CWE IDs: C and C++
This mapping is based on the latest version of CWE.
| ID | Checker name and description |
|---|---|
| CWE-1037: Processor Optimization Removal or Modification of Security-critical Code |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
| CWE-114: Process Control |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| CWE-121: Stack-based Buffer Overflow |
ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input |
| CWE-122: Heap-based Buffer Overflow |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.TAINTED Buffer Overflow from Unvalidated Input |
| CWE-124: Buffer Underwrite ('Buffer Underflow') |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| CWE-125: Out-of-bounds Read |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| CWE-126: Buffer Over-read |
SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| CWE-127: Buffer Under-read |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| CWE-129: Improper Validation of Array Index |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| CWE-131: Incorrect Calculation of Buffer Size |
CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| CWE-1335: Incorrect Bitwise Shift of Integer |
MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative |
| CWE-134: Use of Externally-Controlled Format String |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| CWE-135: Incorrect Calculation of Multi-Byte String Length |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error |
| CWE-170: Improper Null Termination |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| CWE-176: Improper Handling of Unicode Encoding |
ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed |
| CWE-190: Integer Overflow or Wraparound |
NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation |
| CWE-192: Integer Coercion Error |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization |
| CWE-193: Off-by-one Error |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| CWE-195: Signed to Unsigned Conversion Error |
MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness MISRA.CVALUE.IMPL.CAST.CPP The value of an expression implicitly converted to a different type |
| CWE-196: Unsigned to Signed Conversion Error |
MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness |
| CWE-197: Numeric Truncation Error |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization |
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
| CWE-20: Improper Input Validation |
ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| CWE-23: Relative Path Traversal |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| CWE-242: Use of Inherently Dangerous Function |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.PIPE.VAR Potential pipe hijacking SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| CWE-250: Execution with Unnecessary Privileges |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| CWE-251: Often Misused: String Management |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| CWE-252: Unchecked Return Value |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CWE-253: Incorrect Check of Function Return Value |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CWE-256: Plaintext Storage of a Password |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters |
| CWE-259: Use of Hard-coded Password |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password |
| CWE-269: Improper Privilege Management |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| CWE-272: Least Privilege Violation |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function |
| CWE-273: Improper Check for Dropped Privileges |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| CWE-276: Incorrect Default Permissions |
SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| CWE-284: Improper Access Control |
SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions |
| CWE-287: Improper Authentication |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| CWE-290: Authentication Bypass by Spoofing |
SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| CWE-307: Improper Restriction of Excessive Authentication Attempts |
CXX.SV.PWD_INPUT.REVIEW Password authentication should be checked against brute force attacks |
| CWE-311: Missing Encryption of Sensitive Data |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| CWE-312: Cleartext Storage of Sensitive Information |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| CWE-321: Use of Hard-coded Cryptographic Key |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password |
| CWE-326: Inadequate Encryption Strength |
SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing |
| CWE-327: Use of a Broken or Risky Cryptographic Algorithm |
RCA Risky cryptographic algorithm used SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| CWE-369: Divide By Zero |
DBZ.CONST Division by a zero constant occurs DBZ.CONST.CALL The value '0' is passed to function that can use this value as divisor DBZ.GENERAL Division by zero might occur DBZ.GENERAL.FLOAT Division by floating-point zero might occur DBZ.ITERATOR Division by zero might occur in a loop iterator DBZ.ITERATOR.CALL Division by zero might occur in a function call DBZ.ITERATOR.FLOAT Division by zero might occur in a loop iterator |
| CWE-377: Insecure Temporary File |
SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile SV.PCC.MODIFIED_BEFORE_CREATE Modification of Temporary File Name before Call to CreateFile |
