CWE- 617 Reachable Assertion, is defined as “The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.”
In computer science, reachability is the ability to find a path from one node in a graph to another. A reachable assertion is an assertion that specifies a condition that must be satisfied for a particular path to be considered reachable.
Reachable assertions are used in several different contexts, including verification of computer programs, security analysis, and network analysis. In each case, the goal is to ensure that certain conditions are met in order for a particular path to be considered reachable.
Reachable assertions can be used to verify the correctness of programs. For example, consider a program that calculates the shortest path between two nodes in a graph. One way to verify the correctness of this program is to use a reachability assertion to specify that the path calculated by the program must be the shortest path between the two nodes.
Reachable assertions can also be used in security analysis. For example, consider a security protocol that requires all communication to take place over an encrypted channel. A reachability assertion can be used to specify that the encryption key must be known in order for any communication to take place.
Reachable assertions can also be used in network analysis. For example, consider a network with two nodes, A and B, that are not directly connected. A reachability assertion can be used to specify that there must be a path from A to B in order for communication to take place between the two nodes.
Reachable assertions are a powerful tool for specifying conditions that must be satisfied in order for a particular path to be considered reachable and,to be considered valid. In other words, it is a constraint on the behavior of a program
An example from MITRE
String email = request.getParameter("email_address"); assert email != null;
Thank you for subscribing!