logo

Excessive McCabe Cyclomatic Complexity

Incomplete Base
Structure: Simple
Description

This weakness occurs when a function or method has an overly complex control flow, measured by a high McCabe Cyclomatic Complexity score. This makes the code difficult to read, test, and maintain.

Extended Description

High cyclomatic complexity directly impacts code quality and security. Complex, tangled code paths are harder for developers to fully understand, making it easy to miss edge cases or introduce logic errors during modifications. This complexity also makes thorough unit testing impractical, as covering all possible execution paths becomes unmanageable, leaving untested code that could contain vulnerabilities. From a security perspective, this creates a risky environment. Security flaws are more likely to hide within the convoluted logic and are more difficult to spot during code reviews or audits. Furthermore, fixing any discovered vulnerability within such a complex function is riskier and more time-consuming, increasing the chance of introducing new bugs or security regressions.
References 3
Providing a Framework for Effective Software Quality Assessment
Robert A. Martin and Lawrence H. Shafer
07-1996
https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT(2023-04-07)
ID: REF-963
Cyclomatic Complexity
Wikipedia
13-04-2018
https://en.wikipedia.org/wiki/Cyclomatic_complexity
ID: REF-964
Automated Source Code Maintainability Measure (ASCMM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCMM/(2023-04-07)
ID: REF-960
Related Weaknesses
ChildOf: Excessive Code Complexity (CWE-1120)
Taxonomy Mapping
  • OMG ASCMM