1.2.1183. Switch Fallthrough

A switch with fallthrough is prone to errors.

A fallthrough happens when a case or default clause in a switch statement is not finished by a break (or equivalent); CWE report this as a security concern, unless well documented.

A fallthrough may be used as a feature. Then, it is indistinguishable from an error.

When the case block is empty, this analysis doesn’t report it : the case is then used as an alias. This analysis doesn’t take into account comments about the fallthrough.

<?php
switch($variable) {
    case 1 :   // case 1 is not reported, as it actually shares the same body as case 33
    case 33 :
        break ;
    case 2 :
        break ;
    default:
        ++$a;
    case 4 :
        break ;
}
?>

See also CWE-484: Omitted Break Statement in Switch and Rule: no-switch-case-fall-through.

1.2.1183.1. Connex PHP features

• switch

• fallthrough

1.2.1183.1.1. Suggestions

• Make separate code for each case. Always use break at the end of a case or default.

1.2.1183.1.2. Specs

Short name	Structures/Fallthrough
Rulesets	All, Changed Behavior, Inventory, Security
Exakat since	0.12.14
PHP Version	All
Severity	Minor
Time To Fix	Instant (5 mins)
Precision	Very high
Available in	Entreprise Edition, Exakat Cloud