Expression is Always True
Weakness ID: 571 (Weakness Variant)Status: Draft
+ Description

Description Summary

The software contains an expression that will always evaluate to true.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Demonstrative Examples

Example 1

In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing without updating any database.

(Bad Code)
Example Language: Java 

public void updateInventory(String productNumber) {
boolean isProductAvailable = false;
boolean isDelayed = false;

if (productInStore(productNumber)) {
isProductAvailable = true;
updateInStoreDatabase(productNumber);
}
else if (productInWarehouse(productNumber)) {
isProductAvailable = true;
updateInWarehouseDatabase(productNumber);
}
else {
isProductAvailable = true;
}

if ( isProductAvailable ) {
updateProductDatabase(productNumber);
}
else if ( isDelayed ) {
/* Warn customer about delay before order processing */
...
}
}

However, the method never sets the isDelayed variable and instead will always update the isProductAvailable variable to true. The result is that the predicate testing the isProductAvailable boolean will always evaluate to true and therefore always update the product database. Further, since the isDelayed variable is initialized to false and never changed, the expression always evaluates to false and the customer will never be warned of a delay on their product.

+ Potential Mitigations

Phase: Testing

Use Static Analysis tools to spot such conditions.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness VariantWeakness Variant561Dead Code
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory569Expression Issues
Development Concepts699
ChildOfCategoryCategory747CERT C Secure Coding Section 49 - Miscellaneous (MSC)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingMSC00-CCompile cleanly at high warning levels
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
2009-07-27CWE Content TeamMITREInternal
updated Demonstrative Examples, Other Notes, Potential Mitigations
Back to top