Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CWE-478 Base Brouillon
Missing Default Case in Multiple Condition Expression
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
Définition
What is CWE-478?
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
When a switch or similar multi-branch statement has no default case, any unhandled input value can cause the program to take no action or follow an incorrect logic path. This creates a silent failure point where the application's behavior becomes unpredictable, often leading to logic errors, data corruption, or crashes that can be exploited to bypass security controls or disrupt service.
Managing this at scale is difficult; an ASPM like Plexicus can help you track and remediate these flaws across your entire stack. While SAST tools catch the pattern, Plexicus uses AI to suggest the actual code fix—such as adding a default case to log, throw an exception, or assign a safe fallback value—saving hours of manual work and preventing cascading failures from poor error handling.
Impact réel
Real-world CVEs caused by CWE-478
Aucune référence CVE publique n'est liée à ce CWE dans le catalogue MITRE pour le moment.
Comment les attaquants l'exploitent
Parcours de l'attaquant étape par étape
- 1
The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:
- 2
Instead a default label should be used for unaccounted conditions:
- 3
This label is used because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling.
- 4
In the following Java example the method getInterestRate retrieves the interest rate for the number of points for a mortgage. The number of points is provided within the input parameter and a switch statement will set the interest rate value to be returned based on the number of points.
- 5
However, this code assumes that the value of the points input parameter will always be 0, 1 or 2 and does not check for other incorrect values passed to the method. This can be easily accomplished by providing a default label in the switch statement that outputs an error message indicating an invalid value for the points input parameter and returning a null value.
Exemple de code vulnérable
Vulnerable C
The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:
#define FAILED 0
#define PASSED 1
int result;
...
result = security_check(data);
switch (result) {
case FAILED:
printf("Security check failed!\n");
exit(-1);
```
//Break never reached because of exit()*
break;
case PASSED:
```
printf("Security check passed.\n");
break;
}
```
// program execution continues...*
... Exemple de code sécurisé
Secure C
Instead a default label should be used for unaccounted conditions:
#define FAILED 0
#define PASSED 1
int result;
...
result = security_check(data);
switch (result) {
case FAILED:
printf("Security check failed!\n");
exit(-1);
```
//Break never reached because of exit()*
break;
case PASSED:
```
printf("Security check passed.\n");
break;
default:
printf("Unknown error (%d), exiting...\n",result);
exit(-1);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention
How to prevent CWE-478
- Implementation Ensure that there are no cases unaccounted for when adjusting program flow or values based on the value of a given variable. In the case of switch style statements, the very simple act of creating a default case can, if done correctly, mitigate this situation. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Signaux de détection
How to detect CWE-478
Plexicus détecte automatiquement CWE-478 et ouvre une PR de correction en moins de 60 secondes.
Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.
Questions fréquentes Qu'est-ce que CWE-478 ?
Quelle est la gravité de CWE-478 ?
Quels langages ou plateformes sont affectés par CWE-478 ?
Comment puis-je prévenir CWE-478 ?
Comment Plexicus détecte et corrige CWE-478 ?
Où puis-je en savoir plus sur CWE-478 ?
Frequently asked questions
Qu'est-ce que CWE-478 ?
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
Quelle est la gravité de CWE-478 ?
MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.
Quels langages ou plateformes sont affectés par CWE-478 ?
MITRE lists the following affected platforms: C, C++, Java, C#, Python, JavaScript.
Comment puis-je prévenir CWE-478 ?
Ensure that there are no cases unaccounted for when adjusting program flow or values based on the value of a given variable. In the case of switch style statements, the very simple act of creating a default case can, if done correctly, mitigate this situation. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Comment Plexicus détecte et corrige CWE-478 ?
Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-478 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.
Où puis-je en savoir plus sur CWE-478 ?
MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/478.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.
Faiblesses associées
Weaknesses related to CWE-478
CWE-1023 Parent
Incomplete Comparison with Missing Factors
This weakness occurs when a program compares two items but fails to check all the necessary attributes that define their true…
CWE-184 Frère
Incomplete List of Disallowed Inputs
This vulnerability occurs when a security filter or validation mechanism relies on a 'denylist'—a predefined list of forbidden inputs—but…
CWE-187 Frère
Partial String Comparison
This weakness occurs when software checks only part of a string or token to determine a match, instead of comparing the entire value. This…
CWE-839 Frère
Numeric Range Comparison Without Minimum Check
This vulnerability occurs when software validates that a number is within an acceptable range by only checking that it's less than or…
Prêt quand vous l'êtes
Arrêtez de payer par développeur.
Commencez à fermer la boucle.
Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.