BF Declaration (DCL) Bugs Class

Definition

Declaration (DCL) class – An object, a function, a type, or a namespace is declared or defined improperly.

Taxonomy

OperationsDefinition
DeclareDeclare operation – Specify the name and type of an object; the name, return type, and parameters of a function; or the name and type parameters of a type.
DefineDefine operation – Specify the implementation of a function; or the member objects and functions of a type. (The data of an object is specified at its initialization – see MAD and MUS.)
OperandsDefinition
NameName operand – The identifier of an object, function, or data type entity used to reference it.
TypeType operand – The data type of an object – i.e., the set of allowed values (e.g., char is within [-128, 127]) and operations over them (e.g., +, *, mod).
SizeSize operand – The size of an object – i.e., the amount of memory allocated for an object. Its value is data of another object.
CausesDefinition
Code BugCode Bug type – Defect in the implementation of the operation – proper operands over an improper operation. A first cause for the chain of weaknesses underlying a software security vulnerability. Must be fixed to resolve the vulnerability.
   Missing CodeMissing Code bug - The operation is entirely absent.
   Wrong CodeWrong Code bug - An incorrect operator or function is used, or an incorrect data type is specified.
   Erroneous CodeErroneous Code bug - There is a coding error in the implementation of the operation.
Specification BugSpecification Bug type – Defect in the metadata or algorithm of the operation – proper operands over an improper operation. It is always the first cause for the chain of weaknesses underlying a software security vulnerability. It must be fixed to resolve the vulnerability.
   Missing ModifierA required behavioral restriction is absent.
   Wrong ModifierA wrong behavioral restriction is specified.
   Anonymous ScopeThe declaration is in an unnamed scope.
   Wrong Scope
Data FaultData Fault/Error type – The object data has harmed semantics or inconsistent or wrong value.
   Wrong NameWrong Name fault/error – Inaccurate name is constructed dynamically for use at run time.
Type FaultType Fault/Error type – The set or range of allowed values is wrong or the operations allowed on them are wrong.
   Wrong Type ResolvedWrong Type Resolved fault/error – A data type is resolved from a wrong scope.
ConsequencesDefinition
Name ErrorName Fault/Error type – The fully resolved name is wrong.
   Missing Overridden FunctionMissing Overridden Function fault/error – The function implementation in a particular subclass is absent.
   Missing Overloaded FunctionMissing Overloaded Function fault/error – Code for particular function parameters' data types is absent.
Type ErrorType Fault/Error type – The set or range of allowed values is wrong or the operations allowed on them are wrong.
   Wrong TypeWrong Type fault/error – A data type range or structure is not correct.
   Incomplete TypeIncomplete Type fault/error – A specific constructor, method, or overloaded function is missing.
   Wrong Generic TypeWrong Generic Type fault/error – A generic object is instantiated via wrong type argument.
   Wrong Argument TypeWrong Argument Type fault/error – An argument to an overloaded function is of incorrect data type.
Size ErrorSize Fault/Error type – The object size in use is wrong.
   Not Enough MemoryNot Enough Memory fault/error – The allocated memory is too little for the data it should store.
Entity Access Final Error
   Wrong Access Object
   Wrong Access Type
   Wrong Access Function
Operations AttributesDefinition
MechanismMechanism operation attribute type – Shows how the operation is performed.
   SimpleSimple operation attribute – The operation is via non-polymorphic types.
   GenericsGenerics operation attribute – The operation is via parameterization by types.
   OverridingOverriding operation attribute – The operation is via functions with the same name as one in the base type but implemented in different subtypes.
   OverloadingOverloading operation attribute – The operation is via functions with the same name in the same declaration scope, but implemented with different signature.
Source CodeSource Code operation attribute type – Shows where the operation code resides within the software, firmware, or circuit logic code.
   CodebaseCodebase operation attribute – The operation is in the programmer's code - in the application itself.
   Third-PartyThird-Party operation attribute – The operation code is in a third-party software.
   Standard LibraryStandard Library operation attribute – The operation code is in the standard library for a particular programming language.
   Compiler/InterpreterCompiler/Interpreter operation attribute – The operation code is in the language processor that allows execution or creates executables (interpreter, compiler, assembler).
Execution SpaceExecution Space operation attribute type – Shows where the operation is executed or the privilege level at which it runs.
   LocalLocal operation attribute – The bugged code runs in an environment with access control policy with limited (local user) permission.
   AdminAdmin operation attribute – The bugged code runs in an environment with access control policy with unlimited (admin user) permission.
   Bare-MetalBare-Metal operation attribute – The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware.
Operands AttributesDefinition
         Name KindName Kind operand attribute type – Shows the entity with this name.
            ObjectObject operand attribute – A memory region used to store data.
            FunctionFunction operand attribute – An organized block of code that when called takes in data, processes it, and produces a result(s).
            Data TypeData Type operand attribute – A set of allowed values and the operations allowed over them.
            NamespaceNamespace operand attribute – An organization of entities' names, utilized to avoid names collision.
         Type KindType Kind operand attribute type – Shows what the data type composition is.
            PrimitivePrimitive operand attribute – A scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types.
            StructureStructure operand attribute – A composite data type - e.g., array, list, map, class. A structured data type is built from other data types and has primitive or structured members.
         Size KindSize Kind operand attribute type – Shows the object's limit for traversal.
            ActualActual operand attribute – The size of the allocated memory of an object.