Typo in Operator
Description
The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. This rule also covers some other common typo patterns.
Examples
Insecure Code
c
if (a = b) { /* code */ }Secure Code
c
if (a == b) { /* code */ }Remediation
Review the code and correct the typo in the operator.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0653 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-480 |
| Confidence | LOW |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/483
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
- https://cwe.mitre.org/data/definitions/481
- https://cwe.mitre.org/data/definitions/482
- https://cwe.mitre.org/data/definitions/480
- https://g.co/kgs/PCHQjJ