Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2022.2

Incorporate diagnostic Diagnostic tests can be incorporated into programs by using the assert() statement.Assertions  Assertions are primarily intended for use during debugging , and are generally often turned off before code is deployed by using the -disableassertions (or -da) java optionJava runtime switch. Consequently, assertions should be used to protect against incorrect programmer assumptions and not for runtime error checking.

Assertions should never be used to verify the absence of runtime (as opposed to logic) errors, such as

  • invalid Invalid user input (including command-line arguments and environment variables)
  • file File errors (for example, errors opening, reading, or writing files)
  • network Network errors (including network protocol errors)
  • out Out-of-memory conditions (when the JVM Java Virtual Machine cannot allocate space for a new object and the garbage collector cannot make sufficient space available)
  • system System resource exhaustion (for example, out-of-file descriptors, processes, threads)
  • system System call errors (for example, errors executing files, locking or unlocking mutexes)
  • invalid Invalid permissions (for example, file, memory, user)

Code that protects against an inputI/output O error, for example, cannot be implemented as an assertion because this code it must be presented present in the deployed executable.

In particular, assertions Assertions are generally unsuitable for server programs or embedded systems in deployment. A failed assertion can lead to a denial-of-service (DoS) attack if triggered by a malicious user. In such situations, a soft failure mode, such as writing to a log file and rejecting the request, is more appropriate.

Noncompliant Code Example

This noncompliant code example uses the assert() statement to verify that input was available. Because input availability depends on the user and can become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Therefore, using the assert() statement to verify that input was available would be inappropriate because doing so might lead to an abrupt termination of the process, opening up the possibility of a denial-of-service attack.:

Code Block
bgColor#FFcccc

BufferedReader br;

// Set up the BufferedReader br

String line;

// ...

line = br.readLine();

assert line != null;

Because input availability depends on the user and can be exhausted at any point during program execution, a robust program must be prepared to gracefully handle and recover from the unavailability of input. However, using the assert statement to verify that some significant input was available is inappropriate because it might lead to an abrupt termination of the process, resulting in a denial of service.

Compliant Solution

The This compliant solution below demonstrates how the recommended way to detect and handle possible unavailability of input unavailability.:

Code Block
bgColor#ccccff

BufferedReader br;

// Set up the BufferedReader br

String line;

// ...

line = br.readLine();

if (line == null) {
  // handleHandle error
}

...

Applicability

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC65-J

low

unlikely

high

P1

L3

Automated Detection

bug-free.

In general, the misuse of the assert statement for runtime checking rather than checking for logical errors cannot be detected automatically.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

This guideline is based on MSC11-C. Incorporate diagnostic tests using assertions and MSC11-CPP. Incorporate diagnostic tests using assertions.

Bibliography

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fde418b7-f576-490c-9d6a-b154f42c0772"><ac:plain-text-body><![CDATA[

...

[[JLS 2011

...

AA. References#JLS 11]]

...

Section 14.10 The assert Statement

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.MSC60.ASSERTDo not use assertions in production code

Bibliography


...

Image Added Image Added Image Added

...