logo

Excessive Halstead Complexity

Incomplete Base
Structure: Simple
Description

This weakness occurs when code has an excessively high Halstead complexity score, indicating it is overly intricate and difficult to analyze.

Extended Description

Halstead complexity measures, such as program vocabulary size or volume, quantify the intricacy of source code. When these metrics exceed recommended thresholds, the code becomes a tangled web that is challenging for developers to read, test, and modify effectively. This complexity indirectly harms security by slowing down code reviews and making vulnerabilities harder to spot and fix. It also increases the risk of introducing new security flaws during maintenance, as developers struggle to understand the full impact of their changes.
Common Consequences 1
Scope: Other

Impact: Reduce Maintainability
References 2
Providing a Framework for Effective Software Quality Assessment
Robert A. Martin and Lawrence H. Shafer
07-1996
https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT(2023-04-07)
ID: REF-963
Halstead complexity measures
Wikipedia
22-11-2017
https://en.wikipedia.org/wiki/Halstead_complexity_measures
ID: REF-965
Related Weaknesses
ChildOf: Excessive Code Complexity (CWE-1120)