CWC-105
Title
Initializing global variables in Init Function
Relationships
CWE-665: Improper Initialization
Description
Init function of the chaincode is not called on all docker startups. Its purpose is to initialize the chaincode, not the network state.
Remediation
If a variable needs to be set on every network startup, that has to be done in the constructor of the contract.
Contract Samples
GlobalInInitOwnVariable.java
import org.hyperledger.fabric.shim.Chaincode;
import org.hyperledger.fabric.shim.ChaincodeStub;
import org.hyperledger.fabric.shim.Chaincode.Response.Status;
public class GlobalInInitOwnVariable implements Chaincode{
public static String GlobalVariable;
@Override
public Response init(ChaincodeStub stub) {
GlobalVariable = "CodeSmell";
return new Response(Status.SUCCESS, "Succes", null);
}
@Override
public Response invoke(ChaincodeStub stub) {
return null;
}
}
GlobalInInitOwnVariable.yaml
description: Modifying non own global variable in Init function
issues:
- id: CWC-105
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
GlobalInInitOwnVariable.java: [16]
GlobalModificationInFunction.java
import org.hyperledger.fabric.shim.Chaincode;
import org.hyperledger.fabric.shim.ChaincodeStub;
import org.hyperledger.fabric.shim.Chaincode.Response.Status;
public class GlobalModificationInFunction implements Chaincode{
public static String GlobalVariable;
@Override
public Response init(ChaincodeStub stub) {
CodeSmell();
return new Response(Status.SUCCESS, "Succes", null);
}
@Override
public Response invoke(ChaincodeStub stub) {
return null;
}
public void CodeSmell(){
GlobalVariable = "CodeSmell";
}
}
GlobalModificationInFunction.yaml
description: Modifying non own global variable in Init function
issues:
- id: CWC-105
count: 1
locations:
- bytecode_offsets: {}
line_numbers:
GlobalModificationInFunction.java: [16]