CISQ Quality Measures - Maintainability
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.
A class contains an unnecessarily large number of children.
A class has an inheritance level that is too high, i.e., it has a large number of parent classes.
A class contains a virtual method, but the method does not have an associated virtual destructor.
The software contains dead code, which can never be executed.
The software initializes a data element using a hard-coded literal that is not a simple integer or static constant element.
The software contains an expression that will always evaluate to false.
The software contains an expression that will always evaluate to true.
An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typ...
The software initializes data using hard-coded values that act as network resource identifiers.
The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and t...
A function or method contains too many operations that utilize a data manager or file resource.
A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.
The code contains callable control elements that contain an excessively large number of references to other application objects external to the conte...
The software contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments.
The software uses a loop with a control flow condition based on a value that is updated within the body of the loop.
A method for a class performs an operation that directly accesses a member element from another class.
The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.
The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.
The software contains a class with inheritance from more than one concrete class.
The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...
The program uses an expression in which operator precedence causes incorrect logic to be used.
A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.
The code has a parent class that contains references to a child class, its methods, or its members.
A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.
A source code file has too many lines of code.
The software performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block.
The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.
The software has multiple functions, methods, procedures, macros, etc. that contain the same code.
This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristi...
- Automated Source Code Quality Measures
Consortium for Information & Software Quality (CISQ)