Omitted Break Statement in Switch |
Weakness ID: 484 (Weakness Base) | Status: Draft |
Description Summary
Extended Description
This can lead to critical code executing in situations where it should not.
White Box Omission of a break statement might be intentional, in order to support fallthrough. Automated detection methods might therefore be erroneous. Semantic understanding of expected program behavior is required to interpret whether the code is correct. |
Black Box Since this weakness is associated with a code construct, it would be indistinguishable from other errors that produce the same behavior. |
Example 1
Now one might think that if they just tested case 12, it will display that the respective month "is a great month." However, if one tested November, one notice that it would display "November December is a great month."
Phase: Implementation Omitting a break statement so that one may fall through is often indistinguishable from an error, and therefore should be avoided. If you need to use fall-through capabilities, make sure that you have clearly documented this within the switch statement, and ensure that you have examined all the logical possibilities. |
Phase: Implementation The functionality of omitting a break statement could be clarified with an if statement. This method is much safer. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 398 | Indicator of Poor Code Quality | Development Concepts (primary)699 Research Concepts1000 |
ChildOf | ![]() | 670 | Always-Incorrect Control Flow Implementation | Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
CLASP | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Description, Detection Factors, Relationships, Other Notes, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Demonstrative Examples, Description, Detection Factors, Name, Other Notes, Potential Mitigations, Weakness Ordinalities | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-11-24 | Omitted Break Statement | |||