English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CWE-1006 Categorie Detail

CWE-1006

Bad Coding Practices
Draft
2017-11-08 +00:00
2023-06-29 +00:00
CWE Mitre.org

Alerte pour un CWE

Stay informed of any changes for a specific CWE.
Alert management

Bad Coding Practices

Weaknesses in this category are related to coding practices that are deemed unsafe and increase the chances that an exploitable vulnerability will be present in the application. These weaknesses do not directly introduce a vulnerability, but indicate that the product has not been carefully developed or maintained. If a program is complex, difficult to maintain, not portable, or shows evidence of neglect, then there is a higher likelihood that weaknesses are buried in the code.

Members

CWE-358: Improperly Implemented Security Check for Standard Base

CWE-360: Trust of System Event Data Base

CWE-478: Missing Default Case in Multiple Condition Expression Base

CWE-487: Reliance on Package-level Scope Base

CWE-489: Active Debug Code Base

CWE-547: Use of Hard-coded, Security-relevant Constants Base

CWE-561: Dead Code Base

CWE-562: Return of Stack Variable Address Base

CWE-563: Assignment to Variable without Use Base

CWE-581: Object Model Violation: Just One of Equals and Hashcode Defined Base

CWE-586: Explicit Call to Finalize() Base

CWE-605: Multiple Binds to the Same Port Base

CWE-628: Function Call with Incorrectly Specified Arguments Base

CWE-654: Reliance on a Single Factor in a Security Decision Base

CWE-656: Reliance on Security Through Obscurity Base

CWE-694: Use of Multiple Resources with Duplicate Identifier Base

CWE-807: Reliance on Untrusted Inputs in a Security Decision Base

CWE-1041: Use of Redundant Code Base

CWE-1043: Data Element Aggregating an Excessively Large Number of Non-Primitive Elements Base

CWE-1044: Architecture with Number of Horizontal Layers Outside of Expected Range Base

CWE-1045: Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor Base

CWE-1046: Creation of Immutable Text Using String Concatenation Base

CWE-1048: Invokable Control Element with Large Number of Outward Calls Base

CWE-1049: Excessive Data Query Operations in a Large Data Table Base

CWE-1050: Excessive Platform Resource Consumption within a Loop Base

CWE-1063: Creation of Class Instance within a Static Code Block Base

CWE-1065: Runtime Resource Management Control Element in a Component Built to Run on Application Servers Base

CWE-1066: Missing Serialization Control Element Base

CWE-1067: Excessive Execution of Sequential Searches of Data Resource Base

CWE-1070: Serializable Data Element Containing non-Serializable Item Elements Base

CWE-1071: Empty Code Block Base

CWE-1072: Data Resource Access without Use of Connection Pooling Base

CWE-1073: Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses Base

CWE-1079: Parent Class without Virtual Destructor Method Base

CWE-1082: Class Instance Self Destruction Control Element Base

CWE-1084: Invokable Control Element with Excessive File or Data Access Operations Base

CWE-1085: Invokable Control Element with Excessive Volume of Commented-out Code Base

CWE-1087: Class with Virtual Method without a Virtual Destructor Base

CWE-1089: Large Data Table with Excessive Number of Indices Base

CWE-1092: Use of Same Invokable Control Element in Multiple Architectural Layers Base

CWE-1094: Excessive Index Range Scan for a Data Resource Base

CWE-1097: Persistent Storable Data Element without Associated Comparison Control Element Base

CWE-1098: Data Element containing Pointer Item without Proper Copy Control Element Base

CWE-1099: Inconsistent Naming Conventions for Identifiers Base

CWE-1101: Reliance on Runtime Component in Generated Code Base

CWE-1102: Reliance on Machine-Dependent Data Representation Base

CWE-1103: Use of Platform-Dependent Third Party Components Base

CWE-1104: Use of Unmaintained Third Party Components Base

CWE-1106: Insufficient Use of Symbolic Constants Base

CWE-1107: Insufficient Isolation of Symbolic Constant Definitions Base

CWE-1108: Excessive Reliance on Global Variables Base

CWE-1109: Use of Same Variable for Multiple Purposes Base

CWE-1113: Inappropriate Comment Style Base

CWE-1114: Inappropriate Whitespace Style Base

CWE-1115: Source Code Element without Standard Prologue Base

CWE-1116: Inaccurate Comments Base

CWE-1117: Callable with Insufficient Behavioral Summary Base

CWE-1126: Declaration of Variable with Unnecessarily Wide Scope Base

CWE-1127: Compilation with Insufficient Warnings or Errors Base

CWE-1235: Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations Base

Informations

Vulnerability Mapping Notes

Rationale : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments : See member weaknesses of this category.

Submission

Name Organization Date Date Release Version
CWE Content Team MITRE 2017-06-29 +00:00 2017-11-08 +00:00 2.12

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2019-01-03 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Mapping_Notes, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.