| 1 |
119
| Improper Restriction of Operations within the Bounds of a Memory Buffer | C/C++:
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.ITERATOR
ABV.MEMBER
ABV.STACK
ABV.TAINTED
ABV.UNICODE.BOUND_MAP
ABV.UNICODE.FAILED_MAP
ABV.UNICODE.NNTS_MAP
ABV.UNICODE.SELF_MAP
ABV.UNKNOWN_SIZE
NNTS.MIGHT
NNTS.MUST
NNTS.TAINTED
RABV.CHECK
RN.INDEX
SV.FMT_STR.BAD_SCAN_FORMAT
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF
SV.UNBOUND_STRING_INPUT.CIN
SV.UNBOUND_STRING_INPUT.FUNC
C#:
CS.SV.TAINTED.INDEX_ACCESS
CS.SV.TAINTED.CALL.INDEX_ACCESS
|
| 2 |
79
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
C/C++:
SV.TAINTED.XSS.REFLECTED
Java:
SV.XSS.DB
SV.XSS.REF
|
| 3 |
20
| Improper Input Validation | C/C++: ABV.TAINTED
NNTS.TAINTED
SV.TAINTED.ALLOC_SIZE
SV.TAINTED.CALL.DEREF
SV.TAINTED.CALL.INDEX_ACCESS
SV.TAINTED.CALL.LOOP_BOUND
SV.TAINTED.DEREF
SV.TAINTED.FMTSTR
SV.TAINTED.INDEX_ACCESS
SV.TAINTED.LOOP_BOUND
SV.TAINTED.PATH_TRAVERSAL
SV.TAINTED.SECURITY_DECISION
SV.TAINTED.BINOP
SV.TAINTED.CALL.BINOP
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION
C#:
CS.SQL.INJECT.LOCAL
CS.SV.TAINTED.ALLOC_SIZE
CS.SV.TAINTED.CALL.GLOBAL
CS.SV.TAINTED.CALL.INDEX_ACCESS
CS.SV.TAINTED.CALL.LOOP_BOUND
CS.SV.TAINTED.FMTSTR
CS.SV.TAINTED.GLOBAL
CS.SV.TAINTED.INDEX_ACCESS
CS.SV.TAINTED.INJECTION
CS.SV.TAINTED.LOOP_BOUND
CS.SV.TAINTED.PATH_TRAVERSAL
Java:
ANDROID.LIFECYCLE.SV.GETEXTRA
SV.DOS.ARRINDEX
SV.LOADLIB.INJ
SV.STRUTS.NOTVALID
SV.STRUTS.VALIDMET
SV.TAINT
SV.TAINT_NATIVE
|
| 4 |
200
| Information Exposure |
C/C++:
SPECTRE.VARIANT1
C#:
CS.INFORMATION_EXPOSURE.ALL
CS.INFORMATION_EXPOSURE.ATTR
Java:
SV.IL.DEV
SV.IL.FILE
SV.SENSITIVE.DATA
SV.SENSITIVE.OBJ
|
| 5 |
125
| Out-of-bounds Read | C/C++:
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.ITERATOR
ABV.MEMBER
ABV.STACK
ABV.TAINTED
ABV.UNICODE.BOUND_MAP
ABV.UNICODE.FAILED_MAP
ABV.UNICODE.NNTS_MAP
ABV.UNICODE.SELF_MAP
ABV.UNKNOWN_SIZE
NNTS.MIGHT
NNTS.MUST
NNTS.TAINTED
RABV.CHECK
RN.INDEX
SV.FMT_STR.BAD_SCAN_FORMAT
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF
SV.UNBOUND_STRING_INPUT.CIN
SV.UNBOUND_STRING_INPUT.FUNC
|
| 6 |
89
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | C#:
CS.SQL.INJECT.LOCAL
Java:
SV.DATA.DB
SV.SQL
SV.SQL.DBSOURCE
|
| 7 |
416
| Use After Free | C/C++:
CL.FFM.ASSIGN
CL.FFM.COPY
CL.SELF-ASSIGN
CL.SHALLOW.ASSIGN
CL.SHALLOW.COPY
LOCRET.ARG
LOCRET.GLOB
LOCRET.RET
UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST
|
| 8 |
190
| Integer Overflow or Wraparound | C/C++:
NUM.OVERFLOW
SV.TAINTED.BINOP
SV.TAINTED.CALL.BINOP
C#:
CS.SV.TAINTED.BINOP
CS.SV.TAINTED.CALL.BINOP
Java:
SV.INT_OVF
|
| 9 |
352
| Cross-Site Request Forgery (CSRF) | Java:
SV.CSRF.GET
SV.CSRF.TOKEN
SV.CSRF.ORIGIN
|
| 10 |
22
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | C/C++:
SV.DLLPRELOAD.NONABSOLUTE.DLL
SV.DLLPRELOAD.NONABSOLUTE.EXE
SV.DLLPRELOAD.SEARCHPATH
SV.TAINTED.PATH_TRAVERSAL
C#:
CS.SV.TAINTED.PATH_TRAVERSAL
Java:
SV.PATH
SV.PATH.INJ
|
| 11 |
78
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | C/C++:
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION
C#:
CS.SV.TAINTED.INJECTION
Java:
SV.EXEC
SV.EXEC.DIR
SV.EXEC.ENV
SV.EXEC.LOCAL
|
| 12 |
787
| Out-of-bounds Write | C/C++:
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.ITERATOR
ABV.MEMBER
ABV.STACK
ABV.TAINTED
ABV.UNICODE.BOUND_MAP
ABV.UNICODE.FAILED_MAP
ABV.UNICODE.NNTS_MAP
ABV.UNICODE.SELF_MAP
ABV.UNKNOWN_SIZE
NNTS.MIGHT
NNTS.MUST
NNTS.TAINTED
RABV.CHECK
RN.INDEX
SV.FMT_STR.BAD_SCAN_FORMAT
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF
SV.UNBOUND_STRING_INPUT.CIN
SV.UNBOUND_STRING_INPUT.FUNC
|
| 13 |
287
| Improper Authentication |
Not currently supported.
