PCI DSS IDs: C and C++

LS.CALL  Suspicious use of non-localized string in GUI function

LS.CALL.STRING  Suspicious use of non-localized string in GUI function

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.CODE_INJECTION.SHELL_EXEC  Command Injection into Shell Execution

SV.DLLPRELOAD.NONABSOLUTE.DLL  Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE  Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH  Do not use SearchPath to find DLLs

SV.FIU.PROCESS_VARIANTS  Use of Dangerous Process Creation

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PCC.CONST  Insecure (Constant) Temporary File Name in Call to CreateFile

SV.PCC.INVALID_TEMP_PATH  Insecure Temporary File Name in Call to CreateFile

SV.PCC.MISSING_TEMP_CALLS.MUST  Missing Secure Temporary File Names in Call to CreateFile

SV.PCC.MISSING_TEMP_FILENAME  Missing Temporary File Name in Call to CreateFile

SV.PCC.MODIFIED_BEFORE_CREATE  Modification of Temporary File Name before Call to CreateFile

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.SIP.CONST  Use of Insecure Macro for Dangerous Functions

SV.SIP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.STR_PAR.UNDESIRED_STRING_PARAMETER  Undesired String for File Path

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.DEREF  Dereference Of An Unvalidated Pointer

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.DEREF  Dereference Of An Unvalidated Pointer

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.TAINTED.INJECTION  Command Injection

SV.TAINTED.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

SV.TOCTOU.FILE_ACCESS  Time of Creation/Time of Use Race condition in File Access

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

SV.USAGERULES.PROCESS_VARIANTS  Use of Dangerous Process Creation Function

UNINIT.CTOR.MIGHT  Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST  Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT  Uninitialized Heap Use - possible

UNINIT.HEAP.MUST  Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT  Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST  Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST  Partially Uninitialized Array

UNINIT.STACK.MIGHT  Uninitialized Variable - possible

UNINIT.STACK.MUST  Uninitialized Variable

ABV.ANY_SIZE_ARRAY  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION  Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR  Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER  Buffer Overflow - Array Index Out of Bounds

ABV.NON_ARRAY  Non-array object is used as an array

ABV.STACK  Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED  Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP  Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP  Mapping function failed

ABV.UNICODE.NNTS_MAP  Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP  Mapping function failed

ABV.UNKNOWN_SIZE  Buffer Overflow - Array Index Out of Bounds

CXX.SUSPICIOUS_INDEX_CHECK  Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL  Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO  Suspicious use of index after index check for zero

NNTS.MIGHT  Buffer Overflow - Non-null Terminated String

NNTS.MUST  Buffer Overflow - Non-null Terminated String

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

RABV.CHECK  Suspicious use of index before boundary check

RN.INDEX  Suspicious use of index before negative check

SV.FMT_STR.BAD_SCAN_FORMAT  Input format specifier error

SV.STRBO.BOUND_COPY.OVERFLOW  Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM  Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF  Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_COPY  Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF  Buffer Overflow in Unbound sprintf

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.UNBOUND_STRING_INPUT.CIN  Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC  Usage of unbounded string input

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.PCC.CONST  Insecure (Constant) Temporary File Name in Call to CreateFile

SV.PCC.INVALID_TEMP_PATH  Insecure Temporary File Name in Call to CreateFile

SV.PCC.MISSING_TEMP_CALLS.MUST  Missing Secure Temporary File Names in Call to CreateFile

SV.PCC.MISSING_TEMP_FILENAME  Missing Temporary File Name in Call to CreateFile

SV.PCC.MODIFIED_BEFORE_CREATE  Modification of Temporary File Name before Call to CreateFile

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

SV.BFC.USING_STRUCT  Use of INADDR_ANY in sin_addr.s_addr field of struct sockaddr_in Structure Used for Call to bind Function

SV.USAGERULES.SPOOFING  Use of Function Susceptible to Spoofing

AUTOSAR.EXCPT.DYNAMIC_SPEC  Dynamic exception-specification shall not be used

AUTOSAR.EXCPT.NOEXCPT_THROW  If a function is declared to be noexcept, noexcept(true) or noexcept(<true condition>), then it shall not exit with an exception

MISRA.CATCH.ALL  No ellipsis exception handler in a try-catch block

MISRA.CATCH.BY_VALUE  Exception object of class type is caught by value

MISRA.CATCH.NOALL  Ellipsis exception handler is not the last one in a try-catch block

MISRA.CATCH.WRONGORD  Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block

MISRA.CTOR.TRY.NON_STATIC  Function try/catch block of constructor or destructor references non-static members

MISRA.DECL.EXCPT.SPEC  Function is declared with different exception specifications

MISRA.DTOR.THROW  Throw in destructor

MISRA.INCL.SIGNAL.2012  The standard header file signal.h shall not be used

MISRA.STDLIB.LONGJMP  Use of setjmp macro or longjmp function

MISRA.STDLIB.SIGNAL  Use of the signal handling facilities of signal.h

MISRA.THROW.EMPTY  Empty throw expression does not belong to a catch block

MISRA.THROW.NULL  NULL is thrown explicitly

MISRA.THROW.PTR  Exception object is a pointer

MISRA.TRY.JUMP  Control can be transferred into a try block with goto or switch statement

SV.TAINTED.XSS.REFLECTED  Cross-site Scripting Vulnerability

SV.STR_PAR.UNDESIRED_STRING_PARAMETER  Undesired String for File Path

SV.TAINTED.SECURITY_DECISION  Security Decision

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation