CWE-1085 可调用控制元素中的注释代码量过大
Invokable Control Element with Excessive Volume of Commented-out Code
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.
扩展描述
This issue makes it more difficult to maintain the software, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
While the interpetation of "excessive volume" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 1078 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 1078 cwe_View_ID: 699 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Reduce Maintainability |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| OMG ASCMM | ASCMM-MNT-6 |