Skip to main content

Inappropriate coding practices - Unused properties

Description

The application source code defines properties that are not used, adding unnecessary complexity to the source code and leading to a suboptimal state that may cause affectations to the overall application performance.

Impact

  • Hinder the source code maintainability.
  • Release unoptimized source code that may affect the application performance.

Recommendation

Remove the unused properties from the application source code.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

⌚ 15 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: H
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: U
  • Remediation level: O
  • Report confidence: R

Result

  • Vector string: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:R
  • Score:
    • Base: 3.1
    • Temporal: 2.6
  • Severity:
    • Base: Low
    • Temporal: Low

Code Examples

Compliant code

The application does not have any unused properties in the source code

public static void main(String[] args) {
Scanner input = new Scanner(System.in);
String username = input.next();
String password = input.next();

try {
if(isValidUser(username, password)){
//Code to handle user login
}
} catch (InterruptedException e) {
//Code to catch exception
}
}

Non compliant code

There are unused properties in the code

public static void main(String[] args) {
Scanner input = new Scanner(System.in);
String username = input.next();
String password = input.next();
//Defined property that is never used
String passwordVerification;

try {
//Code to handle user login
} catch (InterruptedException e) {
//Code to catch exception
}
}

Requirements