Category: CISQ Quality Measures (2016) - Maintainability
Draft
Summary
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability, as documented in 2016 with the Automated Source Code Maintainability Measure (ASCMM) Specification 1.0. Presence of these weaknesses could reduce the maintainability of the software.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1041 | Use of Redundant Code | This weakness occurs when a codebase contains identical or nearly identical logic duplicated across multiple functions, methods, or modules. This redundancy creates unnecessary complexity and maintenance overhead. |
| CWE-1044 | Architecture with Number of Horizontal Layers Outside of Expected Range | This occurs when a software system is built with either too many or too few distinct architectural layers, falling outside a recommended range that supports maintainability and security. |
| CWE-1047 | Modules with Circular Dependencies | This weakness occurs when software modules have circular references, meaning Module A depends on Module B, which in turn depends back on Module A, creating a closed loop. |
| CWE-1048 | Invokable Control Element with Large Number of Outward Calls | This weakness occurs when a single function, method, or callable code block makes an excessively high number of calls to other objects or components outside its immediate scope. This creates a complex, tightly-coupled web of dependencies that is difficult to manage. |
| CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | This weakness occurs when software initializes variables or data structures using hard-coded values (like strings, file paths, or network addresses) instead of configurable constants or parameters. While simple numbers or true constants are acceptable, embedding non-trivial literals directly in code creates maintenance and security risks. |
| CWE-1054 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | This weakness occurs when code in one architectural layer directly calls functions or methods in a much deeper layer, skipping over the intermediate layers that should normally handle the request. It bypasses the intended layered structure, similar to a manager going directly to an intern instead of working through the team lead. |
| CWE-1055 | Multiple Inheritance from Concrete Classes | This weakness occurs when a single class inherits functionality and state from more than one concrete (fully implemented) parent class. |
| CWE-1064 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | This weakness occurs when a function, method, or subroutine is defined with an unnecessarily high number of parameters in its signature. |
| CWE-1074 | Class with Excessively Deep Inheritance | This weakness occurs when a class inherits from an excessive number of parent classes, creating a deep and complex inheritance hierarchy. |
| CWE-1075 | Unconditional Control Flow Transfer outside of Switch Block | This weakness occurs when code uses an unconditional jump, like a 'goto' statement, outside of a structured control flow block like a switch statement. This bypasses the intended logic and makes the program's execution path unpredictable and difficult to follow. |
| CWE-1080 | Source Code File with Excessive Number of Lines of Code | This weakness occurs when a single source code file grows excessively large, containing too many lines of code. |
| CWE-1084 | Invokable Control Element with Excessive File or Data Access Operations | This weakness occurs when a single function or method performs an excessive number of file or database operations, such as repeated reads, writes, or queries. It over-relies on a single data manager or file resource, creating a tightly coupled and fragile code structure. |
| CWE-1085 | Invokable Control Element with Excessive Volume of Commented-out Code | This weakness occurs when a callable function, method, or procedure contains a large amount of inactive, commented-out code within its implementation body. |
| CWE-1086 | Class with Excessive Number of Child Classes | This weakness occurs when a parent class has an excessive number of child classes that inherit from it, creating a deep and overly complex inheritance tree. |
| CWE-1090 | Method Containing Access of a Member Element from Another Class | This weakness occurs when a method in one class directly accesses a private or internal member (like a field or property) of a different class, bypassing proper interfaces. |
| CWE-1092 | Use of Same Invokable Control Element in Multiple Architectural Layers | This weakness occurs when the same piece of code or control logic is duplicated across different architectural layers of an application, such as the presentation, business, and data layers. |
| CWE-1095 | Loop Condition Value Update within the Loop | This vulnerability occurs when a loop's exit condition depends on a variable that is also modified inside the loop body. This creates a complex and often unpredictable control flow that is difficult to analyze. |
| CWE-1121 | Excessive McCabe Cyclomatic Complexity | This weakness occurs when a function or method has an overly complex control flow, measured by a high McCabe Cyclomatic Complexity score. This makes the code difficult to read, test, and maintain. |
| CWE-561 | Dead Code | Dead code refers to sections of a program that can never run during normal execution, effectively making them inactive and unreachable. |
| CWE-766 | Critical Data Element Declared Public | This vulnerability occurs when a critical piece of data—like a variable, field, or class member—is mistakenly declared as public when it should be kept private according to the application's security design. |
| CWE-1128 | CISQ Quality Measures (2016) | This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2016. These measures are derived from Object Management Group (OMG) standards. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.