|
| 14 |
476
| NULL Pointer Dereference | C/C++:
NPD.CHECK.CALL.MIGHT
NPD.CHECK.CALL.MUST
NPD.CHECK.MIGHT
NPD.CHECK.MUST
NPD.CONST.CALL
NPD.CONST.DEREF
NPD.FUNC.CALL.MIGHT
NPD.FUNC.CALL.MUST
NPD.FUNC.MIGHT
NPD.FUNC.MUST
NPD.GEN.CALL.MIGHT
NPD.GEN.CALL.MUST
NPD.GEN.MIGHT
NPD.GEN.MUST
RNPD.CALL
RNPD.DEREF
C#:
CS.NRE.CHECK.CALL.MIGHT
CS.NRE.CHECK.CALL.MUST
CS.NRE.CHECK.MIGHT
CS.NRE.CHECK.MUST
CS.NRE.CONST.CALL
CS.NRE.CONST.DEREF
CS.NRE.FUNC.CALL.MIGHT
CS.NRE.FUNC.CALL.MUST
CS.NRE.FUNC.MIGHT
CS.NRE.FUNC.MUST
CS.NRE.GEN.CALL.MIGHT
CS.NRE.GEN.CALL.MUST
CS.NRE.GEN.MIGHT
CS.NRE.GEN.MUST
CS.RNRE
Java:
ANDROID.NPE
NPE.COND
NPE.CONST
NPE.RET
NPE.RET.UTIL
NPE.STAT
REDUN.NULL
RNU.THIS
|
| 15 |
732
| Incorrect Permission Assignment for Critical Resource | C/C++:
SV.USAGERULES.PERMISSIONS
C#:
CS.NPS
Java:
SV.PERMS.HOME
SV.PERMS.WIDE
SV.XSS.COOKIE
|
| 16 |
434
| Unrestricted Upload of File with Dangerous Type |
Java:
SV.DATA.FILE
|
| 17 |
611
| Improper Restriction of XML External Entity Reference |
Java:
|
| 18 |
94
| Improper Control of Generation of Code ('Code Injection') | C/C++:
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION
C#:
CS.SQL.INJECT.LOCAL
CS.SV.TAINTED.FMTSTR
Java:
SV.SQL
SV.SQL.DBSOURCE
SV.DATA.DB
|
| 19 |
798
| Use of Hard-coded Credentials | C/C++:
HCC
HCC.USER
HCC.PWD
Java:
SV.PASSWD.HC
SV.PASSWD.HC.EMPTY
|
| 20 |
400
| Uncontrolled Resource Consumption | C/C++:
CL.MLK
CL.MLK.ASSIGN
CL.MLK.VIRTUAL
MLK.MIGHT
MLK.MUST
MLK.RET.MIGHT
MLK.RET.MUST
RH.LEAK
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION
C#:
CS.RESOURCE.LOOP
CS.SV.TAINTED.LOOP_BOUND.RESOURCE
CS.SV.TAINTED.CALL.LOOP_BOUND.RESOURCE
CS.RESOURCE.AUTOBOXING
CS.RESOURCE.UNBOXING
Java:
JD.INF.ALLOC
SV.DOS.ARRSIZE
|
| 21 |
772
| Missing Release of Resource after Effective Lifetime | C/C++:
RH.LEAK
C#:
CS.RLK
Java:
RLK.AWT
RLK.FIELD
RLK.HIBERNATE
RLK.IMAGEIO
RLK.IN
RLK.JNDI
RLK.MAIL
RLK.MICRO
RLK.NIO
RLK.OUT
RLK.SOCK
RLK.SQLCON
RLK.SQLOBJ
RLK.SWT
RLK.ZIP
|
| 22 |
426
| Untrusted Search Path | C/C++:
SV.TAINTED.PATH_TRAVERSAL
C#:
CS.SV.TAINTED.PATH_TRAVERSAL
Java:
SV.PATH
|
| 23 |
502
| Deserialization of Untrusted Data |
C#:
CS.SV.TAINTED.DESERIALIZATION
Java:
SV.SERIAL.NOFINAL
SV.SERIAL.NOREAD
SV.SERIAL.NOWRITE
SV.SERIAL.SIG
SV.SERIAL.OVERRIDE
|
| 24 |
269
| Improper Privilege Management | C/C++:
SV.USAGERULES.PERMISSIONS
C#:
CS.SV.USAGERULES.PERMISSIONS
Java:
SV.PRIVILEGE.MISSING
|
| 25 |
295
| Improper Certificate Validation |
Java:
SV.ECV
|
