2021 CWE Top 25 Most Dangerous Software Errors mapped to Klocwork Java checkers

Rank and ID Checker name
#01 - CWE-787: Out-of-bounds Write

Currently, there is no applicable checker for this rule.

#02 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SV.XSS.DB

SV.XSS.REF

#03 - CWE-125: Out-of-bounds Read

Currently, there is no applicable checker for this rule.

#04 - CWE-20: Improper Input Validation

ANDROID.LIFECYCLE.SV.GETEXTRA

SV.DOS.ARRINDEX

SV.LOADLIB.INJ

SV.STRUTS.NOTVALID

SV.STRUTS.VALIDMET

SV.TAINT_NATIVE

SV.TAINT

JAVA.SV.XML.INVALID

#05 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

SV.EXEC.DIR

SV.EXEC.ENV

SV.EXEC.LOCAL

SV.EXEC

#06 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SV.DATA.DB

SV.SQL.DBSOURCE

SV.SQL

#07 - CWE-416: Use After Free

Currently, there is no applicable checker for this rule.

#08 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SV.PATH.INJ

SV.PATH

#09 - CWE-352: Cross-Site Request Forgery (CSRF)

SV.CSRF.GET

SV.CSRF.ORIGIN

SV.CSRF.TOKEN

#10 - CWE-434: Unrestricted Upload of File with Dangerous Type

SV.DATA.FILE

#11 - CWE-306: Missing Authentication for Critical Function

SPRING.AUTHC.ABSENT

SPRING.AUTHC.MISSING

#12 - CWE-190: Integer Overflow or Wraparound

SV.INT_OVF

#13 - CWE-502: Deserialization of Untrusted Data

SV.SERIAL.NOFINAL

SV.SERIAL.NOREAD

SV.SERIAL.NOWRITE

SV.SERIAL.OVERRIDE

SV.SERIAL.SIG

#14 - CWE-287: Improper Authentication

SV.AUTH.BYPASS.MIGHT

SV.AUTH.BYPASS.MUST

SV.AUTH.HASH.MIGHT

SV.AUTH.HASH.MUST

SV.LDAP.ANON

#15 - CWE-476: NULL Pointer Dereference

ANDROID.NPE

NPE.COND

NPE.CONST

NPE.RET.UTIL

NPE.RET

NPE.STAT

REDUN.EQNULL

REDUN.NULL

RNU.THIS

#16 - CWE-798: Use of Hard-coded Credentials

SV.PASSWD.HC.EMPTY

SV.PASSWD.HC

#17 - CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Currently, there is no applicable checker for this rule.

#18 - CWE-862: Missing Authorization

SPRING.AUTHZ.ABSENT

SPRING.AUTHZ.MISSING

#19 - CWE-276: Incorrect Default Permissions

SV.PERMS.WIDE

#20 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

SV.IL.DEV

SV.IL.FILE

SV.SENSITIVE.DATA

SV.SENSITIVE.OBJ

#21 - CWE-522: Insufficiently Protected Credentials

SV.PASSWD.PLAIN.HC

SV.PASSWD.PLAIN

#22 - CWE-732: Incorrect Permission Assignment for Critical Resource

SV.PERMS.HOME

SV.PERMS.WIDE

SV.XSS.COOKIE

#23 - CWE-611: Improper Restriction of XML External Entity Reference

SV.XXE.DBF

SV.XXE.SF

SV.XXE.SPF

SV.XXE.TF

SV.XXE.XIF

SV.XXE.XRF

#24 - CWE-918: Server-Side Request Forgery (SSRF)

SV.SSRF.URI

#25 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

SV.EXEC.DIR

SV.EXEC.ENV

SV.EXEC.LOCAL

SV.EXEC