CWE

Common Weakness Enumeration

A Community-Developed List of Software & Hardware Weakness Types

2021 CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.10)  
ID

CWE-1041: Use of Redundant Code

Weakness ID: 1041
Abstraction: Base
Structure: Simple
View customized information:
+ Description
The product has multiple functions, methods, procedures, macros, etc. that contain the same code.
+ Extended Description

This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. For example, if there are two copies of the same code, the programmer might fix a weakness in one copy while forgetting to fix the same weakness in another copy.

+ Relationships
Section HelpThis table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
+ Relevant to the view "Research Concepts" (CWE-1000)
NatureTypeIDName
ChildOfPillarPillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.710Improper Adherence to Coding Standards
Section HelpThis table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
+ Relevant to the view "Software Development" (CWE-699)
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1006Bad Coding Practices
+ Applicable Platforms
Section HelpThis listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

Class: Not Language-Specific (Undetermined Prevalence)

+ Common Consequences
Section HelpThis table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
ScopeImpactLikelihood
Other

Technical Impact: Reduce Maintainability

+ Demonstrative Examples

Example 1

In the following Java example the code performs some complex math when specific test conditions are met. The math is the same in each case and the equations are repeated within the code. Unfortunately if a future change needs to be made then that change needs to be made in all locations. This opens the door to mistakes being made and the changes not being made in the same way in each instance.

(bad code)
Example Language: Java 
public class Main {
public static void main(String[] args) {
double s = 10.0;
double r = 1.0;
double pi = 3.14159;
double surface_area;

if(r > 0.0) {
// complex math equations
surface_area = pi * r * s + pi * Math.pow(r, 2);

}

if(r > 1.0) {
// a complex set of math
surface_area = pi * r * s + pi * Math.pow(r, 2);

}

}


}

It is recommended to place the complex math into its own function and then call that function whenever necessary.

(good code)
Example Language: Java 
public class Main {
private double ComplexMath(double r, double s) {
//complex math equations
double pi = Math.PI;
double surface_area = pi * r * s + pi * Math.pow(r, 2);
return surface_area;

}

public static void main(String[] args) {
double s = 10.0;
double r = 1.0;
double surface_area;

if(r > 0.0) {
surface_area = ComplexMath(r, s);

}

if(r > 1.0) {
surface_area = ComplexMath(r, s);

}

}


}
+ Potential Mitigations

Phase: Implementation

Merge common functionality into a single function and then call that function from across the entire code base.
+ Weakness Ordinalities
OrdinalityDescription
Indirect
(where the weakness is a quality issue that might indirectly make it easier to introduce security-relevant weaknesses or make them more difficult to detect)
+ Memberships
Section HelpThis MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1130CISQ Quality Measures (2016) - Maintainability
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1307CISQ Quality Measures - Maintainability
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
OMG ASCMMASCMM-MNT-19
+ References
[REF-960] Object Management Group (OMG). "Automated Source Code Maintainability Measure (ASCMM)". ASCMM-MNT-19. 2016-01. <http://www.omg.org/spec/ASCMM/1.0>.
+ Content History
+ Submissions
Submission DateSubmitterOrganization
2018-07-02CWE Content TeamMITRE
Entry derived from Common Quality Enumeration (CQE) Draft 0.9.
+ Contributions
Contribution DateContributorOrganization
2022-08-15Drew Buttner
Suggested new demonstrative examples, mitigations, and applicable platforms.
+ Modifications
Modification DateModifierOrganization
2020-08-20CWE Content TeamMITRE
updated Relationships
2022-10-13CWE Content TeamMITRE
updated Applicable_Platforms, Demonstrative_Examples, Potential_Mitigations
2023-01-31CWE Content TeamMITRE
updated Description
More information is available — Please select a different filter.
Page Last Updated: January 31, 2023