| ABV.ANY_SIZE_ARRAY
|
Buffer Overflow - Array Index Out of Bounds |
1 |
False |
Pre-2020.1 |
| ABV.GENERAL
|
Buffer Overflow - Array Index Out of Bounds |
1 |
True |
Pre-2020.1 |
| ABV.GENERAL.MULTIDIMENSION
|
Buffer Overflow - Array Index Out of Bounds |
1 |
True |
2022.3 |
| ABV.ITERATOR
|
Buffer Overflow - Array Index may be out of Bounds |
1 |
True |
Pre-2020.1 |
| ABV.MEMBER
|
Buffer Overflow - Array Index Out of Bounds |
1 |
True |
Pre-2020.1 |
| ABV.STACK
|
Buffer Overflow - Local Array Index Out of Bounds |
1 |
True |
Pre-2020.1 |
| ABV.TAINTED
|
Buffer Overflow from Unvalidated Input |
1 |
True |
Pre-2020.1 |
| ABV.UNICODE.BOUND_MAP
|
Buffer overflow in mapping character function |
1 |
False |
Pre-2020.1 |
| ABV.UNICODE.FAILED_MAP
|
Mapping function failed |
1 |
False |
Pre-2020.1 |
| ABV.UNICODE.NNTS_MAP
|
Buffer overflow in mapping character function |
1 |
False |
Pre-2020.1 |
| ABV.UNICODE.SELF_MAP
|
Mapping function failed |
1 |
False |
Pre-2020.1 |
| ABV.UNKNOWN_SIZE
|
Buffer Overflow - Array Index Out of Bounds |
1 |
True |
Pre-2020.1 |
| ASSIGCOND.CALL
|
Assignment in condition (call) |
3 |
False |
Pre-2020.1 |
| ASSIGCOND.GEN
|
Assignment in condition |
3 |
False |
Pre-2020.1 |
| BSTR.CAST.C
|
C style type cast to BSTR |
4 |
False |
Pre-2020.1 |
| BSTR.CAST.CPP
|
C++ style type cast to BSTR |
4 |
False |
Pre-2020.1 |
| BSTR.FUNC.ALLOC
|
Incorrect call to BSTR allocating function |
4 |
False |
Pre-2020.1 |
| BSTR.FUNC.FREE
|
Incorrect call to BSTR freeing function |
4 |
False |
Pre-2020.1 |
| BSTR.FUNC.LEN
|
Trying to get length of non-BSTR string using BSTR-related functions |
4 |
False |
Pre-2020.1 |
| BSTR.FUNC.REALLOC
|
Incorrect call to BSTR reallocating function |
4 |
False |
Pre-2020.1 |
| BSTR.IA.ASSIGN
|
BSTR variable is assigned a non-BSTR value |
4 |
False |
Pre-2020.1 |
| BSTR.IA.INIT
|
BSTR variable is initialized with a non-BSTR value |
4 |
False |
Pre-2020.1 |
| BSTR.OPS.ARITHM
|
Illegal arithmetic operations with BSTR values |
4 |
False |
Pre-2020.1 |
| BSTR.OPS.COMP
|
Illegal comparison of BSTR values |
4 |
False |
Pre-2020.1 |
| BSTR.OPS.EQS
|
Illegal equality comparison of BSTR values |
4 |
False |
Pre-2020.1 |
| BYTEORDER.HTON.SEND
|
Missed conversion from host to network byte order |
3 |
False |
Pre-2020.1 |
| BYTEORDER.HTON.WRITE
|
Missed conversion from host to network byte order |
3 |
False |
Pre-2020.1 |
| BYTEORDER.NTOH.READ
|
Missed conversion from network to host byte order |
3 |
False |
Pre-2020.1 |
| BYTEORDER.NTOH.RECV
|
Missed conversion from network to host byte order |
3 |
False |
Pre-2020.1 |
| CERT.ARR.PTR.ARITH
|
Pointer is used in arithmetic expression |
4 |
False |
2022.3 |
| CERT.CONC.ATOMIC_TWICE_EXPR
|
Do not refer to an atomic variable twice in an expression |
4 |
False |
2022.3 |
| CERT.EXIT.HANDLER_TERMINATE
|
All exit handlers must return normally |
2 |
False |
2022.2 |
| CERT.EXPR.PARENS
|
The precedence of operators within expressions should be made explicit. |
4 |
False |
2022.1 |
| CERT.FILE_PTR.DEREF
|
A pointer to a FILE object shall not be dereferenced |
4 |
False |
2022.1 |
| CERT.FILE_PTR.DEREF.CAST
|
Object is casted to a FILE pointer, and it shall not be dereferenced |
4 |
False |
2022.1 |
| CERT.FILE_PTR.DEREF.INDIRECT
|
A pointer to a FILE object shall not be indirectly dereferenced by a system function |
4 |
False |
2022.1 |
| CERT.FILE_PTR.DEREF.RETURN
|
A pointer to a FILE object (returned by function) shall not be dereferenced |
4 |
False |
2022.1 |
| CERT.FIO.NO_FLUSH
|
Flush or positioning function call missing |
3 |
False |
2022.2 |
| CERT.FSETPOS.VALUE
|
Only use values for fsetpos() that are returned from fgetpos() |
3 |
False |
2022.2 |
| CERT.MEMCMP.FLOAT_MEMBER
|
Do not compare when member is floating point |
4 |
False |
2021.3 |
| CERT.MEMCMP.PADDED_DATA
|
Do not compare padding data |
4 |
False |
2021.3 |
| CERT.MEM.PLACEMENTNEW.MISALIGNED
|
Provide placement new with properly aligned storage |
