Irrelevant Code
Incomplete Class
Structure: Simple
Description
The product contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness.
Irrelevant code could include dead code, initialization that is not used, empty blocks, code that could be entirely removed due to optimization, etc.
Common Consequences 2
Scope: Other
Impact: Reduce Reliability
Scope: Other
Impact: Reduce Performance
Demonstrative Examples 2
ID : DX-217
The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null. However, on the only path where s can be assigned a non-null value, there is a return statement.Code Example:
Bad
C++
c++ID : DX-218
The following code excerpt assigns to the variable r and then overwrites the value without using it.Code Example:
Bad
C
cObserved Examples 1
CVE-2014-1266chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). Incorrect Control Flow Scoping (Incorrect Control Flow Scoping) -> Dead Code (Dead Code) -> Improper Certificate Validation (Improper Certificate Validation) -> Return of Wrong Status Code (Return of Wrong Status Code) -> Channel Accessible by Non-Endpoint (Channel Accessible by Non-Endpoint).
Related Weaknesses