| CWE-390: Detection of Error Condition Without Action |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CWE-391: Unchecked Error Condition |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CWE-394: Unexpected Status Code or Return Value |
RETVOID.GEN Non-void function returns void value RETVOID.IMPLICIT Implicitly int function returns void value VOIDRET Void function returns value |
| CWE-400: Uncontrolled Resource Consumption |
CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| CWE-401: Missing Release of Memory after Effective Lifetime |
CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak |
| CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') |
RH.LEAK Resource leak |
| CWE-404: Improper Resource Shutdown or Release |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory RH.LEAK Resource leak |
| CWE-412: Unrestricted Externally Accessible Lock |
CONC.DL Deadlock |
| CWE-413: Improper Resource Locking |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| CWE-415: Double Free |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| CWE-416: Use After Free |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SELF-ASSIGN Use of free memory (double free) - in operator= CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| CWE-421: Race Condition During Access to Alternate Channel |
SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking |
| CWE-426: Untrusted Search Path |
SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| CWE-457: Use of Uninitialized Variable |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| CWE-464: Addition of Data Structure Sentinel |
SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| CWE-467: Use of sizeof() on a Pointer Type |
CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| CWE-468: Incorrect Pointer Scaling |
CWARN.ALIGNMENT Incorrect pointer scaling is used MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| CWE-476: NULL Pointer Dereference |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| CWE-478: Missing Default Case in Multiple Condition Expression |
MISRA.SWITCH.WELL_FORMED.DEFAULT.2012 Every switch statement shall have a default label. |
| CWE-480: Use of Incorrect Operator |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect SEMICOL Suspiciously placed semicolon |
| CWE-481: Assigning instead of Comparing |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition |
| CWE-482: Comparing instead of Assigning |
EFFECT Statement has no effect |
| CWE-484: Omitted Break Statement in Switch |
MISRA.SWITCH.NO_BREAK No break or throw statement at the end of switch-clause MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere |
SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path |
| CWE-522: Insufficiently Protected Credentials |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| CWE-539: Use of Persistent Cookies Containing Sensitive Information |
CXX.SV.PERSISTENT_COOKIE Illegal usage of a persistent cookie |
| CWE-561: Dead Code |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition LA_UNUSED Label unused UNREACH.ENUM Code is unreachable due to the possible value(s) of an enum UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| CWE-562: Return of Stack Variable Address |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| CWE-563: Assignment to Variable without Use |
LV_UNUSED.GEN Local variable unused |
| CWE-570: Expression is Always False |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| CWE-571: Expression is Always True |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| CWE-590: Free of Memory not on the Heap |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory |
| CWE-606: Unchecked Input for Loop Condition |
SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| CWE-611: Improper Restriction of XML External Entity Reference |
CXX.SV.XXE Attempting to resolve external entities while parsing a XML file can lead to XXE attack |
| CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
CXX.SV.INSECURE_COOKIE Insecure cookie |
| CWE-628: Function Call with Incorrectly Specified Arguments |
MISRA.FUNC.UNMATCHED.PARAMS Number of formal and actual parameters passed to function do not match SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call |
| CWE-665: Improper Initialization |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| CWE-667: Improper Locking |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked CONC.DBL_LOCK Double Lock CONC.DBL_UNLOCK Double Unlock CONC.DL Deadlock CONC.NO_LOCK Missing lock for variable MISRA.STDLIB.MUTEX.NO_LOCK.2023 Missing lock for mutex variable |
| CWE-672: Operation on a Resource after Expiration or Release |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SELF-ASSIGN Use of free memory (double free) - in operator= CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| CWE-676: Use of Potentially Dangerous Function |
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions SV.BANNED.RECOMMENDED.STRLEN Banned recommended API: unsafe string length functions SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.BANNED.RECOMMENDED.WINDOW Banned recommended API: unsafe window functions SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions SV.BANNED.REQUIRED.GETS Banned required API: unsafe stream reading functions SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions SV.BANNED.REQUIRED.SPRINTF Banned required API: unsafe sprintf-type functions |
| CWE-681: Incorrect Conversion between Numeric Types |
PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization |
| CWE-682: Incorrect Calculation |