4 |
False |
2024.3 |
| CERT.MEM.PLACEMENTNEW.TOOSMALL
|
Provide placement new with sufficient storage |
4 |
False |
2024.3 |
| CERT.OOP.CTOR.VIRTUAL_FUNC
|
Do not invoke virtual functions from constructors or destructors |
4 |
False |
2022.1 |
| CERT.PUTENV.AUTO_VARIABLE
|
Do not call putenv() with a pointer to an automatic variable as the argument |
4 |
False |
2022.1 |
| CERT.SIG.SIG_HANDLER.ASYNC_SAFE
|
Call only asynchronous-safe functions within signal handlers |
4 |
False |
2024.3 |
| CERT.STDLIB.SIGNAL
|
Do not return from a computational exception signal handler |
4 |
False |
2022.2 |
| CERT.VA_ARG.TYPE
|
Do not call va_arg with an argument of the incorrect type |
4 |
False |
2022.2 |
| CERT.VA_START.TYPE
|
Pass an object of the correct type to va_start |
4 |
False |
2022.2 |
| CL.ASSIGN.NON_CONST_ARG
|
Assignment operator declares non-constant reference argument |
4 |
True |
Pre-2020.1 |
| CL.ASSIGN.RETURN_CONST
|
Assignment operator returns constant reference |
4 |
True |
Pre-2020.1 |
| CL.ASSIGN.VOID
|
Assignment operator returns void |
4 |
True |
Pre-2020.1 |
| CL.FFM.ASSIGN
|
Use of free memory (double free) - no operator= |
3 |
True |
Pre-2020.1 |
| CL.FFM.COPY
|
Use of free memory (double free) - no copy constructor |
3 |
True |
Pre-2020.1 |
| CL.FMM
|
Freeing Mismatched Memory - in destructor |
3 |
True |
Pre-2020.1 |
| CL.MLK
|
Memory Leak - in destructor |
3 |
True |
Pre-2020.1 |
| CL.MLK.ASSIGN
|
Memory Leak - in assignment operator |
3 |
True |
Pre-2020.1 |
| CL.MLK.VIRTUAL
|
Memory Leak - possible in destructor |
2 |
True |
Pre-2020.1 |
| CL.SELF-ASSIGN
|
Use of free memory (double free) - in operator= |
2 |
True |
Pre-2020.1 |
| CL.SHALLOW.ASSIGN
|
Use of free memory (double free) - shallow copy in operator= |
2 |
True |
Pre-2020.1 |
| CL.SHALLOW.COPY
|
Use of free memory (double free) - shallow copy in copy constructor |
2 |
True |
Pre-2020.1 |
| CONC.DBL_LOCK
|
Double Lock |
2 |
False |
2021.2 |
| CONC.DBL_UNLOCK
|
Double Unlock |
2 |
False |
2021.2 |
| CONC.DL
|
Deadlock |
2 |
False |
Pre-2020.1 |
| CONC.NO_LOCK
|
Missing lock for variable |
2 |
False |
2021.2 |
| CONC.NO_UNLOCK
|
Missing unlock for variable |
2 |
True |
2022.3 |
| CONC.SLEEP
|
Function may block in critical section |
3 |
True |
2022.3 |
| CWARN.ALIGNMENT
|
Incorrect pointer scaling is used |
4 |
True |
Pre-2020.1 |
| CWARN.BAD.PTR.ARITH
|
Bad pointer arithmetic |
4 |
False |
Pre-2020.1 |
| CWARN.BITOP.SIZE
|
Operands of different size in bitwise operation |
4 |
True |
2020.3 |
| CWARN.BOOLOP.INC
|
A boolean is incremented or decremented |
4 |
True |
Pre-2020.1 |
| CWARN.CAST.VIRTUAL_INHERITANCE
|
C-style cast of pointer to object with virtual methods to pointer to its derived class |
4 |
False |
Pre-2020.1 |
| CWARN.CMPCHR.EOF
|
A 'char' expression compared with EOF constant |
4 |
False |
Pre-2020.1 |
| CWARN.CONSTCOND.DO
|
'do' controlling expression is constant |
4 |
False |
Pre-2020.1 |
| CWARN.CONSTCOND.IF
|
'if' controlling expression is constant |
4 |
False |
Pre-2020.1 |
| CWARN.CONSTCOND.SWITCH
|
'switch' selector expression is constant |
4 |
False |
Pre-2020.1 |
| CWARN.CONSTCOND.TERNARY
|
Controlling condition in conditional expression is constant |
4 |
False |
Pre-2020.1 |
| CWARN.CONSTCOND.WHILE
|
'while' controlling expression is constant |
4 |
False |
Pre-2020.1 |
| CWARN.COPY.NOASSIGN
|
Class defines copy constructor, but no assignment operator |
4 |
False |
Pre-2020.1 |
| CWARN.DTOR.NONVIRT.DELETE
|
Delete expression for an object of a class with virtual methods and no virtual destructor |
2 |
True |
Pre-2020.1 |
| CWARN.DTOR.NONVIRT.NOTEMPTY
|
Class has virtual functions inherited from a base class, but its destructor is not virtual and not empty |
2 |
True |
Pre-2020.1 |
| CWARN.DTOR.VOIDPTR
|
Delete expression with an object of type pointer to void |
3 |
True |
Pre-2020.1 |
| CWARN.EMPTY.LABEL
|
Empty label statement |
4 |
False |
