Avoid the use of numerical values in code ("magic numbers") when possible. Reasons for this include, appropriately named symbolic constants make code more readable rather than checks against a specific number. For portability reasons also if a specific number needs to be changed reassigning a symbolic value is much easier than replacing a specific number in the code since each case has to be checked specifically.
Non Compliant Code:
if(age>=18)
{
printf("Of legal voting age");
}
Compliant Code:
if(age>=VOTING_AGE)
{
printf("Of legal voting age");
}
Risk Assessment
Mistakes regarding numeric values can cause unintended consequences if changes are not made uniformly
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP00-A |
1 (low) |
1(unlikely) |
2 (medium) |
P2 |
L3 |
Source: http://www.doc.ic.ac.uk/lab/cplus/c++.rules/chap10.html