CWARN.ALIGNMENT Incorrect pointer scaling is used CWARN.BAD.PTR.ARITH Bad pointer arithmetic CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness |
| CWE-686: Function Call With Incorrect Argument Type |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call |
| CWE-690: Unchecked Return Value to NULL Pointer Dereference |
NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced |
| CWE-704: Incorrect Type Conversion or Cast |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size |
| CWE-732: Incorrect Permission Assignment for Critical Resource |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| CWE-73: External Control of File Name or Path |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| CWE-754: Improper Check for Unusual or Exceptional Conditions |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| CWE-762: Mismatched Memory Management Routines |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
| CWE-764: Multiple Locks of a Critical Resource |
CONC.DBL_LOCK Double Lock |
| CWE-765: Multiple Unlocks of a Critical Resource |
CONC.DBL_UNLOCK Double Unlock |
| CWE-768: Incorrect Short Circuit Evaluation |
MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects MISRA.LOGIC.SIDEEFF.COND Branch expression in a conditional expression contains side effects |
| CWE-772: Missing Release of Resource after Effective Lifetime |
RH.LEAK Resource leak |
| CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| CWE-783: Operator Precedence Logic Error |
MISRA.EXPR.PARENS.2012 The precedence of operators within expressions should be made explicit. MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions |
| CWE-786: Access of Memory Location Before Start of Buffer |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| CWE-787: Out-of-bounds Write |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| CWE-788: Access of Memory Location After End of Buffer |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| CWE-798: Use of Hard-coded Credentials |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| CWE-805: Buffer Access with Incorrect Length Value |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| CWE-806: Buffer Access Using Size of Source Buffer |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed |
| CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| CWE-822: Untrusted Pointer Dereference |
SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer |
| CWE-832: Unlock of a Resource that is not Locked |
CONC.NO_LOCK Missing lock for variable MISRA.STDLIB.MUTEX.NO_LOCK.2023 Missing lock for mutex variable |
| CWE-833: Deadlock |
CONC.DL Deadlock |
| CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') |
INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop |
| CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') |
MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type |
| CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| CWE-896: SFP Primary Cluster: Tainted Input |
ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
CXX.SQL.INJECT SQL Injection |
| CWE-910: Use of Expired File Descriptor |
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling |
| CWE-94: Improper Control of Generation of Code ('Code Injection') |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| CWE-99: Improper Control of Resource Identifiers ('Resource Injection') |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| 20 |
ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| 22 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| 23 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| 73 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| 77 |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 78 |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 79 |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| 80 |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| 88 |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 89 |
CXX.SQL.INJECT SQL Injection |
| 94 |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 99 |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| 114 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| 119 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| 120 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds NNTS.MIGHT Buffer Overflow - Non-null Terminated String SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| 121 |
ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input |
| 122 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.TAINTED Buffer Overflow from Unvalidated Input |
| 124 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf |
| 125 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| 126 |
SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| 127 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| 129 |
ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 131 |
CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| 134 |
SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| 135 |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error |
| 170 |
NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| 176 |
ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed |
| 190 |
NUM.OVERFLOW Possible Overflow NUM.OVERFLOW.DF Possible numeric overflow or wraparound SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation |
| 192 |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization |
| 193 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations |
| 195 |
MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness MISRA.CVALUE.IMPL.CAST.CPP The value of an expression implicitly converted to a different type |
| 196 |
MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CONV.INT.SIGN Implicit integral conversion changes signedness |
| 197 |
MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization |
| 200 |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
| 242 |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.PIPE.VAR Potential pipe hijacking SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| 250 |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| 251 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| 252 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 253 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 256 |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters |
| 259 |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password |
| 269 |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| 272 |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function |
| 273 |
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| 276 |
SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function |
| 284 |
SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions |
| 287 |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| 290 |
SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| 307 |
CXX.SV.PWD_INPUT.REVIEW Password authentication should be checked against brute force attacks |
| 311 |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| 312 |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| 321 |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password |
| 326 |
SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing |
| 327 |
RCA Risky cryptographic algorithm used SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| 362 |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| 367 |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| 369 |
DBZ.CONST Division by a zero constant occurs DBZ.CONST.CALL The value '0' is passed to function that can use this value as divisor DBZ.GENERAL Division by zero might occur DBZ.GENERAL.FLOAT Division by floating-point zero might occur DBZ.ITERATOR Division by zero might occur in a loop iterator DBZ.ITERATOR.CALL Division by zero might occur in a function call DBZ.ITERATOR.FLOAT Division by zero might occur in a loop iterator |
| 377 |
SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile SV.PCC.MODIFIED_BEFORE_CREATE Modification of Temporary File Name before Call to CreateFile |
| 390 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 391 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 394 |
RETVOID.GEN Non-void function returns void value RETVOID.IMPLICIT Implicitly int function returns void value VOIDRET Void function returns value |
| 400 |
CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.TAINTED.INJECTION Command Injection |
| 401 |
CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak |
| 403 |
RH.LEAK Resource leak |
| 404 |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory RH.LEAK Resource leak |
| 412 |
CONC.DL Deadlock |
| 413 |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked |
| 415 |
UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| 416 |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SELF-ASSIGN Use of free memory (double free) - in operator= CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| 421 |
SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking |
| 426 |
SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal |
| 457 |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| 464 |
SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String |
| 467 |
CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size |
| 468 |
CWARN.ALIGNMENT Incorrect pointer scaling is used MISRA.PTR.ARITH Pointer is used in arithmetic or array index expression |
| 476 |
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL NPD.CONST.CALL NULL is passed to function that can dereference it NPD.CONST.DEREF NULL is dereferenced NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it NPD.GEN.MIGHT Null pointer may be dereferenced NPD.GEN.MUST Null pointer will be dereferenced RNPD.CALL Suspicious dereference of pointer in function call before NULL check RNPD.DEREF Suspicious dereference of pointer before NULL check |
| 478 |
MISRA.SWITCH.WELL_FORMED.DEFAULT.2012 Every switch statement shall have a default label. |
| 480 |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition EFFECT Statement has no effect SEMICOL Suspiciously placed semicolon |
| 481 |
ASSIGCOND.CALL Assignment in condition (call) ASSIGCOND.GEN Assignment in condition |
| 482 |
EFFECT Statement has no effect |
| 484 |
MISRA.SWITCH.NO_BREAK No break or throw statement at the end of switch-clause MISRA.SWITCH.WELL_FORMED.BREAK.2012 An unconditional break statement shall terminate every switch-clause. |
| 497 |
SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path |
| 522 |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| 539 |
CXX.SV.PERSISTENT_COOKIE Illegal usage of a persistent cookie |
| 561 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition LA_UNUSED Label unused UNREACH.ENUM Code is unreachable due to the possible value(s) of an enum UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable Void Return UNREACH.SIZEOF Architecture-related unreachable code VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| 562 |
LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable |
| 563 |
LV_UNUSED.GEN Local variable unused |
| 570 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| 571 |
INVARIANT_CONDITION.GEN Invariant expression in a condition INVARIANT_CONDITION.UNREACH Invariant expression in a condition |