Pre-2020.1 |
| CWARN.EMPTY.TYPEDEF
|
Missing typedef name |
4 |
False |
Pre-2020.1 |
| CWARN.FUNCADDR
|
Function address is used instead of a call to this function |
2 |
False |
Pre-2020.1 |
| CWARN.HIDDEN.PARAM
|
Parameter hidden by local variable |
4 |
False |
Pre-2020.1 |
| CWARN.IMPLICITINT
|
Anachronistic 'implicit int' |
4 |
False |
2023.4 |
| CWARN.INCL.ABSOLUTE
|
Absolute path is used in include directive |
4 |
False |
Pre-2020.1 |
| CWARN.INCL.NO_INTERFACE
|
Source file does not include its interface header |
4 |
False |
Pre-2020.1 |
| CWARN.INLINE.NONFUNC
|
'inline' used with non-function |
4 |
False |
Pre-2020.1 |
| CWARN.MEMBER.INIT.ORDER
|
Members of the initialization list are not listed in the order in which they are declared in the class |
4 |
False |
Pre-2020.1 |
| CWARN.MEM.NONPOD
|
Memory manipulation routine applied to a non-POD object |
4 |
True |
Pre-2020.1 |
| CWARN.MEMSET.SIZEOF.PTR
|
Memset-like function is called for 'sizeof' applied to pointer |
4 |
False |
Pre-2020.1 |
| CWARN.MOVE.CONST
|
Const value used as argument for std::move |
4 |
True |
2020.1 |
| CWARN.NOEFFECT.OUTOFRANGE
|
Value outside of range |
3 |
False |
Pre-2020.1 |
| CWARN.NOEFFECT.SELF_ASSIGN
|
A variable is assigned to self |
4 |
False |
Pre-2020.1 |
| CWARN.NOEFFECT.UCMP.GE
|
Comparison of unsigned value against 0 is always true |
4 |
True |
Pre-2020.1 |
| CWARN.NOEFFECT.UCMP.GE.MACRO
|
Comparison of unsigned value against 0 within a macro is always true |
4 |
False |
Pre-2020.1 |
| CWARN.NOEFFECT.UCMP.LT
|
Comparison of unsigned value against 0 is always false |
4 |
True |
Pre-2020.1 |
| CWARN.NOEFFECT.UCMP.LT.MACRO
|
Comparison of unsigned value against 0 within a macro is always false |
4 |
False |
Pre-2020.1 |
| CWARN.NULLCHECK.FUNCNAME
|
Function address was directly compared against 0 |
4 |
True |
Pre-2020.1 |
| CWARN.OVERRIDE.CONST
|
Function overriding fails due to mismatch of 'const' qualifiers |
4 |
True |
Pre-2020.1 |
| CWARN.PACKED.TYPEDEF
|
'packed' attribute ignored in typedef |
4 |
False |
Pre-2020.1 |
| CWARN.PASSBYVALUE.ARG
|
Function argument passed by value is too large |
4 |
False |
Pre-2020.1 |
| CWARN.PASSBYVALUE.EXC
|
Exception object passed by value is too large |
4 |
False |
Pre-2020.1 |
| CWARN.RET.MAIN
|
Bad return type of main |
4 |
True |
Pre-2020.1 |
| CWARN.SIGNEDBIT
|
Signed one bit field |
4 |
True |
Pre-2020.1 |
| CXX.BITOP.BOOL_OPERAND
|
Potential logic error: Boolean expressions should not be used directly as bitwise operator arguments. Consider using logical
operators instead.
|
4 |
False |
2021.1 |
| CXX.BITOP.NON_CONST_OPERAND
|
Bitwise operators should be applied to constants only |
4 |
False |
2021.1 |
| CXX.CAST.OBJ_PTR_TO_OBJ_PTR
|
Cast between a pointer to object type and a pointer to a different object type |
4 |
False |
2021.3 |
| CXX.CAST.SIGNED_CHAR_TO_INTEGER
|
Cast char to unsigned char before converting to larger integer sizes |
4 |
False |
2021.3 |
| CXX.DIFF.WIDTH.STR_AND_FUNC
|
Implicit cast between narrow and wide character string while calling function |
4 |
False |
2021.3 |
| CXX.ERRNO.INCORRECTLY_CHECKED
|
Errno condition check not required after calling library function |
3 |
False |
2021.2 |
| CXX.ERRNO.NOT_CHECKED
|
Errno condition check is missing after calling library function |
3 |
False |
2021.2 |
| CXX.ERRNO.NOT_SET
|
Errno is not reset to zero before calling library function |
3 |
False |
2021.2 |
| CXX.ID_VIS.GLOBAL_VARIABLE.EXTERN
|
Visibility of extern global variable is too wide |
4 |
False |
Pre-2020.1 |
| CXX.ID_VIS.GLOBAL_VARIABLE.STATIC
|
Visibility of static global variable is too wide |
4 |
False |
Pre-2020.1 |
| CXX.INT_TO_FLOAT.CONV
|
Use of implicit conversion in an arithmetic operation |
4 |
False |
2021.2 |
| CXX.LOGICAL_OP.INT_OPERAND
|
Potential logic error: Integral expressions should not be used directly as logical operator operands. Boolean expressions
should be used instead.
