Complexity Issues

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are associated with things being overly complex.


Class with Excessive Number of Child Classes

A class contains an unnecessarily large number of children.

Class with Excessively Deep Inheritance

A class has an inheritance level that is too high, i.e., it has a large number of parent classes.

Data Element Aggregating an Excessively Large Number of Non-Primitive Elements

The product uses a data element that has an excessively large number of sub-elements with non-primitive data types such as structures or aggregated objects.

Excessive Attack Surface

The product has an attack surface whose quantitative measurement exceeds a desirable maximum.

Excessive Halstead Complexity

The code is structured in a way that a Halstead complexity measure exceeds a desirable maximum.

Excessive McCabe Cyclomatic Complexity

The code contains McCabe cyclomatic complexity that exceeds a desirable maximum.

Excessive Number of Inefficient Server-Side Data Accesses

The product performs too many data queries without using efficient data processing functionality such as stored procedures.

Excessive Use of Self-Modifying Code

The product uses too much self-modifying code.

Excessive Use of Unconditional Branching

The code uses too many unconditional branches (such as "goto").

Excessively Deep Nesting

The code contains a callable or other code grouping in which the nesting / branching is too deep.

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

Invokable Control Element with Signature Containing an Excessive Number of Parameters

The product contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments.

Invokable Control Element with Variadic Parameters

A named-callable or method control element has a signature that supports a variable (variadic) number of parameters or arguments.

Loop Condition Value Update within the Loop

The product uses a loop with a control flow condition based on a value that is updated within the body of the loop.

Modules with Circular Dependencies

The product contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.

Multiple Inheritance from Concrete Classes

The product contains a class with inheritance from more than one concrete class.

Source Code File with Excessive Number of Lines of Code

A source code file has too many lines of code.

Unconditional Control Flow Transfer outside of Switch Block

The product performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block.


Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.