Incorrect Block Delimitation |
Weakness ID: 483 (Weakness Variant) | Status: Draft |
Description Summary
Extended Description
In some languages, forgetting to explicitly delimit a block can result in a logic error that can, in turn, have security implications.
Scope | Effect |
---|---|
Confidentiality Integrity Availability | This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed. |
Example 1
In this example, when the condition is true, the intention may be that both x and y run.
Phase: Implementation Always use explicit block delimitation and use static-analysis technologies to enforce this practice. |
In many languages, braces are optional for blocks, and -- in a case where braces are omitted -- it is possible to insert a logic error where a statement is thought to be in a block but is not. This is a common and well known reliability error. |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 398 | Indicator of Poor Code Quality | Development Concepts (primary)699 |
ChildOf | ![]() | 670 | Always-Incorrect Control Flow Implementation | Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
CLASP | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Common Consequences, Description, Relationships, Other Notes, Taxonomy Mappings | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Demonstrative Examples | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Common Consequences |