logo

Data Element Aggregating an Excessively Large Number of Non-Primitive Elements

Incomplete Base
Structure: Simple
Description

This weakness occurs when a data structure, like a class or object, contains too many complex sub-elements (e.g., other objects or structs) instead of simple primitive types.

Extended Description

This design pattern can significantly degrade your application's performance, leading to slow data processing, high memory consumption, and inefficient operations. If an attacker can trigger or manipulate this bloated data element, they may exploit the performance lag to cause a denial-of-service (DoS) or exhaust system resources. While what constitutes 'excessively large' depends on your specific context, the CISQ (Consortium for IT Software Quality) standard suggests a practical threshold of no more than 5 complex sub-elements. Reviewing and refactoring data structures that exceed this guideline can improve maintainability, performance, and resilience against resource-based attacks.
Common Consequences 1
Scope: Other

Impact: Reduce Performance
References 1
Automated Source Code Performance Efficiency Measure (ASCPEM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCPEM/(2023-04-07)
ID: REF-959
Related Weaknesses
ChildOf: Excessively Complex Data Representation (CWE-1093)
Taxonomy Mapping
  • OMG ASCPEM