CWE-476 NULL Pointer Dereference
Coverage: 4 rules in the SiteShadow rule registry target this CWE (registry v2.0.0). Regex 2Other-pattern 2 Also: Taint and heuristic analyzers may also detect related flows (see coverage for the authoritative list) Registry tagging shows intent, for sample-level behaviour and benchmarked gaps see known gaps.
What this means
SiteShadow flagged code paths where null/None/undefined values may be dereferenced without checks. In many systems this is "just" a crash, but in security contexts it can become a reliability or availability issue.
Why it matters
Null dereferences can crash services or expose unexpected behavior.
- Denial of service: attackers can trigger crashes repeatedly.
- Unexpected fallbacks: error handling can accidentally skip checks ("fail open").
- In native code, memory safety issues can sometimes be exploited beyond crashes.
Safer examples
1) Validate inputs and required fields early
Reject requests missing required fields (see CWE-20).
2) Use type-safe patterns
Use optional types and static analysis to force handling of missing values.
3) Fail closed on auth/security checks
If a value required for auth is missing, treat it as unauthorized, not "skip check."
How SiteShadow detects it (high level)
- Detects dereferences/field access on nullable values with missing guard checks.
- Prioritizes dereferences that happen in request-handling or auth/security-sensitive code paths.
References
- CWE-476: https://cwe.mitre.org/data/definitions/476.html
---
← Back to Vulnerability Library
Catch this with SiteShadow Pro.
This vulnerability class is detected by SiteShadow's Pro-tier engines, two-pass interprocedural taint analysis, heuristic flow checks, AI-context scanning, and cross-file detection. The free tier catches OWASP Top 10 single-file patterns; Pro adds the data-flow depth that finds this class of bug.