PCI DSS IDs mapped to Klocwork C and C++ checkers
The Payment Card Industry Data Security Standard (PCI DSS) provides a baseline of technical and operational requirements designed to protect account data. The PCI DSS was developed to encourage and enhance cardholder data security, and facilitate the broad adoption of consistent data security measures globally.
The tables below map the PCI DSS Version 3.2.1 IDs to Klocwork C and C++ checkers.
ID | Checker name and description |
---|---|
6.5.1 |
LS.CALL Suspicious use of non-localized string in GUI function LS.CALL.STRING Suspicious use of non-localized string in GUI function SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.FMTSTR.GENERIC Format String Vulnerability SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile SV.PCC.MODIFIED_BEFORE_CREATE Modification of Temporary File Name before Call to CreateFile SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking SV.SIP.CONST Use of Insecure Macro for Dangerous Functions SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access SV.USAGERULES.PERMISSIONS Use of Privilege Elevation SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
6.5.2 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
6.5.3 |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile SV.PCC.MODIFIED_BEFORE_CREATE Modification of Temporary File Name before Call to CreateFile SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
6.5.4 |
SV.BFC.USING_STRUCT Use of INADDR_ANY in sin_addr.s_addr field of struct sockaddr_in Structure Used for Call to bind Function SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing |
6.5.5 |
AUTOSAR.EXCPT.DYNAMIC_SPEC Dynamic exception-specification shall not be used AUTOSAR.EXCPT.NOEXCPT_THROW If a function is declared to be noexcept, noexcept(true) or noexcept(<true condition>), then it shall not exit with an exception MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block MISRA.CATCH.BY_VALUE Exception object of class type is caught by value MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block MISRA.CTOR.TRY.NON_STATIC Function try/catch block of constructor or destructor references non-static members MISRA.DECL.EXCPT.SPEC Function is declared with different exception specifications MISRA.DTOR.THROW Throw in destructor MISRA.INCL.SIGNAL.2012 The standard header file signal.h shall not be used MISRA.STDLIB.LONGJMP Use of setjmp macro or longjmp function MISRA.STDLIB.SIGNAL Use of the signal handling facilities of signal.h MISRA.THROW.EMPTY Empty throw expression does not belong to a catch block MISRA.THROW.NULL NULL is thrown explicitly MISRA.THROW.PTR Exception object is a pointer MISRA.TRY.JUMP Control can be transferred into a try block with goto or switch statement |
6.5.7 |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
6.5.8 |
SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.SECURITY_DECISION Security Decision SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |