Category: Encapsulation Issues
Draft
Summary
Weaknesses in this category are related to issues surrounding the bundling of data with the methods intended to operate on that data.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1054 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | This weakness occurs when code in one architectural layer directly calls functions or methods in a much deeper layer, skipping over the intermediate layers that should normally handle the request. It bypasses the intended layered structure, similar to a manager going directly to an intern instead of working through the team lead. |
| CWE-1057 | Data Access Operations Outside of Expected Data Manager Component | This weakness occurs when an application bypasses its dedicated, central data manager component and performs data access operations through other code paths. |
| CWE-1062 | Parent Class with References to Child Class | This weakness occurs when a parent class directly references its child classes, their methods, or their member variables, creating a problematic and tightly coupled dependency. |
| CWE-1083 | Data Access from Outside Expected Data Manager Component | This weakness occurs when an application is designed to handle all data operations through a dedicated manager component (like a database layer), but code elsewhere bypasses it and accesses data directly. |
| CWE-1090 | Method Containing Access of a Member Element from Another Class | This weakness occurs when a method in one class directly accesses a private or internal member (like a field or property) of a different class, bypassing proper interfaces. |
| CWE-1100 | Insufficient Isolation of System-Dependent Functions | This weakness occurs when an application fails to separate its core logic from functions that depend on a specific operating system, hardware, or external platform. Instead of being contained in dedicated modules, these system-dependent calls are scattered throughout the codebase. |
| CWE-1105 | Insufficient Encapsulation of Machine-Dependent Functionality | This weakness occurs when an application relies on hardware-specific or platform-dependent features but fails to isolate that code from the rest of the system. This poor separation creates tight coupling between the core logic and low-level machine details. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.