CWE-546: Suspicious Comment

Description

The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.

Example Vulnerable Codes

Example - 1

The following excerpt demonstrates the use of a suspicious comment in an incomplete code block that may have security repercussions.


// // TODO: Handle null user condition.// 
if (user == null) {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-615: Inclusion of Sensitive Information in Source Code Comments

Go to

CWE-1078: Inappropriate Source Code Style or Formatting

Go to

Visit http://cwe.mitre.org/ for more details.