...
These runtime constraint handlers mitigate some of the potential insecurity cuased by in-band error indicators. See ERR02-A. Avoid in-band error indicators
Risk Analysis
Not using runtime constraint violations lends itself to the same risks as using in-band error indicators. The risk of using in-band error indicators is difficult to quantify, and is consequently given as low. However, if the use of in-band error indicators results in programmers failing or incorrectly checking status code, the consequences can be more severeThe TR24731-1 standard indicates that if no constraint handler is set, a default one executes when errors arise. The default handler is implementation-defined and "may cause the program to exit or abort". Therefore using constraint handlers prevents a program from immediately crashing.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ERR03-A | low | unlikely | low | P3 | L3 |
...