...
See NUM01-J-EX1 for details about doing similar calculations for the purpose of serializing numbers into bytes.
Exceptions
NUM01-J-EX0: Bitwise operations may be used to construct constant expressions.
...
| Code Block | ||
|---|---|---|
| ||
int limit = 0x1FFFF; // 2^17 - 1 = 131071 |
NUM01-J-EX1: Data that is normally treated arithmetically may be treated with bitwise operations for the purpose of serialization or deserialization. This alternative treatment is often required for reading or writing the data from a file or network socket. Bitwise operations are also permitted when reading or writing the data from a tightly packed data structure of bytes.
...
Performing bitwise manipulation and arithmetic operations on the same variable obscures the programmer's intentions and reduces readability. Consequently, it is more difficult for a security auditor or maintainer to determine which checks must be performed to eliminate security flaws and ensure data integrity. For instance, overflow checks are critical for numeric types that undergo arithmetic operations but less critical for numeric types that undergo bitwise operations.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
NUM01-J | Medium | Unlikely | Yes | MediumNo | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.NUM01.BADSHIFT CERT.NUM01.NCBAV | Avoid incorrect shift operations Do not perform bitwise and arithmetic operations on the same data |
...