Category: CISQ Quality Measures (2016) - Performance Efficiency
Draft
Summary
Weaknesses in this category are related to the CISQ Quality Measures for Performance Efficiency, as documented in 2016 with the Automated Source Code Performance Efficiency Measure (ASCPEM) Specification 1.0. Presence of these weaknesses could reduce the performance efficiency of the software.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1042 | Static Member Data Element outside of a Singleton Class Element | This weakness occurs when a class that isn't designed as a singleton (a class meant to have only one instance) contains a non-final static member variable. This creates a shared, mutable state across all instances of that class, which can lead to unexpected behavior and data corruption. |
| CWE-1043 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | This weakness occurs when a data structure, like a class or object, contains too many complex sub-elements (e.g., other objects or structs) instead of simple primitive types. |
| CWE-1046 | Creation of Immutable Text Using String Concatenation | This weakness occurs when code builds a string within a loop using simple concatenation (like +=), which unintentionally creates new string objects every time instead of efficiently appending to a buffer. |
| CWE-1049 | Excessive Data Query Operations in a Large Data Table | This weakness occurs when an application runs a database query that uses numerous joins and sub-queries on a very large table, leading to severe performance degradation. |
| CWE-1050 | Excessive Platform Resource Consumption within a Loop | This vulnerability occurs when a loop contains code that repeatedly consumes critical system resources like file handles, database connections, memory, or session locks. Each iteration of the loop drains these finite platform assets without proper release. |
| CWE-1057 | Data Access Operations Outside of Expected Data Manager Component | This weakness occurs when an application bypasses its dedicated, central data manager component and performs data access operations through other code paths. |
| CWE-1060 | Excessive Number of Inefficient Server-Side Data Accesses | This weakness occurs when an application makes an excessive number of individual data queries to a server or database, instead of using more efficient methods like stored procedures or batch operations. |
| CWE-1063 | Creation of Class Instance within a Static Code Block | This weakness occurs when a class instance is created inside a static initializer block, causing premature and potentially expensive object creation. |
| CWE-1067 | Excessive Execution of Sequential Searches of Data Resource | This weakness occurs when a database query is structured in a way that forces the system to scan entire tables row-by-row, instead of using an available index for efficient lookups. |
| CWE-1072 | Data Resource Access without Use of Connection Pooling | This weakness occurs when an application creates a new database connection for every request instead of using a managed connection pool. This inefficient pattern forces the system to repeatedly endure the full overhead of establishing and tearing down connections. |
| CWE-1073 | Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses | This weakness occurs when a client-side function or method makes an excessive number of individual data requests through a non-SQL data manager, instead of using more efficient bulk operations or database-native capabilities. |
| CWE-1089 | Large Data Table with Excessive Number of Indices | This weakness occurs when an application uses a database table with a very large number of rows and creates too many indexes on it, degrading overall system performance. |
| CWE-1091 | Use of Object without Invoking Destructor Method | This weakness occurs when a program accesses an object but fails to properly call its destructor or finalizer method. This leaves the cleanup of the object's resources to the system's automatic garbage collection, which may not happen immediately or predictably. |
| CWE-1094 | Excessive Index Range Scan for a Data Resource | This weakness occurs when a database query performs an index range scan that can access an unnecessarily large number of rows from a substantial data table, leading to severe performance degradation. |
| CWE-1128 | CISQ Quality Measures (2016) | This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2016. These measures are derived from Object Management Group (OMG) standards. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.