Reino: Code Quality

Una mala calidad del código lleva a un comportamiento no predecible. Desde la perspectiva de un usuario, muchas veces también supone una usabilidad limitada. Pero para un atacante es una oportunidad para atacar al sistema de formas insospechadas.

Code Correctness: Arithmetic Operation on Boolean

C/C++

Abstract

El programa usa un operador aritmético o un valor booleano, que podría no conseguir lo que el programador tiene pensado.

Explanation

Las operaciones aritméticas no actúan del mismo modo en valores booleanos a como lo harían en valores integrales, lo que podría ocasionar un comportamiento inesperado.

References

[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1

[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 5

[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1

[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal

[5] Standards Mapping - Common Weakness Enumeration CWE ID 398

[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2012 Rule 13.4, Rule 14.4

[7] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 5-0-13, Rule 6-2-1

[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6

[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6

[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6

[11] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6

[12] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4

[13] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection

[14] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection

[15] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection

desc.structural.cpp.code_correctness_arithmetic_operation_on_boolean