| 590 |
FNH.MIGHT Freeing Non-Heap Memory - possible FNH.MUST Freeing Non-Heap Memory FUM.GEN.MIGHT Freeing Unallocated Memory - possible FUM.GEN.MUST Freeing Unallocated Memory |
| 606 |
SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| 611 |
CXX.SV.XXE Attempting to resolve external entities while parsing a XML file can lead to XXE attack |
| 614 |
CXX.SV.INSECURE_COOKIE Insecure cookie |
| 628 |
MISRA.FUNC.UNMATCHED.PARAMS Number of formal and actual parameters passed to function do not match SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call |
| 665 |
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible UNINIT.CTOR.MUST Uninitialized Variable in Constructor UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible UNINIT.HEAP.MUST Uninitialized Heap Use UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible UNINIT.STACK.ARRAY.MUST Uninitialized Array UNINIT.STACK.ARRAY.PARTIAL.MUST Partially Uninitialized Array UNINIT.STACK.MIGHT Uninitialized Variable - possible UNINIT.STACK.MUST Uninitialized Variable |
| 667 |
CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED Do not destroy a mutex while it is locked CONC.DBL_LOCK Double Lock CONC.DBL_UNLOCK Double Unlock CONC.DL Deadlock CONC.NO_LOCK Missing lock for variable MISRA.STDLIB.MUTEX.NO_LOCK.2023 Missing lock for mutex variable |
| 672 |
CL.FFM.ASSIGN Use of free memory (double free) - no operator= CL.FFM.COPY Use of free memory (double free) - no copy constructor CL.SELF-ASSIGN Use of free memory (double free) - in operator= CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator= CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor LOCRET.ARG Function returns address of local variable LOCRET.GLOB Function returns address of local variable LOCRET.RET Function returns address of local variable UFM.DEREF.MIGHT Use of free memory (access) - possible UFM.DEREF.MUST Use of Freed Memory by Pointer UFM.FFM.MIGHT Use of free memory (double free) - possible UFM.FFM.MUST Freeing Freed Memory UFM.RETURN.MIGHT Use of freed memory (return) - possible UFM.RETURN.MUST Use of Freed Memory on Return UFM.USE.MIGHT Use of free memory - possible UFM.USE.MUST Use of Freed Memory |
| 676 |
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions SV.BANNED.RECOMMENDED.STRLEN Banned recommended API: unsafe string length functions SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions SV.BANNED.RECOMMENDED.WINDOW Banned recommended API: unsafe window functions SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions SV.BANNED.REQUIRED.GETS Banned required API: unsafe stream reading functions SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions SV.BANNED.REQUIRED.SPRINTF Banned required API: unsafe sprintf-type functions |
| 681 |
PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization |
| 682 |
CWARN.ALIGNMENT Incorrect pointer scaling is used CWARN.BAD.PTR.ARITH Bad pointer arithmetic CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness |
| 686 |
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call |
| 690 |
NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced NPD.FUNC.MUST Result of function that may return NULL will be dereferenced |
| 704 |
MISRA.CAST.CONST Cast operation removes const or volatile modifier from a pointer or reference MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size |
| 732 |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| 754 |
SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| 762 |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory |
| 764 |
CONC.DBL_LOCK Double Lock |
| 765 |
CONC.DBL_UNLOCK Double Unlock |
| 768 |
MISRA.LOGIC.SIDEEFF Right operand in a logical 'and' or 'or' expression contains side effects MISRA.LOGIC.SIDEEFF.COND Branch expression in a conditional expression contains side effects |
| 772 |
RH.LEAK Resource leak |
| 783 |
MISRA.EXPR.PARENS.2012 The precedence of operators within expressions should be made explicit. MISRA.EXPR.PARENS.INSUFFICIENT Limited dependence required for operator precedence rules in expressions |
| 786 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds |
| 787 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String RABV.CHECK Suspicious use of index before boundary check RN.INDEX Suspicious use of index before negative check SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input |
| 788 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 798 |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| 805 |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input CXX.SIZEOF.CSTRING Use of sizeof on char* may be misleading INCORRECT.ALLOC_SIZE Incorrect Allocation Size SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| 806 |
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNICODE.SELF_MAP Mapping function failed |
| 822 |
SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer |
| 832 |
CONC.NO_LOCK Missing lock for variable MISRA.STDLIB.MUTEX.NO_LOCK.2023 Missing lock for mutex variable |
| 833 |
CONC.DL Deadlock |
| 835 |
INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop |
| 843 |
MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type |
| 896 |
ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| 910 |
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling |
| 1037 |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
| 1335 |
MISRA.SHIFT.RANGE Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative |
Support Summary:
- 92 rules
"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited.