Avoid Implied Typecasting

14 June 2017
Posted by Michael MULLER
Code Insights, Code Reliability, Risk, Software Resiliency
Software ResiliencyCode Reliability

Why you should care

Software development is an exact science and software doesn’t really like having doubts. Some programming languages have different ways to evaluate and compare manipulated information.  In the case of this code insight, a syntax confusion due to an implicit interpretation (e.g. using “==” instead of “===” in Javascript) may lead to bad data manipulation in production and possibly generates unwanted bugs and security flaws (by allowing the software to execute portions of code you wasn’t expecting).  An example to illustrate: it’s not because you say “true” (will be interpreted by the software as a string) that it really is (interpreted by the software as a state TRUE).

Business Impacts

Implied Typecasting is not extremely harmful to code but it is a sign of bad practice being displayed in development teams which can indicate symptoms of productivity issues.  It is helpful to prevent these issues by employing standard company policies which discourage such practices. Otherwise it can hamper the agile environment set by the company.

Production Risk
5362

CAST Recommendations

The good practice is to systematically use braces. Modern development environments can automatically add them when writing new code. Ideally, from a pure maintainability standpoint, the braces should also have a dedicated line for even greater readability.

References

JavaScript Patterns: Build Better Applications with Coding and Design Patterns, by Stoyan Stefanov (O’Reilly)
https://code.tutsplus.com/tutorials/the-essentials-of-writing-high-quality-javascript–net-15145

Style Guide

How we detect

This code insight counts the number of cases where a “falsy“ literal operand (false, 0, [], undefined, “”) is compared by using “==” or “!=”, or when a variable is implicitly verified (true or false) without using a comparison or logical operator (e.g. if(data) { … }). Depending on the usage density of this pattern, Highlight counts penalty points contributing to the Software Resiliency health factor for the scanned source file.

5362

About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.

See featuresHow it works
Copyright © 2021 CAST All Rights Reserved