Function Call With Incorrectly Specified Argument Value
This vulnerability occurs when a function is called with an argument that holds an incorrect or unexpected value, leading to unintended program behavior or security flaws.
Incorrect argument values often happen due to simple mistakes like mixing up parameter order, using hard-coded magic numbers, or passing a variable that hasn't been properly validated. For example, calling a file permission function with a value meant for a buffer size can expose sensitive data or crash the application. These errors are subtle because the code compiles and runs, but the logic is fundamentally broken, creating a gap between what the developer intended and what actually executes. Finding these mismatches manually in a large codebase is like searching for a needle in a haystack. While SAST tools can flag suspicious patterns, Plexicus uses AI to not only detect these flaws but also generate the precise code fix, transforming a generic warning into an actionable correction. This saves significant manual review time and helps ensure that the function receives the exact value it was designed to handle, closing the door on a wide range of downstream vulnerabilities.
Impact: Quality Degradation
ID : DX-63
This Perl code intends to record whether a user authenticated successfully or not, and to exit if the user fails to authenticate. However, when it calls ReportAuth(), the third argument is specified as 0 instead of 1, so it does not exit.Code Example:
perl- CERT C Secure Coding
- Software Fault Patterns