Avoid the use of numerical values or "magic numbers" in code when possible. Appropriately named symbolic constants clarify the intent of the programmer. In addition, if a specific number needs to be changed reassigning a symbolic value is more efficient and less error prone than replacing every instance of specific number in the code.
Non Compliant Code Example
The meaning of the value 18 is not clear in this example. Additionally, should this value need to be changed, the programmer would have to change it in multiple places.
if (age >= 18) {
/* Take action */
}
...
if (age < 18) {
/* Take a different action */
}
Compliant Solution
The compliant solution replaces 18 with the symbolic constant ADULT_AGE to clarify the meaning of the code.
When declaring immutable symbolic values such as ADULT_AGE it is best to use const or enum as explained in DCL00-A. Declare immutable values using const or enum.
int const ADULT_AGE = 18;
...
if (age >= ADULT_AGE) {
/* Take action */
}
...
if (age < ADULT_AGE) {
/* Take a different action */
}
Risk Assessment
Using numeric literals in code makes that code more difficult to read and understand the programmers intent.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL06-A |
1 (low) |
1(unlikely) |
2 (medium) |
P2 |
L3 |