CWE-666 在生命周期错误阶段对资源进行操作
Operation on Resource in Wrong Phase of Lifetime
结构: Simple
Abstraction: Class
状态: Draft
被利用可能性: unkown
基本描述
The software performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.
扩展描述
When a developer wants to initialize, use or release a resource, it is important to follow the specifications outlined for how to operate on that resource and to ensure that the resource is in the expected state. In this case, the software wants to perform a normally valid operation, initialization, use or release, on a resource when it is in the incorrect phase of its lifetime.
相关缺陷
常见的影响
范围 | 影响 | 注释 |
---|---|---|
Other | Other |
可能的缓解方案
Architecture and Design
策略:
Follow the resource's lifecycle from creation to release.
分类映射
映射的分类名 | ImNode ID | Fit | Mapped Node Name |
---|---|---|---|
CERT C Secure Coding | FIO46-C | CWE More Abstract | Do not access a closed file |
CERT C Secure Coding | MEM30-C | CWE More Abstract | Do not access freed memory |
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论