Overview

CWC-113

Title

Assignment of ledger state to Variable without Use

Relationships

CWE-563: Assignment to Variable without Use

Description

Querying ledger data without later using can cause more read conflicts.

This can happen different ways:

  • Getting ledger data with GetState and not saving it to a variable
  • Getting ledger data with GetState and saving it to a variable which does not effect any putState calls.

Remediation

Query ledger data only if it is necessary (it has effects to the ledger: putState).

Contract Samples

get_without_put.java

public Response init(ChaincodeStub stub) {
    stub.getState('key');
}

get_without_put.yaml

description: GetState without saving to variable
issues:
- id: CWC-113
  count: 1
  locations: 
  - bytecode_offsets: {}
    line_numbers:
      get_without_put.java: [3]
CWC-112