ByteOS Network

CWE-1046:Creation of Immutable Text Using String Concatenation

Weakness ID:1046

Version:v4.17

Weakness Name:Creation of Immutable Text Using String Concatenation

Vulnerability Mapping:Allowed

Abstraction:Base

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

▼Description

The product creates an immutable text string using string concatenation operations.

▼Extended Description

When building a string via a looping feature (e.g., a FOR or WHILE loop), the use of += to append to the existing string will result in the creation of a new object with each iteration. This programming pattern can be inefficient in comparison with use of text buffer data elements. This issue can make the product perform more slowly. If the relevant code is reachable by an attacker, then this could be influenced to create performance problem.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Allowed-with-Review	C	1176	Inefficient CPU Computation

Nature: ChildOf

Mapping: Allowed-with-Review

Type: Class

ID: 1176

Name: Inefficient CPU Computation

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1006	Bad Coding Practices
MemberOf	Prohibited	C	1132	CISQ Quality Measures (2016) - Performance Efficiency
MemberOf	Prohibited	C	1309	CISQ Quality Measures - Efficiency
MemberOf	Prohibited	C	1416	Comprehensive Categorization: Resource Lifecycle Management

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1006

Name: Bad Coding Practices

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1132

Name: CISQ Quality Measures (2016) - Performance Efficiency

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1309

Name: CISQ Quality Measures - Efficiency

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1416

Name: Comprehensive Categorization: Resource Lifecycle Management

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-313	Reduce Performance (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-313

Name: Reduce Performance (impact)

▼Relevant To View

Relevant to the view"Software Development - (699)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1006	Bad Coding Practices

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 1006

Name: Bad Coding Practices

Relevant to the view"CISQ Quality Measures (2020) - (1305)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1309	CISQ Quality Measures - Efficiency

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 1309

Name: CISQ Quality Measures - Efficiency

▼Common Consequences

Scope	Likelihood	Impact	Note
Other	N/A	Reduce Performance	N/A

Scope: Other

Likelihood: N/A

Impact: Reduce Performance

Note:

N/A

▼Weakness Ordinalities

Ordinality	Description
Indirect	N/A

Ordinality: Indirect

Description:

N/A

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Fit	Entry Name
OMG ASCPEM	ASCPEM-PRF-2	N/A	N/A

Taxonomy Name: OMG ASCPEM

Entry ID: ASCPEM-PRF-2

Fit: N/A

Entry Name: N/A

▼References

Reference ID: REF-959

Title: Automated Source Code Performance Efficiency Measure (ASCPEM)

Author: Object Management Group (OMG)

Section: ASCPEM-PRF-2

Publication:

URL:https://www.omg.org/spec/ASCPEM/

URL Date:2023-04-07

Day:N/A

Month:01

Year:2016