CWE-478 在Switch语句中缺失缺省条件 类漏洞列表 1

#define FAILED 0 #define PASSED 1 int result; ... result = security_check(data); switch (result) { case FAILED: printf("Security check failed!\n"); exit(-1); //Break never reached because of exit() break; case PASSED: printf("Security check passed.\n"); break; } // program execution continues... ...

#define FAILED 0 #define PASSED 1 int result; ... result = security_check(data); switch (result) { case FAILED: printf("Security check failed!\n"); exit(-1); //Break never reached because of exit() break; case PASSED: printf("Security check passed.\n"); break; default: printf("Unknown error (%d), exiting...\n",result); exit(-1); }

public static final String INTEREST_RATE_AT_ZERO_POINTS = "5.00"; public static final String INTEREST_RATE_AT_ONE_POINTS = "4.75"; public static final String INTEREST_RATE_AT_TWO_POINTS = "4.50"; ... public BigDecimal getInterestRate(int points) { BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS); switch (points) { case 0: result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS); break; case 1: result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS); break; case 2: result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS); break; } return result; }

public static final String INTEREST_RATE_AT_ZERO_POINTS = "5.00"; public static final String INTEREST_RATE_AT_ONE_POINTS = "4.75"; public static final String INTEREST_RATE_AT_TWO_POINTS = "4.50"; ... public BigDecimal getInterestRate(int points) { BigDecimal result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS); switch (points) { case 0: result = new BigDecimal(INTEREST_RATE_AT_ZERO_POINTS); break; case 1: result = new BigDecimal(INTEREST_RATE_AT_ONE_POINTS); break; case 2: result = new BigDecimal(INTEREST_RATE_AT_TWO_POINTS); break; default: System.err.println("Invalid value for points, must