目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-570 表达式永假 类漏洞列表 1

CWE-570 表达式永假 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-570指表达式恒为假的逻辑错误,属于代码缺陷而非直接安全漏洞。攻击者通常无法直接利用此问题,但可能通过触发异常分支或导致程序进入非预期状态,间接引发拒绝服务或逻辑绕过。开发者应避免在条件判断中使用常量或固定值,确保逻辑分支基于动态输入或变量,并通过静态代码分析工具检测此类冗余判断,以保障程序逻辑的正确性与健壮性。

MITRE CWE 官方描述
CWE:CWE-570 Expression is Always False 英文:The product contains an expression that will always evaluate to false.
常见影响 (1)
OtherQuality Degradation, Varies by Context
缓解措施 (1)
ImplementationConsider refactoring the code, or determine if the code is not including a condition that could cause the expression to become false.
代码示例 (2)
In the following Java example the updateUserAccountOrder() method used within an e-business product ordering/inventory application will validate the product number that was ordered and the user account number. If they are valid, the method will update the product inventory, the user account, and the user order appropriately.
public void updateUserAccountOrder(String productNumber, String accountNumber) { boolean isValidProduct = false; boolean isValidAccount = false; if (validProductNumber(productNumber)) { isValidProduct = true; updateInventory(productNumber); } else { return; } if (validAccountNumber(accountNumber)) { isValidProduct = true; updateAccount(accountNumber, productNumber); } if (isValidProduct && isValidAccount) { updateAccountOrder(accountNumber, productNumber); } }
Bad · Java
... if (validAccountNumber(accountNumber)) { isValidAccount = true; updateAccount(accountNumber, productNumber); } ...
Good · Java
In the following example, the hasReadWriteAccess method uses bit masks and bit operators to determine if a user has read and write privileges for a particular process. The variable mask is defined as a bit mask from the BIT_READ and BIT_WRITE constants that have been defined. The variable mask is used within the predicate of the hasReadWriteAccess method to determine if the userMask input paramete…
#define BIT_READ 0x0001 // 00000001 #define BIT_WRITE 0x0010 // 00010000 unsigned int mask = BIT_READ & BIT_WRITE; /* intended to use "|" */ // using "&", mask = 00000000 // using "|", mask = 00010001 // determine if user has read and write access int hasReadWriteAccess(unsigned int userMask) { // if the userMask has read and write bits set // then return 1 (true) if (userMask & mask) { return 1; } // otherwise return 0 (false) return 0; }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2024-32633 Asrmicro ASR Series 安全漏洞 — Falcon/Crane 4.0 Medium2024-04-16

CWE-570(表达式永假) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。