Java Reference
In-Depth Information
The indentation might lead the programmer to believe users are granted administrator
privileges only when their login is valid. However, the
else
statement actually binds to
the inner
if
statement:
int privileges;
if (invalid_login())
if (allow_guests())
privileges = GUEST;
else
privileges = ADMINISTRATOR;
Consequently, this defect allows unauthorized users to obtain administrator privileges.
Compliant Solution
Thiscompliantsolutionusesbracestoeliminatetheambiguity,consequentlyensuringthat
privileges are correctly assigned:
int privileges;
if (invalid_login()) {
if (allow_guests()) {
privileges = GUEST;
}
} else {
privileges = ADMINISTRATOR;
}
Applicability
Failure to enclose the bodies of
if
,
for
, or
while
statements in braces makes code error
prone and increases maintenance costs.
Bibliography
[GNU 2013]
§5.3, “Clean Use of C Constructs”
