界: Code Quality
程式碼品質不佳,會導致無法預料的行為。從使用者的角度來看,這通常表現為可用性不佳。對於攻擊者而言,這提供了以意想不到的方式向系統施加壓力的機會。
Poor Style: Value Never Read
Abstract
雖指定變數值,但從不使用,而使它成為無用儲存。
Explanation
未使用此變數值。在指定值後,會為變數指定另一個值,或者超出範圍之外。
範例:以下摘錄的程式碼會為變數
範例:以下摘錄的程式碼會為變數
r 指定值,然後在沒有使用的情況下將其覆寫。
r = getName();
r = getNewBuffer(buf);
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.cpp.poor_style_value_never_read
Abstract
雖指定變數值,但從不使用,而使它成為無用儲存。
Explanation
未使用此變數值。在指定值後,會為變數指定另一個值,或者超出範圍之外。
範例:以下摘錄的程式碼會為變數
範例:以下摘錄的程式碼會為變數
r 指定值,然後在沒有使用的情況下將其覆寫。
r = getName();
r = getNewBuffer(buf);
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.java.poor_style_value_never_read