Assert used as the only validation for untrusted input

Description

Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leverage the lack of proper input checks.

Rationale

Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leverage the lack of proper input checks.

The following code illustrates a vulnerable pattern detected by this rule:

void bt_mesh_beacon_priv_random_get(uint8_t *random, size_t size)
{
	// VULNERABLE: Assert used as the only validation for untrusted input
	__ASSERT(size <= sizeof(priv_random.val), "Invalid random value size %u", size);
	memcpy(random, priv_random.val, size);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-617
OWASP Top 10 2021 - A04 : Insecure Design.
https://legends2k.github.io/note/assert_vs_if/
https://github.com/struct/mms
CERTC-MSC11-C