The code is compiled without sufficient warnings enabled, which
may prevent the detection of subtle bugs or quality
issues.
Modes of Introduction:
– Build and Compilation
Other: Reduce Maintainability
The source code declares a variable in one scope, but the
variable is only used within a narrower scope.
Modes of Introduction:
Other: Reduce Maintainability
The product has an attack surface whose quantitative
measurement exceeds a desirable maximum.
Modes of Introduction:
The code contains a callable or other code grouping in which
the nesting / branching is too deep.
Modes of Introduction:
Other: Reduce Maintainability
The product uses too much self-modifying
code.
Modes of Introduction:
Other: Reduce Maintainability
The code is structured in a way that a Halstead complexity
measure exceeds a desirable maximum.
Modes of Introduction:
Other: Reduce Maintainability
The code contains McCabe cyclomatic complexity that exceeds a
desirable maximum.
Modes of Introduction:
The code is too complex, as calculated using a well-defined,
quantitative measure.
Modes of Introduction:
Other: Reduce Maintainability
Other: Reduce Performance
The software accepts XML from an untrusted source but does not validate the XML against the proper schema.
Most successful attacks begin with a violation of the programmer’s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.
Modes of Introduction:
– Implementation
Integrity: Unexpected State
Phase: Architecture and Design
Description:
The code uses too many unconditional branches (such as
“goto”).
Modes of Introduction:
Other: Reduce Maintainability