AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Changing For Loop Iteration Variable

Assignment to a loop variable doesn’t have the expected effect of modifying the looped object

Severity

Medium

Fix Cost

Low

Trust Level

High

It is easier to write repetitive code by using the enhanced for statement. However, inside the body of the loop when the loop identifier is assigned to another object, this doesn’t mean the loop list is modified.

In the below code piece, supplierNames wouldn’t be modified after the loop.

            
List<String> supplierNames = Arrays.asList("CORS", "XFF", "HTTPONLY");
for(String supplier : supplierNames)
{
  if(supplier.equals("XFF") == 0)
  {
     supplier = "ACCESS";
  }
}
                 
            

It is easier to write repetitive code by using the enhanced for statement. However, inside the body of the loop when the loop identifier is assigned to another object, this doesn’t mean the loop list is modified.

In the below code piece, supplierNames wouldn’t be modified after the loop.

            
List<String> supplierNames = Arrays.asList("CORS", "XFF", "HTTPONLY");
for(String supplier : supplierNames)
{
  if(supplier.equals("XFF") == 0)
  {
     supplier = "ACCESS";
  }
}
                 
            

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!