界: Code Quality
代码质量不佳会导致不可预测的行为。对于用户来说,通常表现为可用性差。对于攻击者来说,提供了以意外方式对系统施加压力的机会。
Poor Style: Redundant Initialization
Abstract
变量赋值后并不使用,而变成一个死存储。
Explanation
没有使用该变量的初始值。初始化之后,变量或者被重新赋值,或者转向作用域之外。
示例 1:以下摘录的代码为变量
示例 1:以下摘录的代码为变量
r 赋值,并在没有使用所赋数值的情况下,对其加以重写。
int r = getNum();
r = getNewNum(buf);
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 398
[2] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[4] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[5] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[6] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.cpp.poor_style_redundant_initialization
Abstract
变量赋值后并不使用,而变成一个死存储。
Explanation
没有使用该变量的初始值。初始化之后,变量或者被重新赋值,或者转向作用域之外。
示例 1:以下摘录的代码为变量
示例 1:以下摘录的代码为变量
r 赋值,并在没有使用所赋数值的情况下,对其加以重写。
int r = getNum();
r = getNewNum(buf);
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 398
[2] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[4] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[5] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[6] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.java.poor_style_redundant_initialization