CWE-1085Invokable Control Element with Excessive Volume of Commented-out Code

PUBLISHEDweakness record
released 2019-01-03 · last modified 2025-12-11

Metadata

CWE ID:
CWE-1085
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2019-01-03
更新日期:
2025-12-11

名称

Invokable Control Element with Excessive Volume of Commented-out Code

描述

A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.

While the interpretation of "excessive volume" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code.

常见后果

范围:
Other
影响:
Reduce Maintainability
注释:
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

相关 CWE