CWE-546: Suspicious Comment
Description
The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Extended Description
Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2, TODO, in the code indicate missing security functionality and checking. Others indicate code problems that programmers should fix, such as hard-coded variables, error handling, not using stored procedures, and performance issues.
Example - 1
The following excerpt demonstrates the use of a suspicious comment in an incomplete code block that may have security repercussions.
// // TODO: Handle null user condition.//
if (user == null) {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.