CWE-571: Expression is Always True
Learn about CWE-571 (Expression is Always True), its security impact, exploitation methods, and prevention guidelines.
What is Expression is Always True?
• Overview: An expression that will always evaluate to true is a logical flaw in the code where a condition is set up in such a way that it cannot be false. This typically results from incorrect logic, faulty assumptions, or programming errors, and can lead to unexpected program behavior or security vulnerabilities.
• Exploitation Methods:
- Attackers can exploit this vulnerability by bypassing conditional checks or validation logic, potentially gaining unauthorized access or escalating privileges.
- Common attack patterns include inserting malicious input that leverages the always-true condition to trigger unintended code execution paths or bypassing security mechanisms.
• Security Impact:
- Direct consequences of successful exploitation include unauthorized access, privilege escalation, or execution of unintended code.
- Potential cascading effects include data corruption, information disclosure, denial of service, or system compromise.
- Business impact can involve financial loss, reputational damage, regulatory penalties, and compromised customer trust.
• Prevention Guidelines:
- Specific code-level fixes include reviewing and refactoring the code to ensure that all expressions and conditions are logically sound and cannot always evaluate to true.
- Security best practices involve thorough code reviews, static code analysis, and automated testing to detect and correct logical errors.
- Recommended tools and frameworks include static analysis tools like SonarQube, and using code quality and security scanning features in integrated development environments (IDEs).
Corgea can automatically detect and fix Expression is Always True in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not Language-Specific
Affected Technologies: Not specified
Vulnerable Code Example
Python Example
def load_config(config):
# Check if the config is not None, but the expression always evaluates to True
if config is not None or config: # This condition is flawed
print("Loading configuration...")
# Load the configuration here
else:
print("Configuration is missing.") # This branch is never reached if config is not None
Explanation:
- Vulnerability: The condition
config is not None or configis incorrect because it doesn't properly handle cases whereconfigis an empty structure. Ifconfigis notNone, theorcondition will always evaluate toTrue, even ifconfigis an empty list or dictionary. This can lead to situations where an empty configuration is considered valid, which might not be intended.
How to fix Expression is Always True?
To fix this issue, the condition should ensure that config is neither None nor an empty structure. This can be achieved by using the and operator, which ensures both conditions must be true.
Fixed Code Example
def load_config(config):
# Properly check if the config is neither None nor empty
if config is not None and config: # This ensures config is both not None and not empty
print("Loading configuration...")
# Load the configuration here
else:
print("Configuration is missing or empty.") # This handles both None and empty cases
Explanation:
- Fix: The condition is changed from
ortoand, ensuring thatconfigmust be both notNoneand not empty to proceed. This prevents the unintended loading of an empty configuration. - Security Principle: Ensure that logical expressions accurately represent the intended checks. This prevents logical errors that could lead to unexpected behavior or security issues. By using
and, both conditions must be satisfied, which aligns with the intended logic of requiring a valid configuration.