CWE-1071
Notifiche per un CWE specifico
Rimani informato su qualsiasi modifica relativa a un CWE specifico.
Nome: Empty Code Block
The source code contains a block that does not contain any code, i.e., the block is empty.
General Informations
Modes Of Introduction
ImplementationPiattaforme applicabili
Linguaggio
Class: Not Language-Specific (Undetermined)Conseguenze comuni
| Ambito | Impatto | Probabilità |
|---|---|---|
| Other | Reduce Reliability |
Detection Methods
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Effectiveness : High
Note sulla mappatura delle vulnerabilità
Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Invio
| Nome | Organizzazione | Data | Data di rilascio | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 3.2 |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| CWE Content Team | MITRE | updated Relationships, Type | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Detection_Factors, Time_of_Introduction |
