Summary

The organization should set its parsers, linters, compilers and interpreters to run in strict mode.

Description

Systems must use strict mode because it is useful to prevent silent failures that might occur when certain actions, such as using undeclared variables or assigning values to read-only properties, are performed without explicit warnings. Enforcing strict mode often results in code that is more readable and less ambiguous.

References

• CAPEC-123. Buffer manipulation
• CAPEC-129. Pointer manipulation
• CAPEC-130. Excessive allocation
• CWE-611. Improper restriction of XML External Entity reference
• OWASP10-A5. Security misconfiguration
• OWASPM10-M7. Poor code quality
• AGILE-9. Continuous attention to technical excellence and good design
• MISRAC-1_4. The compiler/linker shall be checked
• MITRE-M1013. Application developer guidance
• PADSS-5_2_2. Buffer Overflow
• SANS25-1. Out-of-bounds Write
• SANS25-3. Improper neutralization of special elements used in an SQL command (SQL injection)
• SANS25-4. User after free
• SANS25-7. Out-of-bounds read
• SANS25-17. Improper restriction of operations within the bounds of a memory buffer
• WASSEC-5_3. Parser tolerance
• NISTSSDF-PW_6_1. Configure the compilation, interpreter, and build processes to improve executable security
• CWE25-89. Improper neutralization of special elements used in an SQL command (SQL injection)
• CWE25-119. Improper restriction of operations within the bounds of a memory buffer
• CWE25-125. Out-of-bounds read
• CWE25-416. User after free
• CWE25-787. Out-of-bounds Write
• OSAMM-ST. Security Testing
• ASVS-5_5_2. Deserialization prevention
• ASVS-14_1_2. Build and deploy
• CASA-5_5_2. Deserialization Prevention