...
Code Block | ||||
---|---|---|---|---|
| ||||
int privileges; if (invalid_login()) { if (allow_guests()) { privileges = GUEST; } } else { privileges = ADMINISTRATOR; } |
Noncompliant Code Example (empty block)
This noncompliant code example has a while
statement with no block:
Code Block | ||||
---|---|---|---|---|
| ||||
while (invalid_login()); |
Note that if invalid_login()
has no side effects (such as warning the user if their login failed), this code also violates MSC12-C. Detect and remove code that has no effect or is never executed.
Compliant Solution (empty block)
This compliant solution features an explicit empty block, which clarifies the developer's intent:
Code Block | ||||
---|---|---|---|---|
| ||||
while (invalid_login()) {}
|
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP19-C | Medium | Probable | Medium | P8 | L2 |
...
Tool | Version | Checker | Description | ||||||||||||
Astrée |
| compound-ifelse compound-loop | Fully checked | ||||||||||||
Axivion Bauhaus Suite |
| CertC-EXP19 | Fully implemented | ||||||||||||
Helix QAC |
| C2212 | |||||||||||||
Klocwork |
| MISRA.IF.NO_COMPOUND MISRA.STMT.NO_COMPOUND | |||||||||||||
LDRA tool suite |
| 11 S, 12 S, 428 S | Fully Implemented | ||||||||||||
Parasoft C/C++test |
| CERT_C-EXP19-a | The statement forming the body of a 'switch', 'while', 'do...while' or 'for' statement shall be a compound statement | ||||||||||||
PC-lint Plus |
| MISRA2004
| 14_8Fully implemented |
| 9012 | Fully supported | |||||||||
Polyspace Bug Finder |
| CERT C: Rec. EXP19-C | Checks for iteration or selection statement body not enclosed in braces (rec. fully covered) | ||||||||||||
PVS-Studio |
| V563, V628, V640, V705 | PRQA QA-C | Include Page | | PRQA QA-C_v | PRQA QA-C_v | 2212||||||||
RuleChecker |
| compound-ifelse compound-loop | Fully checked | ||||||||||||
SonarQube C/C++ Plugin |
| S121 | PVS-Studio | 6.22 | V563, V628, V640, V705 | General analysis rule set |
Related Vulnerabilities
CVE-2014-1266 was due, in large part, to failing to follow this recommendation. There is a spurious "goto fail" statement on line 631 of sslKeyExchange.c. This "goto" gets executed unconditionally, even though it is indented as if it were part of the preceding "if" statement. As a result, the call to sslRawVerify (which performs the actual signature verification) is rendered dead code. [ImperialViolet 2014]. If the body of the "if" statement had been enclosed in braces, then this defect likely would not have happened.
...