Category: CISQ Quality Measures (2016) - Security
Draft
Summary
Weaknesses in this category are related to the CISQ Quality Measures for Security, as documented in 2016 with the Automated Source Code Security Measure (ASCSM) Specification 1.0. Presence of these weaknesses could reduce the security of the software.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space. |
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-134 | Use of Externally-Controlled Format String | This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a file) in a formatting function (e.g., printf, sprintf). An attacker can craft a malicious format string to read or write memory, potentially crashing the application or executing arbitrary code. |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | This vulnerability occurs when an application builds a file path using user input but fails to properly validate it, allowing an attacker to break out of the intended directory and access files or folders anywhere on the server. |
| CWE-252 | Unchecked Return Value | This vulnerability occurs when a program fails to verify the result of a function or method call, allowing it to continue execution without detecting errors or unexpected conditions. |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | The software relies on a cryptographic algorithm or protocol that is either fundamentally flawed or considered too weak by modern security standards. |
| CWE-396 | Declaration of Catch for Generic Exception | This weakness occurs when code catches a generic exception type like 'Exception' or 'Throwable', which can hide specific errors and create insecure error handling logic. |
| CWE-397 | Declaration of Throws for Generic Exception | This vulnerability occurs when a method is declared to throw an overly broad exception type, such as a generic 'Exception' or 'Throwable'. This practice masks the specific error conditions that can occur, making it difficult for calling code to handle failures appropriately. |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | This vulnerability occurs when an application accepts file uploads without properly restricting the file types, allowing attackers to upload and execute malicious files on the server. |
| CWE-456 | Missing Initialization of a Variable | This vulnerability occurs when a program uses a variable before giving it a starting value, causing the software to rely on unpredictable data left over in memory. |
| CWE-606 | Unchecked Input for Loop Condition | This vulnerability occurs when an application fails to properly validate or limit user-supplied values that control loop iterations. Without these checks, malicious input can force the program into an endless or excessively long loop, consuming system resources and leading to denial of service or application instability. |
| CWE-667 | Improper Locking | This vulnerability occurs when a program fails to correctly acquire or release a lock on a shared resource, such as a file, database record, or memory location. This improper synchronization allows other processes or threads to interfere, leading to corrupted data, crashes, or unpredictable behavior. |
| CWE-672 | Operation on a Resource after Expiration or Release | This vulnerability occurs when a program continues to use a resource—like memory, a file handle, or a network connection—after it has been freed, closed, or is no longer valid. |
| CWE-681 | Incorrect Conversion between Numeric Types | This vulnerability occurs when a program converts a value from one numeric type to another (like a 64-bit integer to a 32-bit integer) and the conversion loses or misinterprets data. If these corrupted values are later used in security-critical operations—like calculating buffer sizes, checking permissions, or performing financial transactions—they can lead to crashes, incorrect behavior, or security bypasses. |
| CWE-772 | Missing Release of Resource after Effective Lifetime | This vulnerability occurs when a program fails to properly release a system resource—like memory, file handles, or network sockets—after it is no longer needed. This leads to a gradual accumulation of unused resources, known as a resource leak. |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | OS Command Injection occurs when an application builds a system command using untrusted, external input without properly sanitizing it. This allows an attacker to inject and execute arbitrary commands on the underlying operating system. |
| CWE-789 | Memory Allocation with Excessive Size Value | This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability. |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | This vulnerability occurs when a web application fails to properly sanitize or encode user-supplied input before displaying it on a webpage viewed by other users. |
| CWE-798 | Use of Hard-coded Credentials | This vulnerability occurs when software contains built-in, unchangeable authentication secrets like passwords or encryption keys within its source code or configuration files. |
| CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | An infinite loop occurs when a program's iteration logic contains an exit condition that can never be satisfied, causing the loop to run indefinitely and consume system resources. |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | SQL Injection occurs when an application builds a database query using untrusted user input without properly sanitizing it. This allows an attacker to insert malicious SQL code that the database executes, potentially letting them view, modify, or delete sensitive data. |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | This vulnerability occurs when an application accepts user input as a resource identifier (like a file path or port number) without proper validation, allowing an attacker to access or manipulate resources outside the intended scope. |
| CWE-1128 | CISQ Quality Measures (2016) | This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2016. These measures are derived from Object Management Group (OMG) standards. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.