Suspicious Comment
Weakness ID: 546 (Weakness Variant)Status: Draft
+ Description

Description Summary

The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.

Extended Description

Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.

+ Time of Introduction
  • Implementation
+ Demonstrative Examples

Example 1

The following excerpt demonstrates the use of a suspicious comment in an imcomplete code block that may have security repercussions.

(Bad Code)
Example Language: Java 
if (user == null) {
// TODO: Handle null user condition.
}
+ Potential Mitigations

Remove comments that suggest the presence of bugs, incomplete functionality, or weaknesses, before deploying the application.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class398Indicator of Poor Code Quality
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Anonymous Tool Vendor (under NDA)Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy Mappings
Back to top