Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
CWE-478 Base Rascunho
Missing Default Case in Multiple Condition Expression
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
Definição
What is CWE-478?
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
When a switch or similar multi-branch statement has no default case, any unhandled input value can cause the program to take no action or follow an incorrect logic path. This creates a silent failure point where the application's behavior becomes unpredictable, often leading to logic errors, data corruption, or crashes that can be exploited to bypass security controls or disrupt service.
Managing this at scale is difficult; an ASPM like Plexicus can help you track and remediate these flaws across your entire stack. While SAST tools catch the pattern, Plexicus uses AI to suggest the actual code fix—such as adding a default case to log, throw an exception, or assign a safe fallback value—saving hours of manual work and preventing cascading failures from poor error handling.
Impacto no mundo real
Real-world CVEs caused by CWE-478
Ainda não há referências CVE públicas associadas a este CWE no catálogo da MITRE.
Como os atacantes a exploram
Trajeto do atacante passo a passo
- 1
The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:
- 2
Instead a default label should be used for unaccounted conditions:
- 3
This label is used because the assumption cannot be made that all possible cases are accounted for. A good practice is to reserve the default case for error handling.
- 4
In the following Java example the method getInterestRate retrieves the interest rate for the number of points for a mortgage. The number of points is provided within the input parameter and a switch statement will set the interest rate value to be returned based on the number of points.
- 5
However, this code assumes that the value of the points input parameter will always be 0, 1 or 2 and does not check for other incorrect values passed to the method. This can be easily accomplished by providing a default label in the switch statement that outputs an error message indicating an invalid value for the points input parameter and returning a null value.
Exemplo de código vulnerável
Vulnerable C
The following does not properly check the return code in the case where the security_check function returns a -1 value when an error occurs. If an attacker can supply data that will invoke an error, the attacker can bypass the security check:
#define FAILED 0
#define PASSED 1
int result;
...
result = security_check(data);
switch (result) {
case FAILED:
printf("Security check failed!\n");
exit(-1);
```
//Break never reached because of exit()*
break;
case PASSED:
```
printf("Security check passed.\n");
break;
}
```
// program execution continues...*
... Exemplo de código seguro
Secure C
Instead a default label should be used for unaccounted conditions:
#define FAILED 0
#define PASSED 1
int result;
...
result = security_check(data);
switch (result) {
case FAILED:
printf("Security check failed!\n");
exit(-1);
```
//Break never reached because of exit()*
break;
case PASSED:
```
printf("Security check passed.\n");
break;
default:
printf("Unknown error (%d), exiting...\n",result);
exit(-1);
} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção
How to prevent CWE-478
- Implementation Ensure that there are no cases unaccounted for when adjusting program flow or values based on the value of a given variable. In the case of switch style statements, the very simple act of creating a default case can, if done correctly, mitigate this situation. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Sinais de deteção
How to detect CWE-478
O Plexicus deteta automaticamente o CWE-478 e abre um PR de correção em menos de 60 segundos.
O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.
Perguntas frequentes O que é o CWE-478?
Qual a gravidade do CWE-478?
Que linguagens ou plataformas são afetadas pelo CWE-478?
Como posso prevenir o CWE-478?
Como é que o Plexicus deteta e corrige o CWE-478?
Onde posso saber mais sobre o CWE-478?
Frequently asked questions
O que é o CWE-478?
This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values.
Qual a gravidade do CWE-478?
A MITRE não publicou uma classificação de probabilidade de exploração para esta fraqueza. Trate-a como impacto médio até o seu modelo de ameaças provar o contrário.
Que linguagens ou plataformas são afetadas pelo CWE-478?
MITRE lists the following affected platforms: C, C++, Java, C#, Python, JavaScript.
Como posso prevenir o CWE-478?
Ensure that there are no cases unaccounted for when adjusting program flow or values based on the value of a given variable. In the case of switch style statements, the very simple act of creating a default case can, if done correctly, mitigate this situation. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Como é que o Plexicus deteta e corrige o CWE-478?
O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-478 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.
Onde posso saber mais sobre o CWE-478?
A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/478.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.
Fraquezas relacionadas
Weaknesses related to CWE-478
CWE-1023 Pai
Incomplete Comparison with Missing Factors
This weakness occurs when a program compares two items but fails to check all the necessary attributes that define their true…
CWE-184 Irmão
Incomplete List of Disallowed Inputs
This vulnerability occurs when a security filter or validation mechanism relies on a 'denylist'—a predefined list of forbidden inputs—but…
CWE-187 Irmão
Partial String Comparison
This weakness occurs when software checks only part of a string or token to determine a match, instead of comparing the entire value. This…
CWE-839 Irmão
Numeric Range Comparison Without Minimum Check
This vulnerability occurs when software validates that a number is within an acceptable range by only checking that it's less than or…
Pronto quando você estiver
Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.
O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.