The application contains dead code, i.e. code that does not affect the application work. Dead code includes unreachable code (can not be executed) and useless code (the result of the execution is not used). Compilers and development environments can detect and delete dead code; its presence in the final version of the application indicates a deliberate injection.

A developer can use dead code to hide the application implementation details. This shading transformation increases code entropy and complicates the analysis of the used algorithms. In particular, unreachable incorrect code does not cause errors when the program is running, but when trying to reverse-engineer, it confuses disassembler or decompiler.

Dead code may implement a backdoor, which is activated, for example, by the special values of the request parameters. Backdoor code may be distributed across multiple files.

JavaScript : Undocumented feature: dead code

DerScanner Severity Score

Do you want to fix JavaScript : Undocumented feature: dead code in your application?

See also