|
4 |
False |
2021.1 |
| CXX.LOGICAL_OP.NON_BOOL_CONSTANT
|
Logical operators should not be applied directly to constants |
4 |
False |
2021.1 |
| CXX.OVERWRITE_CONST_CHAR
|
Attempt to overwrite a constant string |
3 |
False |
2021.1 |
| CXX.POSSIBLE_COPY_PASTE.FSTRING.APPEND_SAME_STRING
|
Possible copy-paste error: Appending the same FString twice |
4 |
False |
2021.1 |
| CXX.POSSIBLE_COPY_PASTE.LOGICAL_OP.CMP_SAME_OBJECT
|
Possible copy-paste error: An object should not be logically compared to itself |
4 |
False |
2021.1 |
| CXX.POSSIBLE_COPY_PASTE.TERNARY_OP
|
Possible copy-paste in the 'then' and 'else' branches of a ternary operator |
4 |
False |
2021.1 |
| CXX.SQL.INJECT
|
SQL Injection |
2 |
False |
2021.2 |
| CXX.STDLIB.ILLEGAL_REUSE
|
The pointer returned by the Standard Library functions asctime and similar shall not be used following a subsequent call to
the same function
|
4 |
False |
2021.3 |
| CXX.STDLIB.ILLEGAL_WRITE
|
The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if
they have pointer to const-qualified type
|
4 |
False |
2021.3 |
| CXX.SUSPICIOUS_INDEX_CHECK
|
Suspicious use of index after boundary check |
1 |
False |
2023.4 |
| CXX.SUSPICIOUS_INDEX_CHECK.CALL
|
Suspicious use of index in a function call after a boundary check |
1 |
False |
2023.4 |
| CXX.SUSPICIOUS_INDEX_CHECK.ZERO
|
Suspicious use of index after index check for zero |
1 |
False |
2023.4 |
| CXX.SV.INSECURE_COOKIE
|
Insecure cookie |
4 |
False |
2023.1 |
| CXX.SV.PERSISTENT_COOKIE
|
Illegal usage of a persistent cookie |
4 |
False |
2023.1 |
| CXX.SV.PRIVATE_KEY.EMPTY_PASSWD
|
Attempt to serialize private key in an unauthorized way |
3 |
False |
2023.2 |
| CXX.SV.PRIVATE_KEY.UNENCRYPTED
|
Attempt to serialize private key in an unauthorized way |
3 |
False |
2023.2 |
| CXX.SV.PWD.PLAIN
|
Attempt to set password using a plain string |
2 |
False |
2023.2 |
| CXX.SV.PWD.PLAIN.LENGTH
|
Attempt to set password with a length less than 15 characters |
3 |
False |
2023.2 |
| CXX.SV.PWD.PLAIN.LENGTH.ZERO
|
Attempt to set password with a length of zero characters |
3 |
False |
2023.2 |
| CXX.SV.PWD_INPUT.REVIEW
|
Password authentication should be checked against brute force attacks |
4 |
False |
2023.2 |
| CXX.SV.XXE
|
Attempting to resolve external entities while parsing a XML file can lead to XXE attack |
4 |
False |
2023.1 |
| DBZ.CONST
|
Division by a zero constant occurs |
1 |
False |
2020.2 |
| DBZ.CONST.CALL
|
The value '0' is passed to function that can use this value as divisor |
1 |
False |
Pre-2020.1 |
| DBZ.GENERAL
|
Division by zero might occur |
1 |
False |
2023.3 |
| DBZ.ITERATOR
|
Division by zero might occur in a loop iterator |
1 |
False |
Pre-2020.1 |
| DBZ.ITERATOR.CALL
|
Division by zero might occur in a function call |
1 |
False |
Pre-2020.1 |
| EFFECT
|
Statement has no effect |
4 |
False |
Pre-2020.1 |
| FMM.MIGHT
|
Freeing Mismatched Memory - possible |
2 |
True |
Pre-2020.1 |
| FMM.MUST
|
Freeing Mismatched Memory |
1 |
True |
Pre-2020.1 |
| FNH.MIGHT
|
Freeing Non-Heap Memory - possible |
1 |
True |
Pre-2020.1 |
| FNH.MUST
|
Freeing Non-Heap Memory |
2 |
True |
Pre-2020.1 |
| FREE.INCONSISTENT
|
Inconsistent Freeing of Memory |
3 |
False |
Pre-2020.1 |
| FUM.GEN.MIGHT
|
Freeing Unallocated Memory - possible |
1 |
True |
Pre-2020.1 |
| FUM.GEN.MUST
|
Freeing Unallocated Memory |
1 |
True |
Pre-2020.1 |
| FUNCRET.GEN
|
Non-void function does not return value |
1 |
True |
Pre-2020.1 |
| FUNCRET.IMPLICIT
|
Non-void function implicitly returning int does not return value |
2 |
True |
Pre-2020.1 |
| HCC
|
Use of hardcoded credentials |
2 |
True |
Pre-2020.1 |
| HCC.PWD
|
Use of a hardcoded password |
2 |
True |
Pre-2020.1 |
| HCC.USER
|
Use of a hardcoded user name |
2 |
True |
Pre-2020.1 |
| INCONSISTENT.LABEL
|
Inconsistent Case Labels |
4 |
True |
Pre-2020.1 |
| INCORRECT.ALLOC_SIZE
|
Incorrect Allocation Size |
3 |
True |
Pre-2020.1 |
| INFINITE_LOOP.GLOBAL
|
Infinite loop |
2 |
False |
Pre-2020.1 |
| INFINITE_LOOP.LOCAL
|
Infinite loop |
2 |
True |
Pre-2020.1 |
| INFINITE_LOOP.MACRO
|
Infinite loop |
2 |
False |
Pre-2020.1 |
| INVARIANT_CONDITION.GEN
|
Invariant expression in a condition |
3 |
False |
2020.1 |
| INVARIANT_CONDITION.UNREACH
|
Invariant expression in a condition |
3 |
False |
Pre-2020.1 |
| ITER.CONTAINER.MODIFIED
|
Use of invalid iterator |
3 |
True |
Pre-2020.1 |
| ITER.END.DEREF.MIGHT
|
Dereference of 'end' iterator |
3 |
True |
Pre-2020.1 |
| ITER.END.DEREF.MUST
|
Dereference of 'end' iterator |
3 |
True |
