Division by Zero
Description
A ZeroDivisionError exception occurs when an arithmetic operation attempts to divide a number by zero. This can happen in various contexts, such as processing user inputs, performing calculations with variables, or working with data from external sources. Such errors not only disrupt the normal flow of the application but also can be exploited in certain scenarios to cause harm or extract information based on the application's response to the error.
Examples
Insecure Code
ruby
x = 10 / 0Secure Code
ruby
begin
x = 10 / y
rescue ZeroDivisionError
# handle the error
endRemediation
Implement error handling around division operations to catch and manage ZeroDivisionError gracefully, and always validate inputs that are used in division operations to ensure they are not zero or unexpected values.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0527 |
| Category | Injection |
| Severity | LOW |
| CWE | CWE-369 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | division by zero, zero division error |
| OWASP | A6:2017-Security Misconfiguration, A04:2021-Insecure Design |