Category: CISQ Quality Measures - Efficiency
Incomplete
Summary
Weaknesses in this category are related to the CISQ Quality Measures for Efficiency. Presence of these weaknesses could reduce the efficiency of the software.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1042 | Static Member Data Element outside of a Singleton Class Element | This weakness occurs when a class that isn't designed as a singleton (a class meant to have only one instance) contains a non-final static member variable. This creates a shared, mutable state across all instances of that class, which can lead to unexpected behavior and data corruption. |
| CWE-1043 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | This weakness occurs when a data structure, like a class or object, contains too many complex sub-elements (e.g., other objects or structs) instead of simple primitive types. |
| CWE-1046 | Creation of Immutable Text Using String Concatenation | This weakness occurs when code builds a string within a loop using simple concatenation (like +=), which unintentionally creates new string objects every time instead of efficiently appending to a buffer. |
| CWE-1049 | Excessive Data Query Operations in a Large Data Table | This weakness occurs when an application runs a database query that uses numerous joins and sub-queries on a very large table, leading to severe performance degradation. |
| CWE-1050 | Excessive Platform Resource Consumption within a Loop | This vulnerability occurs when a loop contains code that repeatedly consumes critical system resources like file handles, database connections, memory, or session locks. Each iteration of the loop drains these finite platform assets without proper release. |
| CWE-1057 | Data Access Operations Outside of Expected Data Manager Component | This weakness occurs when an application bypasses its dedicated, central data manager component and performs data access operations through other code paths. |
| CWE-1060 | Excessive Number of Inefficient Server-Side Data Accesses | This weakness occurs when an application makes an excessive number of individual data queries to a server or database, instead of using more efficient methods like stored procedures or batch operations. |
| CWE-1067 | Excessive Execution of Sequential Searches of Data Resource | This weakness occurs when a database query is structured in a way that forces the system to scan entire tables row-by-row, instead of using an available index for efficient lookups. |
| CWE-1072 | Data Resource Access without Use of Connection Pooling | This weakness occurs when an application creates a new database connection for every request instead of using a managed connection pool. This inefficient pattern forces the system to repeatedly endure the full overhead of establishing and tearing down connections. |
| CWE-1073 | Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses | This weakness occurs when a client-side function or method makes an excessive number of individual data requests through a non-SQL data manager, instead of using more efficient bulk operations or database-native capabilities. |
| CWE-1089 | Large Data Table with Excessive Number of Indices | This weakness occurs when an application uses a database table with a very large number of rows and creates too many indexes on it, degrading overall system performance. |
| CWE-1091 | Use of Object without Invoking Destructor Method | This weakness occurs when a program accesses an object but fails to properly call its destructor or finalizer method. This leaves the cleanup of the object's resources to the system's automatic garbage collection, which may not happen immediately or predictably. |
| CWE-1094 | Excessive Index Range Scan for a Data Resource | This weakness occurs when a database query performs an index range scan that can access an unnecessarily large number of rows from a substantial data table, leading to severe performance degradation. |
| CWE-404 | Improper Resource Shutdown or Release | This vulnerability occurs when a program fails to properly close or release a system resource—like a file handle, database connection, or memory block—after it's no longer needed, preventing its reuse. |
| CWE-424 | Improper Protection of Alternate Path | This vulnerability occurs when an application fails to secure every possible route a user could take to reach sensitive features or data, leaving backdoors or unintended access points open. |
| CWE-1305 | CISQ Quality Measures (2020) | This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2020. These measures are derived from Object Management Group (OMG) standards. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.