Use of Path Manipulation Function without Maximum-sized Buffer
0
Variant
-
The product invokes a function for normalizing paths or file names, but it provides an output buffer that is smaller than the maximum possible size, such as PATH_MAX.
The product receives data from an upstream component, but only filters a single instance of a special element before sending it to a downstream component.
Only Filtering Special Elements at a Specified Location
0
Base
-
The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.
Only Filtering Special Elements Relative to a Marker
0
Variant
-
The product receives data from an upstream component, but only accounts for special elements positioned relative to a marker (e.g. "at the beginning/end of a string; the second argument"), thereby missing remaining special elements that may exist before sending it to a downstream component.
Only Filtering Special Elements at an Absolute Position
0
Variant
-
The product receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing remaining special elements that may exist before sending it to a downstream component.
The product uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer.
Static Member Data Element outside of a Singleton Class Element
0
Variant
-
The code contains a member element that is declared as static (but not final), in which
its parent class element
is not a singleton class - that is, a class element that can be used only once in
the 'to' association of a Create action.
Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
0
Base
-
The product uses a data element that has an excessively large
number of sub-elements with non-primitive data types such as structures or aggregated objects.
Invokable Control Element with Large Number of Outward Calls
0
Base
-
The code contains callable control elements that
contain an excessively large number of references to other
application objects external to the context of the callable,
i.e. a Fan-Out value that is excessively large.
Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
0
Base
-
The code at one architectural layer invokes code that resides
at a deeper layer than the adjacent layer, i.e., the invocation skips at least one
layer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.
The product does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.