...
More importantly, when inserting an additional statement in a body containing only a single line, it is easy to forget to add braces when the indentation tends to give a strong (but probably misleading) guide to the structure.
Noncompliant Code Example
This noncompliant code example uses an if-else statement without braces to authenticate a user.
| Code Block | ||
|---|---|---|
| ||
int login; if (invalid_login()) login = 0; else login = 1; |
The programmer adds a debugging statement to determine when the login is valid, but forgets to add opening and closing braces.
| Code Block | ||
|---|---|---|
| ||
int login;
if (invalid_login())
login = 0;
else
printf("Login is valid\n");
login = 1;
|
Due to the indentation of the code, it is difficult to tell that the code is not functioning as intended by the programmer, leading to a possible security breach.
h.3 Compliant Code Example
Opening and closing braces are used even when the body is a single statement.
| Code Block | ||
|---|---|---|
| ||
int login;
if (invalid_login()) {
login = 0;
} else {
login = 1;
}
|