Category: Complexity Issues
Draft
Summary
Weaknesses in this category are associated with things being overly complex.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1043 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | This weakness occurs when a data structure, like a class or object, contains too many complex sub-elements (e.g., other objects or structs) instead of simple primitive types. |
| CWE-1047 | Modules with Circular Dependencies | This weakness occurs when software modules have circular references, meaning Module A depends on Module B, which in turn depends back on Module A, creating a closed loop. |
| CWE-1055 | Multiple Inheritance from Concrete Classes | This weakness occurs when a single class inherits functionality and state from more than one concrete (fully implemented) parent class. |
| CWE-1056 | Invokable Control Element with Variadic Parameters | This weakness occurs when a callable function or method is defined to accept a variable number of arguments (variadic parameters). |
| CWE-1060 | Excessive Number of Inefficient Server-Side Data Accesses | This weakness occurs when an application makes an excessive number of individual data queries to a server or database, instead of using more efficient methods like stored procedures or batch operations. |
| CWE-1064 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | This weakness occurs when a function, method, or subroutine is defined with an unnecessarily high number of parameters in its signature. |
| CWE-1074 | Class with Excessively Deep Inheritance | This weakness occurs when a class inherits from an excessive number of parent classes, creating a deep and complex inheritance hierarchy. |
| CWE-1075 | Unconditional Control Flow Transfer outside of Switch Block | This weakness occurs when code uses an unconditional jump, like a 'goto' statement, outside of a structured control flow block like a switch statement. This bypasses the intended logic and makes the program's execution path unpredictable and difficult to follow. |
| CWE-1080 | Source Code File with Excessive Number of Lines of Code | This weakness occurs when a single source code file grows excessively large, containing too many lines of code. |
| CWE-1086 | Class with Excessive Number of Child Classes | This weakness occurs when a parent class has an excessive number of child classes that inherit from it, creating a deep and overly complex inheritance tree. |
| CWE-1095 | Loop Condition Value Update within the Loop | This vulnerability occurs when a loop's exit condition depends on a variable that is also modified inside the loop body. This creates a complex and often unpredictable control flow that is difficult to analyze. |
| CWE-1119 | Excessive Use of Unconditional Branching | This weakness occurs when code relies heavily on unconditional jumps like 'goto' statements, making the program flow difficult to follow. |
| CWE-1121 | Excessive McCabe Cyclomatic Complexity | This weakness occurs when a function or method has an overly complex control flow, measured by a high McCabe Cyclomatic Complexity score. This makes the code difficult to read, test, and maintain. |
| CWE-1122 | Excessive Halstead Complexity | This weakness occurs when code has an excessively high Halstead complexity score, indicating it is overly intricate and difficult to analyze. |
| CWE-1123 | Excessive Use of Self-Modifying Code | The software relies heavily on code that rewrites itself during execution, making it difficult to analyze and maintain. |
| CWE-1124 | Excessively Deep Nesting | This weakness occurs when a function, method, or code block contains too many levels of nested loops, conditionals, or other control structures, making the logic path difficult to follow. |
| CWE-1125 | Excessive Attack Surface | This weakness occurs when a software product has an unnecessarily large number of entry and exit points that an attacker can target, exceeding a reasonable and secure threshold. |
| CWE-1333 | Inefficient Regular Expression Complexity | This vulnerability occurs when an application uses a poorly constructed regular expression that can trigger catastrophic backtracking, leading to extreme CPU consumption and potential denial-of-service. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.