CWE-1041: Use of Redundant Code

Description

The product has multiple functions, methods, procedures, macros, etc. that contain the same code.

Potential Impact

Other

Reduce Maintainability

Demonstrative Examples

In the following Java example the code performs some complex math when specific test conditions are met. The math is the same in each case and the equations are repeated within the code. Unfortunately if a future change needs to be made then that change needs to be made in all locations. This opens the door to mistakes being made and the changes not being made in the same way in each instance.

Bad

public class Main {
                     public static void main(String[] args) {
                        double s = 10.0;
                        double r = 1.0;
                        double pi = 3.14159;
                        double surface_area;
                        if(r > 0.0) {
                           // complex math equations
                           surface_area = pi * r * s + pi * Math.pow(r, 2);
                        }
                        if(r > 1.0) {
                           // a complex set of math
                           surface_area = pi * r * s + pi * Math.pow(r, 2);
                        }
                     }
                  }

It is recommended to place the complex math into its own function and then call that function whenever necessary.

Good

public class Main {
                     private double ComplexMath(double r, double s) {
                        //complex math equations
                        double pi = Math.PI;
                        double surface_area = pi * r * s + pi * Math.pow(r, 2);
                        return surface_area;
                     }
                     public static void main(String[] args) {
                        double s = 10.0;
                        double r = 1.0;
                        double surface_area;
                        if(r > 0.0) {
                           surface_area = ComplexMath(r, s);
                        }
                        if(r > 1.0) {
                           surface_area = ComplexMath(r, s);
                        }
                     }
                  }

Mitigations & Prevention

Implementation

Merge common functionality into a single function and then call that function from across the entire code base.

Detection Methods

Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

Taxonomy Mappings

OMG ASCMM: ASCMM-MNT-19 —

Frequently Asked Questions

What is CWE-1041?

CWE-1041 (Use of Redundant Code) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product has multiple functions, methods, procedures, macros, etc. that contain the same code.

How can CWE-1041 be exploited?

Attackers can exploit CWE-1041 (Use of Redundant Code) to reduce maintainability. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-1041?

Key mitigations include: Merge common functionality into a single function and then call that function from across the entire code base.

What is the severity of CWE-1041?

CWE-1041 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.