1.2.1176. Switch Fallthrough¶
A switch with fallthrough is prone to errors.
A fallthrough happens when a case or default clause in a switch statement is not finished by a break (or equivalent); CWE report this as a security concern, unless well documented.
A fallthrough may be used as a feature. Then, it is indistinguishable from an error.
When the case block is empty, this analysis doesn’t report it : the case is then used as an alias. This analysis doesn’t take into account comments about the fallthrough.
<?php
switch($variable) {
case 1 : // case 1 is not reported, as it actually shares the same body as case 33
case 33 :
break ;
case 2 :
break ;
default:
++$a;
case 4 :
break ;
}
?>
See also CWE-484: Omitted Break Statement in Switch and Rule: no-switch-case-fall-through.
1.2.1176.1. Suggestions¶
Make separate code for each case. Always use break at the end of a case or default.
1.2.1176.2. Specs¶
Short name |
Structures/Fallthrough |
Rulesets |
|
Exakat since |
0.12.14 |
PHP Version |
All |
Severity |
Minor |
Time To Fix |
Instant (5 mins) |
Precision |
Very high |
Features |
switch, fallthrough |
Available in |