Pre-2020.1 |
| ITER.INAPPROPRIATE
|
Use of iterator with inappropriate container object |
4 |
True |
Pre-2020.1 |
| ITER.INAPPROPRIATE.MULTIPLE
|
Use of iterator with inappropriate container object |
4 |
True |
Pre-2020.1 |
| LA_UNUSED
|
Label unused |
4 |
False |
Pre-2020.1 |
| LOCRET.ARG
|
Function returns address of local variable |
1 |
True |
Pre-2020.1 |
| LOCRET.GLOB
|
Function returns address of local variable |
1 |
True |
Pre-2020.1 |
| LOCRET.RET
|
Function returns address of local variable |
1 |
True |
Pre-2020.1 |
| LS.CALL
|
Suspicious use of non-localized string in GUI function |
3 |
False |
Pre-2020.1 |
| LS.CALL.STRING
|
Suspicious use of non-localized string in GUI function |
3 |
False |
Pre-2020.1 |
| LV_UNUSED.GEN
|
Local variable unused |
4 |
False |
2020.3 |
| MLK.MIGHT
|
Memory Leak - possible |
2 |
True |
Pre-2020.1 |
| MLK.MUST
|
Memory Leak |
2 |
True |
2020.1 |
| MLK.RET.MIGHT
|
Memory Leak - possible |
2 |
False |
Pre-2020.1 |
| MLK.RET.MUST
|
Memory Leak |
2 |
True |
Pre-2020.1 |
| NNTS.MIGHT
|
Buffer Overflow - Non-null Terminated String |
1 |
True |
Pre-2020.1 |
| NNTS.MUST
|
Buffer Overflow - Non-null Terminated String |
1 |
True |
Pre-2020.1 |
| NNTS.TAINTED
|
Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String |
1 |
True |
Pre-2020.1 |
| NPD.CHECK.CALL.MIGHT
|
Pointer may be passed to function that can dereference it after it was positively checked for NULL |
1 |
True |
Pre-2020.1 |
| NPD.CHECK.CALL.MUST
|
Pointer will be passed to function that may dereference it after it was positively checked for NULL |
1 |
True |
Pre-2020.1 |
| NPD.CHECK.MIGHT
|
Pointer may be dereferenced after it was positively checked for NULL |
1 |
True |
Pre-2020.1 |
| NPD.CHECK.MUST
|
Pointer will be dereferenced after it was positively checked for NULL |
1 |
True |
Pre-2020.1 |
| NPD.CONST.CALL
|
NULL is passed to function that can dereference it |
1 |
False |
Pre-2020.1 |
| NPD.CONST.DEREF
|
NULL is dereferenced |
1 |
False |
Pre-2020.1 |
| NPD.FUNC.CALL.MIGHT
|
Result of function that may return NULL may be passed to another function that may dereference it |
1 |
False |
Pre-2020.1 |
| NPD.FUNC.CALL.MUST
|
Result of function that may return NULL will be passed to another function that may dereference it |
1 |
False |
Pre-2020.1 |
| NPD.FUNC.MIGHT
|
Result of function that can return NULL may be dereferenced |
1 |
True |
Pre-2020.1 |
| NPD.FUNC.MUST
|
Result of function that may return NULL will be dereferenced |
1 |
True |
Pre-2020.1 |
| NPD.GEN.CALL.MIGHT
|
Null pointer may be passed to function that may dereference it |
1 |
True |
Pre-2020.1 |
| NPD.GEN.CALL.MUST
|
Null pointer will be passed to function that may dereference it |
1 |
True |
Pre-2020.1 |
| NPD.GEN.MIGHT
|
Null pointer may be dereferenced |
1 |
True |
Pre-2020.1 |
| NPD.GEN.MUST
|
Null pointer will be dereferenced |
1 |
True |
Pre-2020.1 |
| NUM.OVERFLOW
|
Possible Overflow |
3 |
False |
Pre-2020.1 |
| NUM.OVERFLOW.DF
|
Possible numeric overflow or wraparound |
3 |
False |
2024.2 |
| PORTING.BITFIELDS
|
Usage of bitfields within a structure |
4 |
False |
Pre-2020.1 |
| PORTING.BSWAP.MACRO
|
A custom byte swap macro is used without checking endian |
4 |
False |
Pre-2020.1 |
| PORTING.BYTEORDER.SIZE
|
An incompatible type is used with a network macro such as 'ntohl' |
4 |
False |
Pre-2020.1 |
| PORTING.CAST.FLTPNT
|
Cast of a floating point expression to a non floating point type |
4 |
False |
Pre-2020.1 |
| PORTING.CAST.PTR
|
Cast between types that are not both pointers or not pointers |
4 |
False |
Pre-2020.1 |
| PORTING.CAST.PTR.FLTPNT
|
Cast of a pointer to a floating point expression to a non floating point type pointer |
4 |
False |
Pre-2020.1 |
| PORTING.CAST.PTR.SIZE
|
Attempt to cast an expression to a type of a potentially incompatible size |
4 |
False |
Pre-2020.1 |
| PORTING.CAST.SIZE
|
Expression is cast to a type of potentially different size |
4 |
False |
Pre-2020.1 |
| PORTING.CMPSPEC.EFFECTS.ASSIGNMENT
|
Assignment in a function parameter |
4 |
False |
Pre-2020.1 |
| PORTING.CMPSPEC.TYPE.BOOL
|
Assignment to a 'bool' type is larger than 1 byte |
4 |
False |
Pre-2020.1 |
| PORTING.CMPSPEC.TYPE.LONGLONG
|
Use of 'long long' |
4 |
False |
Pre-2020.1 |
| PORTING.MACRO.NUMTYPE
|
Macro describing a builtin numeric type is used |
4 |
False |
Pre-2020.1 |
| PORTING.OPTS
|
Compiler dependant option is used |
4 |
False |
Pre-2020.1 |
| PORTING.PRAGMA.ALIGN
|
#pragma align usage |
4 |
False |
Pre-2020.1 |
| PORTING.PRAGMA.PACK
|
#pragma pack usage |
