CWE-489: Boolean expressions should not be gratuitous

javascript
java

(Ankur) #1

SonarQube - 6.7.4
Rule - Boolean expressions should not be gratuitous (squid:S2589) has a reference marked to CWE-489, which looks wrong to me.

CWE-489 is about Leftover Debug Code that can create unintended entry points, which has nothing to do with a boolean expression being gratuitous.


(Nicolas Harraudeau) #3

Hi @ankurja,

Thank you for your feedback.
A gratuitous boolean expression often indicates a block of debug code which is activated or deactivated by changing the value of the expression during development. CWE-489 does not apply to every gratuitous expression but is still adequate in many cases.
There is a good example of such a case in CWE-570: Expression is Always False (See example 3).

Cheers,
Nicolas