Read Time:9 Second
Description
A class contains an unnecessarily large number of
children.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
CWE-1085 – Invokable Control Element with Excessive Volume of Commented-out Code
Read Time:12 Second
Description
A function, method, procedure, etc. contains an excessive amount of code that has been
commented out within its body.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1084 – Invokable Control Element with Excessive File or Data Access Operations
Read Time:11 Second
Description
A function or method contains too many
operations that utilize a data manager or file resource.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1083 – Data Access from Outside Expected Data Manager Component
Read Time:16 Second
Description
The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1082 – Class Instance Self Destruction Control Element
Read Time:11 Second
Description
The code contains a class instance that calls the method or function to delete or destroy itself.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1080 – Source Code File with Excessive Number of Lines of Code
Read Time:9 Second
Description
A source code file has too many lines of
code.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-108 – Struts: Unvalidated Action Form
Read Time:50 Second
Description
Every Action Form must have a corresponding validation form.
If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Other: Other
If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today’s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.
Confidentiality, Integrity, Availability, Other: Other
Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Potential Mitigations
Phase: Implementation
Description:
CVE References
CWE-1079 – Parent Class without Virtual Destructor Method
Read Time:12 Second
Description
A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1078 – Inappropriate Source Code Style or Formatting
Read Time:10 Second
Description
The source code does not follow
desired style or formatting for indentation, white
space, comments, etc.
Modes of Introduction:
Related Weaknesses
Consequences
Potential Mitigations
CVE References
CWE-1077 – Floating Point Comparison with Incorrect Operator
Read Time:15 Second
Description
The code performs a comparison such as an
equality test between two float (floating point) values, but
it uses comparison operators that do not account for the
possibility of loss of precision.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability