BaseDraft

CWE-483Incorrect Block Delimitation

Category: other

Description

The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error. In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Alter Execution Logic
    This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed.

Potential mitigations· 1

  • [Implementation]Always use explicit block delimitation and use static-analysis technologies to enforce this practice.

References

  1. https://cwe.mitre.org/data/definitions/483.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficient Control Flow Management
CWE
Inappropriate Source Code Style or Formatting
CWE
Empty Code Block
CWE
Always-Incorrect Control Flow Implementation
CWE
Inaccurate Source Code Comments
CWE
Missing Default Case in Multiple Condition Expression
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.