目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CWE-571 表达式永真 类漏洞列表 1

CWE-571 表达式永真 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-571指表达式恒为真漏洞,属于逻辑错误类缺陷。当代码包含始终返回True的条件判断时,攻击者可利用此缺陷绕过身份验证或权限检查,从而获取未授权访问。开发者应避免在关键逻辑中使用硬编码常量或无效比较,确保条件表达式能根据实际输入动态评估,并通过静态代码分析工具检测此类逻辑冗余,以保障系统安全性。

MITRE CWE 官方描述
CWE:CWE-571 表达式始终为真 英文:The product contains an expression that will always evaluate to true.
常见影响 (1)
OtherQuality Degradation, Varies by Context
缓解措施 (1)
ImplementationConsider refactoring the code, or determine if the code is not including a condition that could cause the expression to become false.
代码示例 (1)
In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing…
public void updateInventory(String productNumber) { boolean isProductAvailable = false; boolean isDelayed = false; if (productInStore(productNumber)) { isProductAvailable = true; updateInStoreDatabase(productNumber); } else if (productInWarehouse(productNumber)) { isProductAvailable = true; updateInWarehouseDatabase(productNumber); } else { isProductAvailable = true; } if ( isProductAvailable ) { updateProductDatabase(productNumber); } else if ( isDelayed ) { /* Warn customer about delay before order processing */ ... } }
Bad · Java
CVE IDタイトルCVSS深刻度公開日
CVE-2022-31017 Expression Always True vulnerability in Zulip Server — zulip 2.0 Low2022-06-25

CWE-571(表达式永真) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。