The software accesses a data resource through a database without using a
connection pooling capability.
Modes of Introduction:
Other: Reduce Performance
The software contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities.
Modes of Introduction:
Other: Reduce Performance
A class has an inheritance level that is too high, i.e., it
has a large number of parent classes.
Modes of Introduction:
Other: Reduce Maintainability
The software performs unconditional control transfer (such as a
“goto”) in code outside of a branching structure such as a switch
block.
Modes of Introduction:
Other: Reduce Maintainability
The product’s architecture, source code, design, documentation,
or other artifact does not follow required conventions.
Modes of Introduction:
Other: Reduce Maintainability
The code performs a comparison such as an
equality test between two float (floating point) values, but
it uses comparison operators that do not account for the
possibility of loss of precision.
Modes of Introduction:
Other: Reduce Reliability
The source code does not follow
desired style or formatting for indentation, white
space, comments, etc.
Modes of Introduction:
A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.
Modes of Introduction:
Other: Reduce Reliability
Every Action Form must have a corresponding validation form.
If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.
Modes of Introduction:
– Implementation
Other: Other
If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today’s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.
Confidentiality, Integrity, Availability, Other: Other
Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Phase: Implementation
Description:
A source code file has too many lines of
code.
Modes of Introduction:
Other: Reduce Maintainability