Description
A class contains an unnecessarily large number of
children.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
A class contains an unnecessarily large number of
children.
Modes of Introduction:
Other: Reduce Maintainability
A function, method, procedure, etc. contains an excessive amount of code that has been
commented out within its body.
Modes of Introduction:
Other: Reduce Maintainability
A function or method contains too many
operations that utilize a data manager or file resource.
Modes of Introduction:
Other: Reduce Maintainability
The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.
Modes of Introduction:
Other: Reduce Reliability
The code contains a class instance that calls the method or function to delete or destroy itself.
Modes of Introduction:
Other: Reduce Reliability
A source code file has too many lines of
code.
Modes of Introduction:
Other: Reduce Maintainability
Every Action Form must have a corresponding validation form.
If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator.
Modes of Introduction:
– Implementation
Other: Other
If an action form mapping does not have a validation form defined, it may be vulnerable to a number of attacks that rely on unchecked input. Unchecked input is the root cause of some of today’s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.
Confidentiality, Integrity, Availability, Other: Other
Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Phase: Implementation
Description:
A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.
Modes of Introduction:
Other: Reduce Reliability
The source code does not follow
desired style or formatting for indentation, white
space, comments, etc.
Modes of Introduction:
The code performs a comparison such as an
equality test between two float (floating point) values, but
it uses comparison operators that do not account for the
possibility of loss of precision.
Modes of Introduction:
Other: Reduce Reliability