界: Code Quality
程式碼品質不佳,會導致無法預料的行為。從使用者的角度來看,這通常表現為可用性不佳。對於攻擊者而言,這提供了以意想不到的方式向系統施加壓力的機會。
Code Correctness: Function Not Invoked
Abstract
因為缺少後括弧,這個運算式引用了函數指標的值,而不是函數回傳的值。
Explanation
此運算式永遠不會為 Null 值,因為它是引用函數指標,而不是函數的回傳值。
範例 1:以下條件永遠不會觸發。
範例 1:以下條件永遠不會觸發。
getChunk == NULL 述詞會一直為 false,因為 getChunk 是定義於程式中的函數名稱。
if (getChunk == NULL)
return ERR;
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 398
[2] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 2.1, Rule 2.2
[3] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[4] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[7] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[8] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[9] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[10] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.cpp.code_correctness_function_not_invoked