CWE-687: Function Call With Incorrectly Specified Argument Value
Weakness ID: 687
The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.
Time of Introduction
Technical Impact: Quality degradation
Manual Static Analysis
This might require an understanding of intended program behavior or
design to determine whether the value is incorrect.
This Perl code intends to record whether a user authenticated
successfully or not, and to exit if the user fails to authenticate. However,
when it calls ReportAuth(), the third argument is specified as 0 instead of
1, so it does not exit.
When primary, this weakness is most likely to occur in rarely-tested code,
since the wrong value can change the semantic meaning of the program's
execution and lead to obviously-incorrect behavior. It can also be resultant
from issues in which the program assigns the wrong value to a variable, and
that variable is later used in a function call. In that sense, this issue
could be argued as having chaining relationships with many implementation
errors in CWE.