CWE-1114 Detalhe

CWE-1114

Inappropriate Whitespace Style
Incomplete
2019-01-03
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Gerenciar notificações

Nome: Inappropriate Whitespace Style

The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product.

Informações Gerais

Modos de Introdução

Implementation

Plataformas Aplicáveis

Linguagem

Class: Not Language-Specific (Undetermined)

Consequências Comuns

Escopo Impacto Probabilidade
OtherIncrease Analytical Complexity

Note: A human auditor might indirectly trust that whitespace (especially indentation) reflects the actual control flow of the code, which could make it more difficult to find vulnerabilities.
OtherReduce Maintainability

Note: This issue makes it more difficult to understand and maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities.

Exemplos Observados

Referências Descrição

CVE-2014-1266

Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint). The code's whitespace indentation did not reflect the actual control flow (CWE-1114) and did not explicitly delimit the block (CWE-483), which could have made it more difficult for human code auditors to detect the vulnerability.

Notas de Mapeamento de Vulnerabilidade

Justificativa : This entry is primarily a quality issue with no direct security implications.
Comentário : Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.

Referências

REF-963

Providing a Framework for Effective Software Quality Assessment
Robert A. Martin, Lawrence H. Shafer.
https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT

Submissão

Nome Organização Data Data de lançamento Version
CWE Content Team MITRE 2018-07-02 +00:00 2019-01-03 +00:00 3.2

Modificações

Nome Organização Data Comentário
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2024-02-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Applicable_Platforms, Common_Consequences, Description, Observed_Examples, Time_of_Introduction
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.