RI.IGNOREDCALL

An RI.IGNOREDCALL error appears if there is a call to a method for an immutable class. The method has side effects, and its result is not assigned to a variable (it is just ignored). This can happen because programming assumes a different API when a function modifies the value of its class. The methods that Klocwork looks for are:

• any method of String class that returns String
• method toString() from StringBuffer class
• any method of InetAddress, BigInteger, BigDecimal classes
• method digest(byte[]) from MessageDigest class

Vulnerability and risk

Misunderstanding of method behavior will cause flaws in application logic.

Mitigation and prevention

Store the value return by the method, for example a=a.trim().

Example 1

13
14
15
16
17
18
19
     public void write(String indent, Writer writer) {
         String description = getDescription();
         if (description != null)
             description.trim();
         // ...
         // write it
     }

RI.IGNOREDCALL is reported for line 16: The value returned by 'java.lang.String.trim()' is ignored.

External guidance

• CERT EXP00-J: Do not ignore values returned by methods
• CWE-391: Unchecked Error Condition
• STIG-ID:APP3120 Application has error handling vulnerabilities

Security training

Application security training materials provided by Secure Code Warrior.

• Dos Uncaught Errors Training Video - Test your skills with a training example