界: Code Quality
代码质量不佳会导致不可预测的行为。对于用户来说,通常表现为可用性差。对于攻击者来说,提供了以意外方式对系统施加压力的机会。
Poor Style: Value Never Read
Abstract
变量赋值后并不使用,而变成一个死存储。
Explanation
没有使用该变量的值。赋值之后,变量或者被重新赋值,或者超出范围之外。
示例 1:以下摘录的代码为变量
示例 1:以下摘录的代码为变量
r 赋值,并在没有使用所赋数值的情况下,对其加以重写。
r = getName();
r = getNewBuffer(buf);
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 563
[2] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[4] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[5] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[6] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.cpp.poor_style_value_never_read
Abstract
变量赋值后并不使用,而变成一个死存储。
Explanation
没有使用该变量的值。赋值之后,变量或者被重新赋值,或者超出范围之外。
示例 1:以下摘录的代码为变量
示例 1:以下摘录的代码为变量
r 赋值,并在没有使用所赋数值的情况下,对其加以重写。
r = getName();
r = getNewBuffer(buf);
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 563
[2] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[4] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[5] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[6] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.java.poor_style_value_never_read