logo

Excessive Reliance on Global Variables

Incomplete Base
Structure: Simple
Description

This weakness occurs when a codebase depends too heavily on global variables to store and manage state, rather than keeping data within appropriate local scopes like functions or classes.

Extended Description

Excessive use of global variables creates a tightly coupled and fragile architecture. It becomes difficult to track where and how data is modified, leading to unpredictable side effects across the entire application. This lack of encapsulation makes the code harder to understand, test, and debug, as changes in one module can silently break functionality in another. From a security perspective, this poor maintainability indirectly increases risk. It slows down the identification and remediation of actual vulnerabilities because developers must navigate a complex web of dependencies. Furthermore, the constant risk of unintended interactions makes it easier to introduce new security flaws during routine maintenance or feature development.
Common Consequences 1
Scope: Other

Impact: Reduce Maintainability
Detection Methods 1
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
References 1
Providing a Framework for Effective Software Quality Assessment
Robert A. Martin and Lawrence H. Shafer
07-1996
https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT(2023-04-07)
ID: REF-963
Related Weaknesses
ChildOf: Insufficient Adherence to Expected Conventions (CWE-1076)