4 |
False |
Pre-2020.1 |
| PORTING.SIGNED.CHAR
|
'char' used without explicitly specifying signedness |
4 |
False |
Pre-2020.1 |
| PORTING.STORAGE.STRUCT
|
Byte position of elements in a structure could depend on alignment and packing attributes. |
4 |
False |
Pre-2020.1 |
| PORTING.STRUCT.BOOL
|
Struct/class has a bool member |
4 |
False |
Pre-2020.1 |
| PORTING.UNIONS
|
Union is used within an enclosing struct/class/other union |
4 |
False |
Pre-2020.1 |
| PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE
|
Relational expression may be always false depending on 'char' type signedness |
4 |
False |
Pre-2020.1 |
| PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE
|
Relational expression may be always true depending on 'char' type signedness |
4 |
False |
Pre-2020.1 |
| PORTING.UNSIGNEDCHAR.RELOP
|
Relational operations used between explicitly signed/unsigned char and char without signedness specification |
4 |
False |
Pre-2020.1 |
| PORTING.VAR.EFFECTS
|
Variable used twice in one expression where one usage is subject to side-effects |
4 |
False |
Pre-2020.1 |
| PRECISION.LOSS
|
Loss of Precision |
4 |
False |
Pre-2020.1 |
| PRECISION.LOSS.CALL
|
Loss of Precision during function call |
4 |
False |
Pre-2020.1 |
| PRECISION.LOSS.INIT
|
Loss of Precision during initialization |
4 |
False |
2023.3 |
| RABV.CHECK
|
Suspicious use of index before boundary check |
1 |
True |
Pre-2020.1 |
| RCA
|
Risky cryptographic algorithm used |
2 |
True |
Pre-2020.1 |
| RCA.HASH.SALT.EMPTY
|
Use of a one-way hash with an empty salt |
2 |
True |
Pre-2020.1 |
| RETVOID.GEN
|
Non-void function returns void value |
2 |
True |
Pre-2020.1 |
| RETVOID.IMPLICIT
|
Implicitly int function returns void value |
2 |
True |
Pre-2020.1 |
| RH.LEAK
|
Resource leak |
2 |
True |
2020.1 |
| RN.INDEX
|
Suspicious use of index before negative check |
1 |
True |
Pre-2020.1 |
| RNPD.CALL
|
Suspicious dereference of pointer in function call before NULL check |
1 |
True |
Pre-2020.1 |
| RNPD.DEREF
|
Suspicious dereference of pointer before NULL check |
1 |
True |
Pre-2020.1 |
| SEMICOL
|
Suspiciously placed semicolon |
4 |
False |
Pre-2020.1 |
| SPECTRE.VARIANT1
|
Potential exploit of speculative execution |
3 |
False |
Pre-2020.1 |
| STRONG.TYPE.ASSIGN
|
Assignment does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.ASSIGN.ARG
|
Assignment does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.ASSIGN.CONST
|
Assignment does not respect strong typing |
4 |
False |
2022.4 |
| STRONG.TYPE.ASSIGN.INIT
|
Assignment does not respect strong typing |
4 |
False |
2020.3 |
| STRONG.TYPE.ASSIGN.RETURN
|
Assignment does not respect strong typing |
4 |
False |
2020.3 |
| STRONG.TYPE.ASSIGN.ZERO
|
Assignment does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.EXTRACT
|
Assignment does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.JOIN.CMP
|
Joining with binary operator does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.JOIN.CONST
|
Joining with binary operator does not respect strong typing |
4 |
False |
2020.1 |
| STRONG.TYPE.JOIN.EQ
|
Joining with binary operator does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.JOIN.OTHER
|
Joining with binary operator does not respect strong typing |
4 |
False |
Pre-2020.1 |
| STRONG.TYPE.JOIN.ZERO
|
Joining with binary operator does not respect strong typing |
4 |
False |
2020.1 |
| SV.BANNED.RECOMMENDED.ALLOCA
|
Banned recommended API: stack allocation functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.NUMERIC
|
Banned recommended API: unsafe numeric conversion functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.OEM
|
Banned recommended API: OEM character page conversion functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.PATH
|
Banned recommended API: unsafe path name manipulation functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.SCANF
|
Banned recommended API: unsafe scanf-type functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.SPRINTF
|
Banned recommended API: unsafe sprintf-type functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.STRLEN
|
Banned recommended API: unsafe string length functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.TOKEN
|
Banned recommended API: unsafe string tokenizing functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.RECOMMENDED.WINDOW
|
Banned recommended API: unsafe window functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.REQUIRED.CONCAT
|
