Suspicious Comment |
Weakness ID: 546 (Weakness Variant) | Status: Draft |
Description Summary
The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.
Extended Description
Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.
Example 1
The following excerpt demonstrates the use of a suspicious comment in an imcomplete code block that may have security repercussions.
(Bad Code)
Example Language: Java
if (user == null) {
// TODO: Handle null user condition.
}
Remove comments that suggest the presence of bugs, incomplete functionality, or weaknesses, before deploying the application. |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 398 | Indicator of Poor Code Quality | Development Concepts (primary)699 Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Taxonomy Mappings |