Difference between revisions of "Incorrect block delimitation"

From OWASP
Jump to: navigation, search
 
(Examples)
Line 43: Line 43:
 
In this example, when the condition is true, the intention may be that both ''x'' and ''y'' run.
 
In this example, when the condition is true, the intention may be that both ''x'' and ''y'' run.
  
 +
<pre>
 
if (condition==true) x;
 
if (condition==true) x;
   y;  
+
   y;
 +
</pre>
 +
 
 
==Related problems ==
 
==Related problems ==
  

Revision as of 11:55, 16 April 2006



Overview

In some languages, forgetting to explicitly delimit a block can result in a logic error that can, in turn, have security implications.

Consequences

This is a general logic error - with all the potential consequences that this entails.

Exposure period

  • Implementation

Platform

C, C++, C#, Java

Required resources

Any

Severity

Varies

Likelihood of exploit

Low

Avoidance and mitigation

Implementation: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.

Discussion

In many languages, braces are optional for blocks, and - in a case where braces are omitted - it is possible to insert a logic error where a statement is thought to be in a block but is not. This is a common and well known reliability error.

Examples

In this example, when the condition is true, the intention may be that both x and y run.

if (condition==true) x;
  y;

Related problems

Not available.

Categories