Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

deny icon
Deny
allow icon
Accept
All Posts

What Is A Reachable Assertion Error?

Mayhem Team
June 1, 2022
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

CWE- 617 Reachable Assertion, is defined as “The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.”

In computer science, reachability is the ability to find a path from one node in a graph to another. A reachable assertion is an assertion that specifies a condition that must be satisfied for a particular path  to be considered reachable.

Reachable assertions are used in several different contexts, including verification of computer programs, security analysis, and network analysis. In each case, the goal is to ensure that certain conditions are met in order for a particular path to be considered reachable.

Reachable assertions can be used to verify the correctness of  programs. For example, consider a program that calculates the shortest path between two nodes in a graph. One way to verify the correctness of this program is to use a reachability assertion to specify that the path calculated by the program must be the shortest path between the two nodes.

Reachable assertions can also be used in security analysis. For example, consider a security protocol that requires all communication to take place over an encrypted channel. A reachability assertion can be used to specify that the encryption key must be known in order for any communication to take place.

Reachable assertions can also be used in network analysis. For example, consider a network with two nodes, A and B, that are not directly connected. A reachability assertion can be used to specify that there must be a path from A to B in order for communication to take place between the two nodes.

Reachable assertions are a powerful tool for specifying conditions that must be satisfied in order for a particular path to be considered reachable and,to be considered valid. In other words, it is a constraint on the behavior of a program

An example from MITRE

String email = request.getParameter("email_address");

assert email != null;
Share this post
Blog

Recent Blogs

View All
In The News

Mayhem Security Achieves SOC 2 Type II Compliance

Mayhem Security is excited to announce that we’ve earned our SOC 2 Type II certification!
Read More

What’s New In Mayhem 2.10

Discover new features in Mayhem 2.10, including vECU analysis, harness templates, new “daily defect” emails, improved registry RBACs, and improved performance.
Read More
In The News

Introducing Mayhem: ForAllSecure Unveils New Name and Company Focus

We are officially changing our corporate name from ForAllSecure to Mayhem Security.
Read More
View all

How about some Mayhem in your inbox?

Subscribe to our monthly newsletter for expert insights and news on DevSecOps topics, plus Mayhem tips and tutorials.

By subscribing, you're agreeing to our website terms and privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Add Mayhem to Your DevSecOps for Free.

Get a full-featured 30 day free trial.

Company
AboutCareersPressEvents
Support
Docs & TutorialsContact
Connect with us
© 2024 ForAllSecure
Privacy PolicyTerms of UseCookies Settings
Code Security

Complete API Security in 5 Minutes

Get started with Mayhem today for fast, comprehensive, API security. 

Get Mayhem

Maximize Code Coverage in Minutes

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem