CWE-703 对异常条件检查或处理不恰当
Improper Check or Handling of Exceptional Conditions
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Availability', 'Integrity'] | ['Read Application Data', 'DoS: Crash, Exit, or Restart', 'Unexpected State'] |
检测方法
Dynamic Analysis with Manual Results Interpretation
According to SOAR, the following detection techniques may be useful:
Highly cost effective:
- Fault Injection - source code
- Fault Injection - binary
Cost effective for partial coverage:
- Forced Path Execution
Manual Static Analysis - Source Code
According to SOAR, the following detection techniques may be useful:
Highly cost effective:
- Manual Source Code Review (not inspections)
Cost effective for partial coverage:
- Focused Manual Spotcheck - Focused manual analysis of source
Automated Static Analysis - Source Code
According to SOAR, the following detection techniques may be useful:
Cost effective for partial coverage:
- Source code Weakness Analyzer
- Context-configured Source Code Weakness Analyzer
Architecture or Design Review
According to SOAR, the following detection techniques may be useful:
Highly cost effective:
- Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
- Formal Methods / Correct-By-Construction
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | ERR06-J | Do not throw undeclared checked exceptions |