Switch statements should have a default case specified
Example in PHP:
switch($foo) {
  case 0:
     // do something
     break;
  case 1:
     // do something else
     break;
}
Why you should care
As MITRE perfectly explains, this flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are made based on poor information, and cascading failure results. This cascading failure may result in any number of security issues, and constitutes a significant failure in the system.
References:
https://cwe.mitre.org/data/definitions/478.html
CAST recommendations
CAST recommends that users follow MITRE’s proposed mitigation: In the case of switch style statements, the very simple act of creating a default case can mitigate this situation, if done correctly. Often however, the default case is used simply to represent an assumed option, as opposed to working as a check for invalid input. This is poor practice and in some cases is as bad as omitting a default case entirely.
Example in PHP:
switch($foo) {
  case 0:
     // do something
     break;
  case 1:
     // do something else
     break;
  default:
     // do something if not case 0 nor case 1
}
About CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.