The product contains an expression that will always evaluate to true.
View on MITREUse Static Analysis tools to spot such conditions.
No detection method information available for this CWE.
In the following Java example the updateInventory() method used within an e-business product ordering/inventory application will check if the input product number is in the store or in the warehouse. If the product is found, the method will update the store or warehouse database as well as the aggregate product database. If the product is not found, the method intends to do some special processing without updating any database.
However, the method never sets the isDelayed variable and instead will always update the isProductAvailable variable to true. The result is that the predicate testing the isProductAvailable boolean will always evaluate to true and therefore always update the product database. Further, since the isDelayed variable is initialized to false and never changed, the expression always evaluates to false and the customer will never be warned of a delay on their product.
No relationship information available for this CWE.
CWE-571: Expression is Always True is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product contains an expression that will always evaluate to true.
If exploited, CWE-571 (Expression is Always True) it can compromise Other, leading to outcomes such as Quality Degradation and Varies by Context.
Recommended mitigations for CWE-571 include: Use Static Analysis tools to spot such conditions.
CWE-571 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-571 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.