OWASP Top 10 Security Risks for 2025: C and C++

ID	チェッカー名
A1-2025: Broken Access Control	SPECTRE.VARIANT1 SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.LPP.CONST SV.LPP.VAR SV.PCC.CONST SV.PCC.INVALID_TEMP_PATH SV.PCC.MISSING_TEMP_CALLS.MUST SV.PCC.MISSING_TEMP_FILENAME SV.PCC.MODIFIED_BEFORE_CREATE SV.STR_PAR.UNDESIRED_STRING_PARAMETER SV.TAINTED.PATH_TRAVERSAL SV.USAGERULES.PERMISSIONS
A10-2025: Mishandling of Exceptional Conditions	DBZ.CONST DBZ.CONST.CALL DBZ.GENERAL DBZ.GENERAL.FLOAT DBZ.ITERATOR DBZ.ITERATOR.CALL DBZ.ITERATOR.FLOAT MISRA.SWITCH.NO_BREAK MISRA.SWITCH.WELL_FORMED.BREAK.2012 MISRA.SWITCH.WELL_FORMED.DEFAULT.2012 NPD.CHECK.CALL.MIGHT NPD.CHECK.CALL.MUST NPD.CHECK.MIGHT NPD.CHECK.MUST NPD.CONST.CALL NPD.CONST.DEREF NPD.FUNC.CALL.MIGHT NPD.FUNC.CALL.MUST NPD.FUNC.MIGHT NPD.FUNC.MUST NPD.GEN.CALL.MIGHT NPD.GEN.CALL.MUST NPD.GEN.MIGHT NPD.GEN.MUST RETVOID.GEN RETVOID.IMPLICIT RNPD.CALL RNPD.DEREF SV.RVT.RETVAL_NOTTESTED VOIDRET
A2-2025: Security Misconfiguration	CXX.SV.INSECURE_COOKIE CXX.SV.XXE
A4-2025: Cryptographic Failures	CXX.SV.PRIVATE_KEY.EMPTY_PASSWD CXX.SV.PRIVATE_KEY.UNENCRYPTED CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER RCA SV.USAGERULES.SPOOFING SV.WEAK_CRYPTO.WEAK_HASH
A5-2025: Injection	ABV.TAINTED CXX.SQL.INJECT NNTS.MUST NNTS.TAINTED SV.CODE_INJECTION.SHELL_EXEC SV.TAINTED.ALLOC_SIZE SV.TAINTED.BINOP SV.TAINTED.CALL.BINOP SV.TAINTED.CALL.DEREF SV.TAINTED.CALL.INDEX_ACCESS SV.TAINTED.CALL.LOOP_BOUND SV.TAINTED.DEREF SV.TAINTED.FMTSTR SV.TAINTED.INDEX_ACCESS SV.TAINTED.INJECTION SV.TAINTED.LOOP_BOUND SV.TAINTED.PATH_TRAVERSAL SV.TAINTED.SECURITY_DECISION SV.TAINTED.XSS.REFLECTED
A6-2025: Insecure Design	SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.USAGERULES.PERMISSIONS
A7-2025: Authentication Failures	CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER SV.WEAK_CRYPTO.WEAK_HASH
A8-2025: Software or Data Integrity Failures	SV.TAINTED.PATH_TRAVERSAL
A1	SPECTRE.VARIANT1 SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.LPP.CONST SV.LPP.VAR SV.PCC.CONST SV.PCC.INVALID_TEMP_PATH SV.PCC.MISSING_TEMP_CALLS.MUST SV.PCC.MISSING_TEMP_FILENAME SV.PCC.MODIFIED_BEFORE_CREATE SV.STR_PAR.UNDESIRED_STRING_PARAMETER SV.TAINTED.PATH_TRAVERSAL SV.USAGERULES.PERMISSIONS
A2	CXX.SV.INSECURE_COOKIE CXX.SV.XXE
A4	CXX.SV.PRIVATE_KEY.EMPTY_PASSWD CXX.SV.PRIVATE_KEY.UNENCRYPTED CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER RCA SV.USAGERULES.SPOOFING SV.WEAK_CRYPTO.WEAK_HASH
A5	ABV.TAINTED CXX.SQL.INJECT NNTS.MUST NNTS.TAINTED SV.CODE_INJECTION.SHELL_EXEC SV.TAINTED.ALLOC_SIZE SV.TAINTED.BINOP SV.TAINTED.CALL.BINOP SV.TAINTED.CALL.DEREF SV.TAINTED.CALL.INDEX_ACCESS SV.TAINTED.CALL.LOOP_BOUND SV.TAINTED.DEREF SV.TAINTED.FMTSTR SV.TAINTED.INDEX_ACCESS SV.TAINTED.INJECTION SV.TAINTED.LOOP_BOUND SV.TAINTED.PATH_TRAVERSAL SV.TAINTED.SECURITY_DECISION SV.TAINTED.XSS.REFLECTED
A6	SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.USAGERULES.PERMISSIONS
A7	CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER SV.WEAK_CRYPTO.WEAK_HASH
A8	SV.TAINTED.PATH_TRAVERSAL
A10	DBZ.CONST DBZ.CONST.CALL DBZ.GENERAL DBZ.GENERAL.FLOAT DBZ.ITERATOR DBZ.ITERATOR.CALL DBZ.ITERATOR.FLOAT MISRA.SWITCH.NO_BREAK MISRA.SWITCH.WELL_FORMED.BREAK.2012 MISRA.SWITCH.WELL_FORMED.DEFAULT.2012 NPD.CHECK.CALL.MIGHT NPD.CHECK.CALL.MUST NPD.CHECK.MIGHT NPD.CHECK.MUST NPD.CONST.CALL NPD.CONST.DEREF NPD.FUNC.CALL.MIGHT NPD.FUNC.CALL.MUST NPD.FUNC.MIGHT NPD.FUNC.MUST NPD.GEN.CALL.MIGHT NPD.GEN.CALL.MUST NPD.GEN.MIGHT NPD.GEN.MUST RETVOID.GEN RETVOID.IMPLICIT RNPD.CALL RNPD.DEREF SV.RVT.RETVAL_NOTTESTED VOIDRET