Expression is Always True

The software contains an expression that will always evaluate to true.


Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing without updating any database.

public void updateInventory(String productNumber) {

  boolean isProductAvailable = false;
  boolean isDelayed = false;

  if (productInStore(productNumber)) {
    isProductAvailable = true;
    updateInStoreDatabase(productNumber);
  }
  else if (productInWarehouse(productNumber)) {
    isProductAvailable = true;
    updateInWarehouseDatabase(productNumber);
  }
  else {
    isProductAvailable = true;
  }

  if ( isProductAvailable ) {
    updateProductDatabase(productNumber);
  }
  else if ( isDelayed ) {


    /* Warn customer about delay before order processing */
    ...

  }

}

However, the method never sets the isDelayed variable and instead will always update the isProductAvailable variable to true. The result is that the predicate testing the isProductAvailable boolean will always evaluate to true and therefore always update the product database. Further, since the isDelayed variable is initialized to false and never changed, the expression always evaluates to false and the customer will never be warned of a delay on their product.

See Also

CISQ Quality Measures - Security

Weaknesses in this category are related to the CISQ Quality Measures for Security. Presence of these weaknesses could reduce the security of the software.

CISQ Quality Measures - Maintainability

Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.

SFP Secondary Cluster: Glitch in Computation

This category identifies Software Fault Patterns (SFPs) within the Glitch in Computation cluster (SFP1).

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weakness Base Elements

This view (slice) displays only weakness base elements.


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.