Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CWE-478 Base Draft
Missing Default Case in Multiple Condition Expression
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
Definition
What is CWE-478?
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
When a switch or similar multi-branch statement has no default case, any unhandled input value can cause the program to take no action or follow an incorrect logic path. This creates a silent failure point where the application's behavior becomes unpredictable, often leading to logic errors, data corruption, or crashes that can be exploited to bypass security controls or disrupt service.
Managing this at scale is difficult; an ASPM like Plexicus can help you track and remediate these flaws across your entire stack. While SAST tools catch the pattern, Plexicus uses AI to suggest the actual code fix—such as adding a default case to log, throw an exception, or assign a safe fallback value—saving hours of manual work and preventing cascading failures from poor error handling.
Auswirkungen in der Praxis
Real-world CVEs caused by CWE-478
Bisher sind in MITREs Katalog keine öffentlichen CVE-Referenzen mit dieser CWE verknüpft.
Wie Angreifer es ausnutzen
Angreiferpfad Schritt für Schritt
- 1
The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:
- 2
Instead a default label should be used for unaccounted conditions:
- 3
This label is used because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling.
- 4
In the following Java example the method getInterestRate retrieves the interest rate for the number of points for a mortgage. The number of points is provided within the input parameter and a switch statement will set the interest rate value to be returned based on the number of points.
- 5
However, this code assumes that the value of the points input parameter will always be 0, 1 or 2 and does not check for other incorrect values passed to the method. This can be easily accomplished by providing a default label in the switch statement that outputs an error message indicating an invalid value for the points input parameter and returning a null value.
Verwundbares Codebeispiel
Vulnerable C
The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:
#define FAILED 0
#define PASSED 1
int result;
...
result = security_check(data);
switch (result) {
case FAILED:
printf("Security check failed!\n");
exit(-1);
```
//Break never reached because of exit()*
break;
case PASSED:
```
printf("Security check passed.\n");
break;
}
```
// program execution continues...*
... Sicheres Codebeispiel
Secure C
Instead a default label should be used for unaccounted conditions:
#define FAILED 0
#define PASSED 1
int result;
...
result = security_check(data);
switch (result) {
case FAILED:
printf("Security check failed!\n");
exit(-1);
```
//Break never reached because of exit()*
break;
case PASSED:
```
printf("Security check passed.\n");
break;
default:
printf("Unknown error (%d), exiting...\n",result);
exit(-1);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Präventions-Checkliste
How to prevent CWE-478
- Implementation Ensure that there are no cases unaccounted for when adjusting program flow or values based on the value of a given variable. In the case of switch style statements, the very simple act of creating a default case can, if done correctly, mitigate this situation. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Erkennungssignale
How to detect CWE-478
Plexicus erkennt CWE-478 automatisch und öffnet in unter 60 Sekunden einen Fix-PR.
Codex Remedium scannt jeden Commit, identifiziert genau diese Schwachstelle und liefert einen reviewer-ready Pull Request mit dem Patch. Keine Tickets. Keine Hand-offs.
Häufig gestellte Fragen Was ist CWE-478?
Wie gravierend ist CWE-478?
Welche Sprachen oder Plattformen sind von CWE-478 betroffen?
Wie kann ich CWE-478 verhindern?
Wie erkennt und behebt Plexicus CWE-478?
Wo erfahre ich mehr über CWE-478?
Frequently asked questions
Was ist CWE-478?
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
Wie gravierend ist CWE-478?
MITRE hat für diese Schwachstelle keine Exploit-Wahrscheinlichkeit veröffentlicht. Behandle sie als mittlere Auswirkung, bis dein Threat Model anderes belegt.
Welche Sprachen oder Plattformen sind von CWE-478 betroffen?
MITRE lists the following affected platforms: C, C++, Java, C#, Python, JavaScript.
Wie kann ich CWE-478 verhindern?
Ensure that there are no cases unaccounted for when adjusting program flow or values based on the value of a given variable. In the case of switch style statements, the very simple act of creating a default case can, if done correctly, mitigate this situation. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Wie erkennt und behebt Plexicus CWE-478?
Die SAST-Engine von Plexicus erkennt die Datenfluss-Signatur von CWE-478 bei jedem Commit. Bei einem Treffer öffnet unser Codex-Remedium-Agent einen Fix-PR mit korrigiertem Code, Tests und einer einzeiligen Zusammenfassung für den Reviewer.
Wo erfahre ich mehr über CWE-478?
MITRE veröffentlicht die kanonische Definition unter https://cwe.mitre.org/data/definitions/478.html. Für ergänzende Hinweise kannst du auch die OWASP- und NIST-Dokumentation heranziehen.
Verwandte Schwachstellen
Weaknesses related to CWE-478
CWE-1023 Parent
Incomplete Comparison with Missing Factors
This weakness occurs when a program compares two items but fails to check all the necessary attributes that define their true…
CWE-184 Sibling
Incomplete List of Disallowed Inputs
This vulnerability occurs when a security filter or validation mechanism relies on a 'denylist'—a predefined list of forbidden inputs—but…
CWE-187 Sibling
Partial String Comparison
This weakness occurs when software checks only part of a string or token to determine a match, instead of comparing the entire value. This…
CWE-839 Sibling
Numeric Range Comparison Without Minimum Check
This vulnerability occurs when software validates that a number is within an acceptable range by only checking that it's less than or…
Bereit, wenn du es bist
Schluss mit dem Bezahlen pro Entwickler.
Schließ den Kreislauf.
Plexicus ist die KI-native ASPM, die scannt, filtert, fixt, pentestet und erklärt — autonom. Unbegrenzte Entwickler, unbegrenzte Repos, Fair-Use-KI-Aktionen. Echter kostenloser Tarif, €269/mo jährlich, wenn du bereit bist.