Difference between revisions of "Incorrect block delimitation"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textbomono.com)
 
Line 1: Line 1:
http://www.textbomono.com
 
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}

Latest revision as of 13:30, 27 May 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents

Description

In some languages, forgetting to explicitly delimit a block can result in a logic error that can, in turn, have security implications.

Consequences

This is a general logic error - with all the potential consequences that this entails.

Exposure period

  • Implementation

Platform

C, C++, C#, Java

Required resources

Any

Severity

Varies

Likelihood of exploit

Low

In many languages, braces are optional for blocks, and - in a case where braces are omitted - it is possible to insert a logic error where a statement is thought to be in a block but is not. This is a common and well known reliability error.


Risk Factors

TBD

Examples

In this example, when the condition is true, the intention may be that both x and y run.

if (condition==true) x;
  y;


Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.


Related Technical Impacts


References

TBD