Switch statements should have a default case specified

Switch statements should have a default case specified

[nz_btn text="Software Resiliency" link="http://casthighlight.wpengine.com/category/product/indicators-methodology/code-insights/software-resiliency/" target="_self" animate="false" animation_type="ghost" color="pink" size="small" shape="rounded" type="normal" hover_normal="fill" hover_ghost="fill"][nz_btn text="Programming Best Practices" link="http://casthighlight.wpengine.com/category/product/indicators-methodology/code-insights/software-resiliency/programming-best-practices/" target="_self" animate="false" animation_type="ghost" color="black" size="small" shape="rounded" type="ghost" hover_normal="fill" hover_ghost="fill"]This code insight verifies the ratio between the number of switch statements with missing default cases specified and the total number of switch statements found in the source code. Depending on this ratio and thresholds CAST has defined, Highlight counts penalty points for the scanned file. Example in PHP: switch($foo) {    case 0:       // do something       break;    case 1:       // do something else       break; }

Why you should care

As MITRE perfectly explains, this flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system. References: https://cwe.mitre.org/data/definitions/478.html

CAST recommendations

CAST recommends that users follow MITRE's proposed mitigation: In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely. Example in PHP: switch($foo) {    case 0:       // do something       break;    case 1:       // do something else       break;    default:       // do something if not case 0 nor case 1 }  

About CAST and Highlight's Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.[nz_btn text="How it works" link="http://casthighlight.wpengine.com/how-it-works/" target="_self" animate="true" animation_type="ghost" color="black" size="small" shape="rounded" type="normal" hover_normal="fill" hover_ghost="fill" icon="icon-cog"][nz_btn text="Features & Analytics" link="http://casthighlight.wpengine.com/outputs-analytics/" target="_self" animate="true" animation_type="ghost" color="pink" size="small" shape="rounded" type="ghost" hover_normal="fill" hover_ghost="fill" icon="icon-stats"]