Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Poor Style: Redundant Initialization

C/C++
Java/JSP

Abstract

The variable's value is assigned but never used, making it a dead store.

Explanation

This variable's initial value is not used. After initialization, the variable is either assigned another value or goes out of scope.

Example 1: The following code excerpt assigns to the variable r and then overwrites the value without using it.


  int r = getNum();
  r = getNewNum(buf);

References

[1] Standards Mapping - Common Weakness Enumeration CWE ID 398

[2] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II

[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II

[4] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II

[5] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II

[6] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II

[7] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II

[8] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II

desc.structural.cpp.poor_style_redundant_initialization

Abstract

The variable's value is assigned but never used, making it a dead store.

Explanation


  int r = getNum();
  r = getNewNum(buf);