Research Discussion
Subject: RE: [EXTERNAL]: Re: [External] - Re: Bad loop construct
WARNING: This email originated from outside of the organization. DO NOT click
links, open attachments, or respond unless you recognize the sender and know
the content is safe.
There
.
Regards,
Shravan
From: Kurt Seifried
Sent: Wednesday, June 1, 2022 8:32 AM
To: Kevin Keen
Cc: Steve Grubb ; Steven M Christey ; CWE
Research Discussion
Subject: [EXTERNAL]: Re: [External] - Re: Bad loop construct
I’d challenge you to use your phone or computer without an internet connection
I agree you all are pain in the ass.
Keep spamming my mailbox.
On Wed, 1 Jun 2022, 9:13 pm Kevin Keen, wrote:
>
> I agree that CWEs could use some updates. In addition to possible new
> CWEs, I remember looking at a few that didn't have code examples and
> thinking that they could benefit from
I agree that CWEs could use some updates. In addition to possible new CWEs, I
remember looking at a few that didn't have code examples and thinking that they
could benefit from that.
I would however, push back just a little on stand alone software not being a
common case. I think it depends o
I think there's an easy way to distinguish "likely problem" from
"likely false positive" in this case. If a shell loops over one value
AND that value is the name a previously-assigned variable, that is
likely a variable name missing its "$". Otherwise it's plausibly a
loop over 1 value (which is a
I believe this is my first time posting to this list, so apologies if I'm
stepping out of line.
These comments are focused on the looping once aspect of this discussion. There
is perhaps a 2nd aspect at play in Kurt's example with confusing naming, but
I'm setting that aside for now.
I feel