Category: CISQ Quality Measures - Maintainability
Incomplete
Summary
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1041 | Use of Redundant Code | This weakness occurs when a codebase contains identical or nearly identical logic duplicated across multiple functions, methods, or modules. This redundancy creates unnecessary complexity and maintenance overhead. |
| CWE-1045 | Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor | This occurs when a base class defines a virtual destructor, but a derived class inherits from it without declaring its own virtual destructor. |
| CWE-1047 | Modules with Circular Dependencies | This weakness occurs when software modules have circular references, meaning Module A depends on Module B, which in turn depends back on Module A, creating a closed loop. |
| CWE-1048 | Invokable Control Element with Large Number of Outward Calls | This weakness occurs when a single function, method, or callable code block makes an excessively high number of calls to other objects or components outside its immediate scope. This creates a complex, tightly-coupled web of dependencies that is difficult to manage. |
| CWE-1051 | Initialization with Hard-Coded Network Resource Configuration Data | This vulnerability occurs when software uses fixed, hard-coded values—like IP addresses, domain names, or URLs—to identify network resources during its startup or configuration phase. |
| CWE-1052 | Excessive Use of Hard-Coded Literals in Initialization | This weakness occurs when software initializes variables or data structures using hard-coded values (like strings, file paths, or network addresses) instead of configurable constants or parameters. While simple numbers or true constants are acceptable, embedding non-trivial literals directly in code creates maintenance and security risks. |
| CWE-1054 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | This weakness occurs when code in one architectural layer directly calls functions or methods in a much deeper layer, skipping over the intermediate layers that should normally handle the request. It bypasses the intended layered structure, similar to a manager going directly to an intern instead of working through the team lead. |
| CWE-1055 | Multiple Inheritance from Concrete Classes | This weakness occurs when a single class inherits functionality and state from more than one concrete (fully implemented) parent class. |
| CWE-1062 | Parent Class with References to Child Class | This weakness occurs when a parent class directly references its child classes, their methods, or their member variables, creating a problematic and tightly coupled dependency. |
| CWE-1064 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | This weakness occurs when a function, method, or subroutine is defined with an unnecessarily high number of parameters in its signature. |
| CWE-1074 | Class with Excessively Deep Inheritance | This weakness occurs when a class inherits from an excessive number of parent classes, creating a deep and complex inheritance hierarchy. |
| CWE-1075 | Unconditional Control Flow Transfer outside of Switch Block | This weakness occurs when code uses an unconditional jump, like a 'goto' statement, outside of a structured control flow block like a switch statement. This bypasses the intended logic and makes the program's execution path unpredictable and difficult to follow. |
| CWE-1079 | Parent Class without Virtual Destructor Method | This occurs when a base class, designed to be inherited from, does not declare its destructor as virtual. This oversight prevents proper cleanup when objects are deleted through a pointer to the parent class. |
| CWE-1080 | Source Code File with Excessive Number of Lines of Code | This weakness occurs when a single source code file grows excessively large, containing too many lines of code. |
| CWE-1084 | Invokable Control Element with Excessive File or Data Access Operations | This weakness occurs when a single function or method performs an excessive number of file or database operations, such as repeated reads, writes, or queries. It over-relies on a single data manager or file resource, creating a tightly coupled and fragile code structure. |
| CWE-1085 | Invokable Control Element with Excessive Volume of Commented-out Code | This weakness occurs when a callable function, method, or procedure contains a large amount of inactive, commented-out code within its implementation body. |
| CWE-1086 | Class with Excessive Number of Child Classes | This weakness occurs when a parent class has an excessive number of child classes that inherit from it, creating a deep and overly complex inheritance tree. |
| CWE-1087 | Class with Virtual Method without a Virtual Destructor | This occurs when a class defines a virtual method but does not also provide a virtual destructor. |
| CWE-1090 | Method Containing Access of a Member Element from Another Class | This weakness occurs when a method in one class directly accesses a private or internal member (like a field or property) of a different class, bypassing proper interfaces. |
| CWE-1095 | Loop Condition Value Update within the Loop | This vulnerability occurs when a loop's exit condition depends on a variable that is also modified inside the loop body. This creates a complex and often unpredictable control flow that is difficult to analyze. |
| CWE-407 | Inefficient Algorithmic Complexity | This vulnerability occurs when a software component uses an algorithm with poor worst-case performance. An attacker can exploit this by providing specially crafted input that forces the algorithm into its slowest possible execution path, leading to severe performance degradation or denial of service. |
| CWE-478 | Missing Default Case in Multiple Condition Expression | This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values. |
| CWE-480 | Use of Incorrect Operator | This vulnerability occurs when a developer mistakenly uses the wrong operator in their code, leading to unintended and potentially insecure logic. |
| CWE-484 | Omitted Break Statement in Switch | This vulnerability occurs when a developer forgets to include a 'break' statement inside a switch-case block. Without it, the code execution 'falls through' and unintentionally runs the logic for subsequent cases, leading to unexpected behavior. |
| CWE-561 | Dead Code | Dead code refers to sections of a program that can never run during normal execution, effectively making them inactive and unreachable. |
| CWE-570 | Expression is Always False | This vulnerability occurs when code contains a conditional expression that can never evaluate to true, causing a section of the program to be permanently unreachable. |
| CWE-571 | Expression is Always True | This vulnerability occurs when code contains a conditional expression that will always evaluate to 'true', making the check ineffective and potentially bypassing critical security or logic gates. |
| CWE-783 | Operator Precedence Logic Error | This vulnerability occurs when a developer writes a conditional expression where the intended logic is broken due to misunderstanding or misapplying the rules of operator precedence. |
| CWE-1305 | CISQ Quality Measures (2020) | This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2020. These measures are derived from Object Management Group (OMG) standards. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.