{"@ID": "1078", "@Name": "Inappropriate Source Code Style or Formatting", "@Abstraction": "Class", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The source code does not follow\n\t\t\t\tdesired style or formatting for indentation, white\n\t\t\t\tspace, comments, etc.", "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "1076", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Indirect"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Common_Consequences": {"Consequence": {"Scope": "Other", "Impact": "Increase Analytical Complexity", "Note": "Variations in indentation and other white space,\n\t       comments, etc.  can make it more difficult for human\n\t       analysts to understand the actual behavior that is\n\t       being implemented."}}, "Detection_Methods": {"Detection_Method": [{"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)", "Effectiveness": "High"}, {"@Detection_Method_ID": "DM-16", "Method": "Automated Static Analysis - Source Code", "Description": "An Integrated Development Environment (IDE) or linter can report or highlight this weaknesses."}]}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-215", "Intro_Text": "The usage of symbolic names instead of hard-coded constants is preferred.", "Body_Text": ["The following is an example of using a hard-coded constant instead of a symbolic name.", "If the buffer value needs to be changed, then it has to be altered in more than one place. If the developer forgets or does not find all occurrences, in this example it could lead to a buffer overflow.", "In this example the developer will only need to change one value and all references to the buffer size are updated, as a symbolic name is used instead of a hard-coded constant."], "Example_Code": [{"@Nature": "Bad", "@Language": "C", "xhtml:div": {"xhtml:br": [null, null], "#text": "char buffer[1024];...fgets(buffer, 1024, stdin);"}}, {"@Nature": "Good", "@Language": "C", "xhtml:div": {"xhtml:br": [null, null, null, null], "#text": "enum { MAX_BUFFER_SIZE = 1024 };...char buffer[MAX_BUFFER_SIZE];...fgets(buffer, MAX_BUFFER_SIZE, stdin);"}}]}}, "Mapping_Notes": {"Usage": "Prohibited", "Rationale": "This entry is primarily a quality issue with no direct security implications.", "Comments": "Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.", "Reasons": {"Reason": {"@Type": "Other"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2018-07-02", "Submission_Version": "3.2", "Submission_ReleaseDate": "2019-01-03", "Submission_Comment": "Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2024-02-29", "Modification_Version": "4.14", "Modification_ReleaseDate": "2024-02-29", "Modification_Comment": "updated Demonstrative_Examples, Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Common_Consequences, Detection_Factors, Time_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2026-04-30", "Modification_Version": "4.20", "Modification_ReleaseDate": "2026-04-30", "Modification_Comment": "updated Detection_Factors"}]}}