Banned required API: unsafe string concatenation functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.REQUIRED.COPY
|
Banned required API: unsafe buffer copy functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.REQUIRED.GETS
|
Banned required API: unsafe stream reading functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.REQUIRED.ISBAD
|
Banned required API: IsBad-type functions |
4 |
False |
Pre-2020.1 |
| SV.BANNED.REQUIRED.SPRINTF
|
Banned required API: unsafe sprintf-type functions |
4 |
False |
Pre-2020.1 |
| SV.BFC.USING_STRUCT
|
Use of INADDR_ANY in sin_addr.s_addr field of struct sockaddr_in Structure Used for Call to bind Function |
4 |
False |
Pre-2020.1 |
| SV.BRM.HKEY_LOCAL_MACHINE
|
HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function |
4 |
False |
Pre-2020.1 |
| SV.CODE_INJECTION.SHELL_EXEC
|
Command Injection into Shell Execution |
3 |
False |
Pre-2020.1 |
| SV.DLLPRELOAD.NONABSOLUTE.DLL
|
Potential DLL-preload hijack vector |
2 |
False |
Pre-2020.1 |
| SV.DLLPRELOAD.NONABSOLUTE.EXE
|
Potential process injection vector |
2 |
False |
Pre-2020.1 |
| SV.DLLPRELOAD.SEARCHPATH
|
Do not use SearchPath to find DLLs |
2 |
False |
Pre-2020.1 |
| SV.FIU.PROCESS_VARIANTS
|
Use of Dangerous Process Creation |
4 |
False |
Pre-2020.1 |
| SV.FMTSTR.GENERIC
|
Format String Vulnerability |
1 |
False |
Pre-2020.1 |
| SV.FMT_STR.BAD_SCAN_FORMAT
|
Input format specifier error |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD
|
Incompatible type of a print function parameter |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED
|
Unexpected type of a print function parameter |
4 |
True |
Pre-2020.1 |
| SV.FMT_STR.PRINT_IMPROP_LENGTH
|
Improper use of length modifier in a print function call |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW
|
Too few arguments in a print function call |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY
|
Too many arguments in a print function call |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD
|
Incompatible type of a scan function parameter |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED
|
Unexpected type of a scan function parameter |
2 |
True |
2021.4 |
| SV.FMT_STR.SCAN_IMPROP_LENGTH
|
Improper use of length modifier in a scan function call |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW
|
Too few arguments in a scan function call |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY
|
Too many arguments in a scan function call |
2 |
True |
Pre-2020.1 |
| SV.FMT_STR.UNKWN_FORMAT
|
Unknown format specifier in a print function call |
3 |
True |
Pre-2020.1 |
| SV.FMT_STR.UNKWN_FORMAT.SCAN
|
Unknown format specifier in a scan function call |
3 |
True |
Pre-2020.1 |
| SV.INCORRECT_RESOURCE_HANDLING.URH
|
Insecure Resource Handling |
3 |
False |
Pre-2020.1 |
| SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS
|
Insecure Resource Handling |
3 |
False |
Pre-2020.1 |
| SV.LPP.CONST
|
Use of Insecure Macro for Dangerous Functions |
3 |
False |
Pre-2020.1 |
| SV.LPP.VAR
|
Use of Insecure Parameter for Dangerous Functions |
3 |
False |
Pre-2020.1 |
| SV.PCC.CONST
|
Insecure (Constant) Temporary File Name in Call to CreateFile |
4 |
False |
Pre-2020.1 |
| SV.PCC.INVALID_TEMP_PATH
|
Insecure Temporary File Name in Call to CreateFile |
4 |
False |
Pre-2020.1 |
| SV.PCC.MISSING_TEMP_CALLS.MUST
|
Missing Secure Temporary File Names in Call to CreateFile |
4 |
False |
Pre-2020.1 |
| SV.PCC.MISSING_TEMP_FILENAME
|
Missing Temporary File Name in Call to CreateFile |
4 |
False |
Pre-2020.1 |
| SV.PCC.MODIFIED_BEFORE_CREATE
|
Modification of Temporary File Name before Call to CreateFile |
4 |
False |
Pre-2020.1 |
| SV.PIPE.CONST
|
Potential pipe hijacking |
3 |
False |
Pre-2020.1 |
| SV.PIPE.VAR
|
Potential pipe hijacking |
3 |
False |
Pre-2020.1 |
| SV.RVT.RETVAL_NOTTESTED
|
Ignored Return Value |
4 |
False |
2021.2 |
| SV.SIP.CONST
|
Use of Insecure Macro for Dangerous Functions |
3 |
False |
Pre-2020.1 |
| SV.SIP.VAR
|
Use of Insecure Parameter for Dangerous Functions |
3 |
False |
Pre-2020.1 |
| SV.STRBO.BOUND_COPY.OVERFLOW
|
Buffer Overflow in Bound String Copy |
1 |
False |
2023.4 |
| SV.STRBO.BOUND_COPY.UNTERM
|
Possible Buffer Overflow in Following String Operations |
2 |
False |
Pre-2020.1 |
| SV.STRBO.BOUND_SPRINTF
|
Buffer Overflow in Bound sprintf |
1 |
False |
Pre-2020.1 |
| SV.STRBO.UNBOUND_COPY
|
Buffer Overflow in Unbound String Copy |
1 |
False |
Pre-2020.1 |
| SV.STRBO.UNBOUND_SPRINTF
|
Buffer Overflow in Unbound sprintf |
1 |
False |
Pre-2020.1 |
| SV.STR_PAR.UNDESIRED_STRING_PARAMETER
