Use of Redundant Code
The product has multiple functions, methods, procedures, macros, etc. that contain the same code.
Description
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. For example, if there are two copies of the same code, the programmer might fix a weakness in one copy while forgetting to fix the same weakness in another copy.
Demonstrations
The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.
Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.
Example One
In the following Java example the code performs some complex math when specific test conditions are met. The math is the same in each case and the equations are repeated within the code. Unfortunately if a future change needs to be made then that change needs to be made in all locations. This opens the door to mistakes being made and the changes not being made in the same way in each instance.
public class Main {
public static void main(String[] args) {
double s = 10.0;
double r = 1.0;
double pi = 3.14159;
double surface_area;
if(r > 0.0) {
// complex math equations
surface_area = pi * r * s + pi * Math.pow(r, 2);
}
if(r > 1.0) {
// a complex set of math
surface_area = pi * r * s + pi * Math.pow(r, 2);
}
}
}It is recommended to place the complex math into its own function and then call that function whenever necessary.
public class Main {
private double ComplexMath(double r, double s) {
//complex math equations
double pi = Math.PI;
double surface_area = pi * r * s + pi * Math.pow(r, 2);
return surface_area;
}
public static void main(String[] args) {
double s = 10.0;
double r = 1.0;
double surface_area;
if(r > 0.0) {
surface_area = ComplexMath(r, s);
}
if(r > 1.0) {
surface_area = ComplexMath(r, s);
}
}
}See Also
Weaknesses in this category are related to poor coding practices.
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability, as documented in 2016 with the Automated Source Code Maintainability Measure ...
This view (slice) covers all the elements in CWE.
CWE identifiers in this view (slice) are quality issues that only indirectly make it easier to introduce a vulnerability and/or make the vulnerability more difficult t...
This view (slice) displays only weakness base elements.
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.