Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-1164:Irrelevant Code
Weakness ID:1164
Version:v4.17
Weakness Name:Irrelevant Code
Vulnerability Mapping:Allowed-with-Review
Abstraction:Class
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or control flow, such that removal of the code would have no impact to functionality or correctness.

▼Extended Description

Irrelevant code could include dead code, initialization that is not used, empty blocks, code that could be entirely removed due to optimization, etc.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfDiscouragedP710Improper Adherence to Coding Standards
ParentOfAllowedV107Struts: Unused Validation Form
ParentOfAllowedB1071Empty Code Block
ParentOfAllowedV110Struts: Validator Without Form Field
ParentOfAllowedB561Dead Code
ParentOfAllowedB563Assignment to Variable without Use
Nature: ChildOf
Mapping: Discouraged
Type: Pillar
ID: 710
Name: Improper Adherence to Coding Standards
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 107
Name: Struts: Unused Validation Form
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1071
Name: Empty Code Block
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 110
Name: Struts: Validator Without Form Field
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 561
Name: Dead Code
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 563
Name: Assignment to Variable without Use
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC1412Comprehensive Categorization: Poor Coding Practices
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1412
Name: Comprehensive Categorization: Poor Coding Practices
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-313Reduce Performance (impact)
MemberOfProhibitedBSBOSS-317Reduce Reliability (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-313
Name: Reduce Performance (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-317
Name: Reduce Reliability (impact)
▼Relevant To View
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
OtherN/AReduce Reliability
N/A
OtherN/AReduce Performance
N/A
Scope: Other
Likelihood: N/A
Impact: Reduce Reliability
Note:
N/A
Scope: Other
Likelihood: N/A
Impact: Reduce Performance
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
▼Applicable Platforms
▼Demonstrative Examples
Example 1

The condition for the second if statement is impossible to satisfy. It requires that the variables be non-null. However, on the only path where s can be assigned a non-null value, there is a return statement.

Language: ( code)
N/A

Language: C++(Bad code)
String s = null; if (b) { s = "Yes"; return; } if (s != null) { Dead(); }

Example 2

The following code excerpt assigns to the variable r and then overwrites the value without using it.

Language: ( code)
N/A

Language: C(Bad code)
r = getName(); r = getNewBuffer(buf);

▼Observed Examples
ReferenceDescription
CVE-2014-1266
chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
Reference: CVE-2014-1266
Description:
chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      Indirect
      N/A
      Ordinality: Indirect
      Description:
      N/A
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed-with-Review
      Reason:Abstraction
      Rationale:

      This CWE entry is a Class and might have Base-level children that would be more appropriate

      Comments:

      Examine children of this entry to see if there is a better fit

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found