CISQ Quality Measures - Maintainability

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.

Weaknesses

Class with Excessive Number of Child Classes

A class contains an unnecessarily large number of children.

Class with Excessively Deep Inheritance

A class has an inheritance level that is too high, i.e., it has a large number of parent classes.

Class with Virtual Method without a Virtual Destructor

A class contains a virtual method, but the method does not have an associated virtual destructor.

Dead Code

The software contains dead code, which can never be executed.

Excessive Use of Hard-Coded Literals in Initialization

The software initializes a data element using a hard-coded literal that is not a simple integer or static constant element.

Expression is Always False

The software contains an expression that will always evaluate to false.

Expression is Always True

The software contains an expression that will always evaluate to true.

Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typ...

Initialization with Hard-Coded Network Resource Configuration Data

The software initializes data using hard-coded values that act as network resource identifiers.

Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer

The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and t...

Invokable Control Element with Excessive File or Data Access Operations

A function or method contains too many operations that utilize a data manager or file resource.

Invokable Control Element with Excessive Volume of Commented-out Code

A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.

Invokable Control Element with Large Number of Outward Calls

The code contains callable control elements that contain an excessively large number of references to other application objects external to the conte...

Invokable Control Element with Signature Containing an Excessive Number of Parameters

The software contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments.

Loop Condition Value Update within the Loop

The software uses a loop with a control flow condition based on a value that is updated within the body of the loop.

Method Containing Access of a Member Element from Another Class

A method for a class performs an operation that directly accesses a member element from another class.

Missing Default Case in Switch Statement

The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.

Modules with Circular Dependencies

The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.

Multiple Inheritance from Concrete Classes

The software contains a class with inheritance from more than one concrete class.

Omitted Break Statement in Switch

The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...

Operator Precedence Logic Error

The program uses an expression in which operator precedence causes incorrect logic to be used.

Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor

A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.

Parent Class with References to Child Class

The code has a parent class that contains references to a child class, its methods, or its members.

Parent Class without Virtual Destructor Method

A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.

Source Code File with Excessive Number of Lines of Code

A source code file has too many lines of code.

Unconditional Control Flow Transfer outside of Switch Block

The software performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block.

Use of Incorrect Operator

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.

Use of Redundant Code

The software has multiple functions, methods, procedures, macros, etc. that contain the same code.

Concepts

CISQ Quality Measures (2020)

This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristi...

See Also

  1. Automated Source Code Quality Measures

    Consortium for Information & Software Quality (CISQ)


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.