A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are associated with things being overly complex.
A class contains an unnecessarily large number of children.
A class has an inheritance level that is too high, i.e., it has a large number of parent classes.
The product uses a data element that has an excessively large number of sub-elements with non-primitive data types such as structures or aggregated objects.
The product has an attack surface whose quantitative measurement exceeds a desirable maximum.
The code is structured in a way that a Halstead complexity measure exceeds a desirable maximum.
The code contains McCabe cyclomatic complexity that exceeds a desirable maximum.
The product performs too many data queries without using efficient data processing functionality such as stored procedures.
The product uses too much self-modifying code.
The code uses too many unconditional branches (such as "goto").
The code contains a callable or other code grouping in which the nesting / branching is too deep.
The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.
The product contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments.
A named-callable or method control element has a signature that supports a variable (variadic) number of parameters or arguments.
The product uses a loop with a control flow condition based on a value that is updated within the body of the loop.
The product contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.
The product contains a class with inheritance from more than one concrete class.
A source code file has too many lines of code.
The product performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...