Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-571 (表达式永真) — Vulnerability Class 1

1 vulnerabilities classified as CWE-571 (表达式永真). AI Chinese analysis included.

CWE-571 represents a logical error weakness where a conditional expression permanently evaluates to true, regardless of input or state. This flaw typically arises from incorrect boolean logic, such as using the assignment operator instead of equality comparison, or redundant conditions that mask actual security checks. Attackers exploit this by bypassing critical authentication or authorization mechanisms, gaining unauthorized access to sensitive resources or executing privileged operations without proper verification. To prevent this, developers must rigorously review conditional statements, ensuring logical operators are correctly applied and conditions accurately reflect intended business logic. Utilizing static analysis tools can help detect these tautologies early in the development cycle, while thorough code reviews and unit testing verify that security controls function as expected under all possible execution paths.

MITRE CWE Description
The product contains an expression that will always evaluate to true.
Common Consequences (1)
OtherQuality Degradation, Varies by Context
Mitigations (1)
ImplementationConsider refactoring the code, or determine if the code is not including a condition that could cause the expression to become false.
Examples (1)
In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing…
public void updateInventory(String productNumber) { boolean isProductAvailable = false; boolean isDelayed = false; if (productInStore(productNumber)) { isProductAvailable = true; updateInStoreDatabase(productNumber); } else if (productInWarehouse(productNumber)) { isProductAvailable = true; updateInWarehouseDatabase(productNumber); } else { isProductAvailable = true; } if ( isProductAvailable ) { updateProductDatabase(productNumber); } else if ( isDelayed ) { /* Warn customer about delay before order processing */ ... } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2022-31017 Expression Always True vulnerability in Zulip Server — zulip 2.0 Low2022-06-25

Vulnerabilities classified as CWE-571 (表达式永真) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.