The method has side effects, and its result is not assigned to a variable (it is just ignored). This can happen because programming assumes a different API when a function modifies the value of its class. The methods that Klocwork looks for are:

• any method of String class that returns String
• method toString() from StringBuffer class
• any method of InetAddress, BigInteger, BigDecimal classes
• method digest(byte[]) from MessageDigest class

Vulnerability and risk

Misunderstanding of method behavior will cause flaws in application logic.

Mitigation and prevention

Store the value return by the method, for example a=a.trim().

Example 1

13     public void write(String indent, Writer writer) {
14         String description = getDescription();
15         if (description != null)
16             description.trim();
17         // ...
18         // write it
19     }

RI.IGNOREDCALL is reported for line 16: The value returned by 'java.lang.String.trim()' is ignored.

External guidance

• CWE-391: Unchecked Error Condition
• STIG-ID:APP3120 Application has error handling vulnerabilities

Security training

Application security training materials provided by Secure Code Warrior.

• Dos Uncaught Errors Training Video - Test your skills with a training example