logo

Insufficient Use of Symbolic Constants

Incomplete Base
Structure: Simple
Description

This weakness occurs when developers embed raw numbers or text strings directly in code instead of using named symbolic constants, making future updates and maintenance more difficult.

Extended Description

Hardcoding values like magic numbers, file paths, or configuration limits directly into your source code creates a maintenance burden. When these values need to change—for example, a buffer size, a port number, or a permission flag—you must hunt through every file to find and update each literal instance. This process is error-prone and time-consuming, increasing the risk of missing a critical instance or introducing inconsistencies. From a security perspective, this maintenance difficulty indirectly weakens your application's defenses. It slows down the patching of vulnerabilities related to these values and makes code reviews more challenging. The extra effort required to manage scattered literals can lead to rushed fixes or oversight, creating opportunities for security flaws to be introduced or remain unaddressed.
Common Consequences 1
Scope: Other

Impact: Reduce Maintainability
References 1
Providing a Framework for Effective Software Quality Assessment
Robert A. Martin and Lawrence H. Shafer
07-1996
https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT(2023-04-07)
ID: REF-963
Related Weaknesses
ChildOf: Inappropriate Source Code Style or Formatting (CWE-1078)