|
Undesired String for File Path |
4 |
False |
Pre-2020.1 |
| SV.TAINTED.ALLOC_SIZE
|
Use of Unvalidated Integer in Memory Allocation |
2 |
True |
Pre-2020.1 |
| SV.TAINTED.BINOP
|
Use of Unvalidated Integer in Binary Operation |
3 |
False |
2021.2 |
| SV.TAINTED.CALL.BINOP
|
Use of Unvalidated Integer in Binary Operation |
3 |
False |
Pre-2020.1 |
| SV.TAINTED.CALL.DEREF
|
Dereference Of An Unvalidated Pointer |
3 |
False |
Pre-2020.1 |
| SV.TAINTED.CALL.GLOBAL
|
Use of Unvalidated Integer in an Assignment Operation |
3 |
False |
2020.2 |
| SV.TAINTED.CALL.INDEX_ACCESS
|
Use of Unvalidated Integer as Array Index by Function Call |
2 |
True |
Pre-2020.1 |
| SV.TAINTED.CALL.LOOP_BOUND
|
Use of Unvalidated Integer in Loop Condition through a Function Call |
2 |
True |
Pre-2020.1 |
| SV.TAINTED.DEREF
|
Dereference Of An Unvalidated Pointer |
3 |
False |
Pre-2020.1 |
| SV.TAINTED.FMTSTR
|
Use of Unvalidated Data in a Format String |
1 |
True |
Pre-2020.1 |
| SV.TAINTED.GLOBAL
|
Use of Unvalidated Integer in an Assignment Operation |
3 |
False |
2020.2 |
| SV.TAINTED.INDEX_ACCESS
|
Use of Unvalidated Integer as Array Index |
1 |
True |
Pre-2020.1 |
| SV.TAINTED.INJECTION
|
Command Injection |
3 |
True |
Pre-2020.1 |
| SV.TAINTED.LOOP_BOUND
|
Use of Unvalidated Integer in Loop Condition |
2 |
True |
Pre-2020.1 |
| SV.TAINTED.PATH_TRAVERSAL
|
Use of Unvalidated Data in a Path Traversal |
1 |
True |
Pre-2020.1 |
| SV.TAINTED.SECURITY_DECISION
|
Security Decision |
3 |
False |
Pre-2020.1 |
| SV.TAINTED.XSS.REFLECTED
|
Cross-site Scripting Vulnerability |
3 |
False |
2020.3 |
| SV.TOCTOU.FILE_ACCESS
|
Time of Creation/Time of Use Race condition in File Access |
4 |
False |
Pre-2020.1 |
| SV.UNBOUND_STRING_INPUT.CIN
|
Usage of cin for unbounded string input |
1 |
True |
Pre-2020.1 |
| SV.UNBOUND_STRING_INPUT.FUNC
|
Usage of unbounded string input |
1 |
True |
Pre-2020.1 |
| SV.USAGERULES.PERMISSIONS
|
Use of Privilege Elevation |
4 |
False |
Pre-2020.1 |
| SV.USAGERULES.PROCESS_VARIANTS
|
Use of Dangerous Process Creation Function |
4 |
False |
Pre-2020.1 |
| SV.USAGERULES.SPOOFING
|
Use of Function Susceptible to Spoofing |
4 |
False |
Pre-2020.1 |
| SV.WEAK_CRYPTO.WEAK_HASH
|
Weak Hash Function |
4 |
False |
Pre-2020.1 |
| UFM.DEREF.MIGHT
|
Use of free memory (access) - possible |
1 |
True |
Pre-2020.1 |
| UFM.DEREF.MUST
|
Use of Freed Memory by Pointer |
1 |
True |
Pre-2020.1 |
| UFM.FFM.MIGHT
|
Use of free memory (double free) - possible |
1 |
True |
Pre-2020.1 |
| UFM.FFM.MUST
|
Freeing Freed Memory |
1 |
True |
Pre-2020.1 |
| UFM.RETURN.MIGHT
|
Use of freed memory (return) - possible |
2 |
True |
Pre-2020.1 |
| UFM.RETURN.MUST
|
Use of Freed Memory on Return |
2 |
True |
Pre-2020.1 |
| UFM.USE.MIGHT
|
Use of free memory - possible |
2 |
True |
Pre-2020.1 |
| UFM.USE.MUST
|
Use of Freed Memory |
2 |
True |
Pre-2020.1 |
| UNINIT.CTOR.MIGHT
|
Uninitialized Variable in Constructor - possible |
1 |
True |
Pre-2020.1 |
| UNINIT.CTOR.MUST
|
Uninitialized Variable in Constructor |
2 |
False |
2020.1 |
| UNINIT.HEAP.MIGHT
|
Uninitialized Heap Use - possible |
1 |
True |
Pre-2020.1 |
| UNINIT.HEAP.MUST
|
Uninitialized Heap Use |
1 |
True |
Pre-2020.1 |
| UNINIT.STACK.ARRAY.MIGHT
|
Uninitialized Array - possible |
1 |
True |
Pre-2020.1 |
| UNINIT.STACK.ARRAY.MUST
|
Uninitialized Array |
1 |
True |
Pre-2020.1 |
| UNINIT.STACK.ARRAY.PARTIAL.MUST
|
Partially Uninitialized Array |
1 |
True |
Pre-2020.1 |
| UNINIT.STACK.MIGHT
|
Uninitialized Variable - possible |
1 |
True |
Pre-2020.1 |
| UNINIT.STACK.MUST
|
Uninitialized Variable |
1 |
True |
Pre-2020.1 |
| UNREACH.ENUM
|
Code is unreachable due to the possible value(s) of an enum |
3 |
False |
2021.3 |
| UNREACH.GEN
|
Unreachable code |
3 |
False |
Pre-2020.1 |
| UNREACH.RETURN
|
Unreachable Void Return |
3 |
False |
Pre-2020.1 |
| UNREACH.SIZEOF
|
Architecture-related unreachable code |
3 |
False |
Pre-2020.1 |
| UNUSED.FUNC.GEN
|
Function defined but not used |
4 |
False |
2023.4 |
| UNUSED.FUNC.STL_EMPTY
|
Ignored return value of an STL object empty() method |
3 |
True |
2020.1 |
| UNUSED.FUNC.WARN
|
Potential unused function |
4 |
False |
Pre-2020.1 |
| VA.LIST.INDETERMINATE
|
Attempt to call va_arg() on a va_list that has an indeterminate value |
3 |
False |
2021.2 |
| VA_UNUSED.GEN
|
Value is Never Used after Assignment |
4 |
False |
Pre-2020.1 |
| VA_UNUSED.INIT
|
Value is Never Used after Initialization |
4 |
False |
Pre-2020.1 |
| VOIDRET
|
Void function returns value |
2 |
True |
Pre-2020.1 |