Category: SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT Perl Coding Standard.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-248 | Uncaught Exception | An exception is thrown from a function, but it is not caught. |
| CWE-252 | Unchecked Return Value | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
| CWE-375 | Returning a Mutable Object to an Untrusted Caller | Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function. |
| CWE-391 | Unchecked Error Condition | [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. |
| CWE-394 | Unexpected Status Code or Return Value | The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product. |
| CWE-460 | Improper Cleanup on Thrown Exception | The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. |
| CWE-477 | Use of Obsolete Function | The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. |
| CWE-597 | Use of Wrong Operator in String Comparison | The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead. |
| CWE-628 | Function Call with Incorrectly Specified Arguments | The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses. |
| CWE-690 | Unchecked Return Value to NULL Pointer Dereference | The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. |
| CWE-705 | Incorrect Control Flow Scoping | The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
| CWE-783 | Operator Precedence Logic Error | The product uses an expression in which operator precedence causes incorrect logic to be used. |
| CWE-1178 | Weaknesses Addressed by the SEI CERT Perl Coding Standard | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Perl Coding Standard. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.