Description
The product creates an immutable text string using string concatenation operations.
When building a string via a looping feature (e.g., a FOR or WHILE loop), the use of += to append to the existing string will result in the creation of a new object with each iteration, which can be inefficient in comparison with use of text buffer data elements.
Potential Impact
Other
Reduce Performance
Related Weaknesses
Taxonomy Mappings
- OMG ASCPEM: ASCPEM-PRF-2 —
Frequently Asked Questions
What is CWE-1046?
CWE-1046 (Creation of Immutable Text Using String Concatenation) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product creates an immutable text string using string concatenation operations.
How can CWE-1046 be exploited?
Attackers can exploit CWE-1046 (Creation of Immutable Text Using String Concatenation) to reduce performance. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1046?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-1046?
CWE-1046 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.