CWE-684 特定函数功能的不正确供给
Incorrect Provision of Specified Functionality
结构: Simple
Abstraction: Class
状态: Draft
被利用可能性: unkown
基本描述
The code does not function according to its published specifications, potentially leading to incorrect usage.
扩展描述
When providing functionality to an external party, it is important that the software behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 710 cwe_View_ID: 1000 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Quality Degradation |
可能的缓解方案
Implementation
策略:
Ensure that your code strictly conforms to specifications.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CERT C Secure Coding | PRE09-C | Do not replace secure functions with less secure functions |