OWASP Top 10 Security Risks for 2021: C and C++

ID	Checker name
A1-2021: Broken Access Control	SPECTRE.VARIANT1 SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.LPP.CONST SV.LPP.VAR SV.PCC.CONST SV.PCC.INVALID_TEMP_PATH SV.PCC.MISSING_TEMP_CALLS.MUST SV.PCC.MISSING_TEMP_FILENAME SV.PCC.MODIFIED_BEFORE_CREATE SV.STR_PAR.UNDESIRED_STRING_PARAMETER SV.TAINTED.PATH_TRAVERSAL SV.USAGERULES.PERMISSIONS
A2-2021: Cryptographic Failures	CXX.SV.PRIVATE_KEY.EMPTY_PASSWD CXX.SV.PRIVATE_KEY.UNENCRYPTED CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER RCA SV.USAGERULES.SPOOFING SV.WEAK_CRYPTO.WEAK_HASH
A3-2021: Injection	ABV.TAINTED CXX.SQL.INJECT NNTS.MUST NNTS.TAINTED SV.CODE_INJECTION.SHELL_EXEC SV.TAINTED.ALLOC_SIZE SV.TAINTED.BINOP SV.TAINTED.CALL.BINOP SV.TAINTED.CALL.DEREF SV.TAINTED.CALL.INDEX_ACCESS SV.TAINTED.CALL.LOOP_BOUND SV.TAINTED.DEREF SV.TAINTED.FMTSTR SV.TAINTED.INDEX_ACCESS SV.TAINTED.INJECTION SV.TAINTED.LOOP_BOUND SV.TAINTED.PATH_TRAVERSAL SV.TAINTED.SECURITY_DECISION SV.TAINTED.XSS.REFLECTED
A4-2021: Insecure Design	SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.USAGERULES.PERMISSIONS
A5-2021: Security Misconfiguration	CXX.SV.INSECURE_COOKIE CXX.SV.XXE
A7-2021: Identification and Authentication Failures	CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER SV.WEAK_CRYPTO.WEAK_HASH
A8-2021: Software and Data Integrity Failures	SV.TAINTED.PATH_TRAVERSAL
A1	SPECTRE.VARIANT1 SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.LPP.CONST SV.LPP.VAR SV.PCC.CONST SV.PCC.INVALID_TEMP_PATH SV.PCC.MISSING_TEMP_CALLS.MUST SV.PCC.MISSING_TEMP_FILENAME SV.PCC.MODIFIED_BEFORE_CREATE SV.STR_PAR.UNDESIRED_STRING_PARAMETER SV.TAINTED.PATH_TRAVERSAL SV.USAGERULES.PERMISSIONS
A2	CXX.SV.PRIVATE_KEY.EMPTY_PASSWD CXX.SV.PRIVATE_KEY.UNENCRYPTED CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER RCA SV.USAGERULES.SPOOFING SV.WEAK_CRYPTO.WEAK_HASH
A3	ABV.TAINTED CXX.SQL.INJECT NNTS.MUST NNTS.TAINTED SV.CODE_INJECTION.SHELL_EXEC SV.TAINTED.ALLOC_SIZE SV.TAINTED.BINOP SV.TAINTED.CALL.BINOP SV.TAINTED.CALL.DEREF SV.TAINTED.CALL.INDEX_ACCESS SV.TAINTED.CALL.LOOP_BOUND SV.TAINTED.DEREF SV.TAINTED.FMTSTR SV.TAINTED.INDEX_ACCESS SV.TAINTED.INJECTION SV.TAINTED.LOOP_BOUND SV.TAINTED.PATH_TRAVERSAL SV.TAINTED.SECURITY_DECISION SV.TAINTED.XSS.REFLECTED
A4	SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.USAGERULES.PERMISSIONS
A5	CXX.SV.INSECURE_COOKIE CXX.SV.XXE
A7	CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER SV.WEAK_CRYPTO.WEAK_HASH
A8	SV.TAINTED.PATH_TRAVERSAL

Support Summary:

6 rules