CWE-483: Incorrect Block Delimitation
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.
扩展描述
In some languages, braces (or other delimiters) are optional for blocks. When the delimiter is omitted, it is possible to insert a logic error in which a statement is thought to be in a block but is not. In some cases, the logic error can have security implications.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Alter Execution Logic
说明: This is a general logic error which will often lead to obviously-incorrect behaviors that are quickly noticed and fixed. In lightly tested or untested code, this error may be introduced it into a production environment and provide additional attack vectors by creating a control flow path leading to an unexpected state in the application. The consequences will depend on the types of behaviors that are being incorrectly executed.
潜在缓解措施
阶段: Implementation
描述: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2014-1266
incorrect indentation of "goto" statement makes it more difficult to detect an incorrect goto (Apple's "goto fail")
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Incorrect block delimitation | - |