Page History

...

In particular, assertions are generally unsuitable for server programs or embedded systems in deployment. A failed assertion can lead to a denial-of-service (DoS) attack if triggered by a malicious user. In such situations, a soft failure mode, such as writing to a log file and rejecting the request, is more appropriate.

Noncompliant Code Example

This noncompliant code example uses the assert() statement to verify that input was available. Because input availability depends on the user and can become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Therefore, using the assert() statement to verify that input was available would be inappropriate because doing so might lead to an abrupt termination of the process, opening up the possibility of a DoS attack.

BufferedReader br;

// Set up the BufferedReader br

String line;

// ...

line = br.readLine();

assert line != null;

Compliant Solution

This compliant solution demonstrates how to detect and handle possible input unavailability.

BufferedReader br;

// Set up the BufferedReader br

String line;

// ...

line = br.readLine();

if (line == null) {
  // handle error
}

Risk Assessment

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Automated Detection

In general, the misuse of the assert statement for runtime checking rather than checking for logical errors cannot be detected automatically.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

This guideline is based on C Secure Coding Standard: MSC11-C. Incorporate diagnostic tests using assertions and

C++ Secure Coding Standard: MSC11-CPP. Incorporate diagnostic tests using assertions.

Bibliography