Incorrect block delimitation

Last revision (mm/dd/yy): //

Vulnerabilities Table of Contents

Description
In some languages, forgetting to explicitly delimit a block can result in a logic error that can, in turn, have security implications.

Consequences

This is a general logic error - with all the potential consequences that this entails.

Exposure period


 * Implementation

Platform

C, C++, C#, Java

Required resources

Any

Severity

Varies

Likelihood of exploit

Low

In many languages, braces are optional for blocks, and - in a case where braces are omitted - it is possible to insert a logic error where a statement is thought to be in a block but is not. This is a common and well known reliability error.

Risk Factors
TBD

Examples
In this example, when the condition is true, the intention may be that both x and y run.

if (condition==true) x; y;

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Implementation: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2