CWE-546
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Suspicious Comment
The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.
Description du CWE
Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.
Informations générales
Modes d'introduction
ImplementationPlateformes applicables
Langue
Class: Not Language-Specific (Undetermined)Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Other | Quality Degradation Note: Suspicious comments could be an indication that there are problems in the source code that may need to be fixed and is an indication of poor quality. This could lead to further bugs and the introduction of weaknesses. |
Mesures d’atténuation potentielles
Phases : DocumentationRemove comments that suggest the presence of bugs, incomplete functionality, or weaknesses, before deploying the application.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| Anonymous Tool Vendor (under NDA) | Draft 3 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| Sean Eidemiller | Cigital | added/updated demonstrative examples | |
| Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Description, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships, Weakness_Ordinalities | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC)
sont maintenues par MITRE Corporation, et les informations sur les configurations
logicielles et matérielles (CPE) proviennent du NVD.