Using {curly braces} is less error-prone
This code insight counts the number of missing curly braces in constructs such as functions, loops (while, do, for…) or conditional statements (if, else), except for “else” used within an “else if” statement. Highlight counts penalty points contributing to the Software Resiliency health factor, depending on the density of missing braces compared to the total braces you should ideally have in the scanned source file.
Why you should care
Using curly braces – even if for some programming languages missing braces won’t block the application compilation/execution – helps developers visually identify where a code instruction or condition starts and where it stops. The absence of braces could lead to unexpected behaviors or possible security flaws, if for instance a developer mistakenly adds sensitive information or instructions inside or outside { } he/she couldn’t see because they were missing. This is especially true when the code is complex and contains a lot of logical conditions.Â
CAST recommendations
The good practice is to systematically use braces. Modern development environments can automatically add them when writing new code. Ideally, from a pure maintainability standpoint, the braces should also have a dedicated line for even greater readability.
About CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.