DISA STIG version 5 IDs: C and C++
This article maps DISA Security Technical Implementation Guide version 5 IDs to Klocwork C/C++ checkers. For more information about DISA STIG, see the STIG web site.
| Rule | Checker name and description |
|---|---|
| Executive Orders |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222396 [APSC-DV-000160] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt |
| V-222396 [APSC-DV-000160] (CAT 2): The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt |
| V-222397 [APSC-DV-000170] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt |
| V-222397 [APSC-DV-000170] (CAT 2): The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt |
| V-222425 [APSC-DV-000460] (CAT 1) |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking |
| V-222425 [APSC-DV-000460] (CAT 1): The application must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking |
| V-222430 [APSC-DV-000510] (CAT 1) |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking SV.SIP.CONST Use of Insecure Macro for Dangerous Functions SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222430 [APSC-DV-000510] (CAT 1): The application must execute without excessive account permissions. |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking SV.SIP.CONST Use of Insecure Macro for Dangerous Functions SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222432 [APSC-DV-000530] (CAT 1) |
CXX.SV.PWD_INPUT.REVIEW Password authentication should be checked against brute force attacks |
| V-222432 [APSC-DV-000530] (CAT 1): The application must enforce the limit of three consecutive invalid logon attempts by a user during a 15 minute time period. |
CXX.SV.PWD_INPUT.REVIEW Password authentication should be checked against brute force attacks |
| V-222511 [APSC-DV-001410] (CAT 2) |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking SV.SIP.CONST Use of Insecure Macro for Dangerous Functions SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222511 [APSC-DV-001410] (CAT 2): The application must enforce access restrictions associated with changes to application configuration. |
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function SV.LPP.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.PIPE.CONST Potential pipe hijacking SV.PIPE.VAR Potential pipe hijacking SV.SIP.CONST Use of Insecure Macro for Dangerous Functions SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222536 [APSC-DV-001680] (CAT 1) |
CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters |
| V-222536 [APSC-DV-001680] (CAT 1): The application must enforce a minimum 15-character password length. |
CXX.SV.PWD.PLAIN.LENGTH Attempt to set password with a length less than 15 characters CXX.SV.PWD.PLAIN.LENGTH.ZERO Attempt to set password with a length of zero characters |
| V-222542 [APSC-DV-001740] (CAT 1) |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222542 [APSC-DV-001740] (CAT 1): The application must only store cryptographic representations of passwords. |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222543 [APSC-DV-001750] (CAT 1) |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222543 [APSC-DV-001750] (CAT 1): The application must transmit only cryptographically-protected passwords. |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222551 [APSC-DV-001820] (CAT 1) |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| V-222551 [APSC-DV-001820] (CAT 1): The application |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| V-222554 [APSC-DV-001850] (CAT 1) |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string |
| V-222554 [APSC-DV-001850] (CAT 1): The application must not display passwords/PINs as clear text. |
CXX.SV.PWD.PLAIN Attempt to set password using a plain string |
| V-222555 [APSC-DV-001860] (CAT 1) |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222555 [APSC-DV-001860] (CAT 1): The application must use mechanisms meeting the requirements of applicable federal laws |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222566 [APSC-DV-001980] (CAT 2) |
RH.LEAK Resource leak |
| V-222566 [APSC-DV-001980] (CAT 2): The application must terminate all sessions and network connections when non-local maintenance is completed. |
RH.LEAK Resource leak |
| V-222567 [APSC-DV-001995] (CAT 2) |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| V-222567 [APSC-DV-001995] (CAT 2): The application must not be vulnerable to race conditions. |
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| V-222568 [APSC-DV-002000] (CAT 2) |
RH.LEAK Resource leak |
| V-222568 [APSC-DV-002000] (CAT 2): The application must terminate all network connections associated with a communications session at the end of the session. |
RH.LEAK Resource leak |
| V-222571 [APSC-DV-002030] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222571 [APSC-DV-002030] (CAT 2): The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222572 [APSC-DV-002040] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222572 [APSC-DV-002040] (CAT 2): The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222577 [APSC-DV-002230] (CAT 1) |
CXX.SV.INSECURE_COOKIE Insecure cookie |
| V-222577 [APSC-DV-002230] (CAT 1): The application must not expose session IDs. |
CXX.SV.INSECURE_COOKIE Insecure cookie |
| V-222578 [APSC-DV-002240] (CAT 1) |
CXX.SV.PERSISTENT_COOKIE Illegal usage of a persistent cookie |
| V-222578 [APSC-DV-002240] (CAT 1): The application must destroy the session ID value and/or cookie on logoff or browser close. |
CXX.SV.PERSISTENT_COOKIE Illegal usage of a persistent cookie |
| V-222583 [APSC-DV-002290] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222583 [APSC-DV-002290] (CAT 2): The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222589 [APSC-DV-002350] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222589 [APSC-DV-002350] (CAT 2): The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-222592 [APSC-DV-002380] (CAT 2) |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222592 [APSC-DV-002380] (CAT 2): Applications must prevent unauthorized and unintended information transfer via shared system resources. |
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222594 [APSC-DV-002400] (CAT 2) |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222594 [APSC-DV-002400] (CAT 2): The application must restrict the ability to launch Denial of Service (DoS) attacks against itself or other information systems. |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222596 [APSC-DV-002440] (CAT 1) |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
| V-222596 [APSC-DV-002440] (CAT 1): The application must protect the confidentiality and integrity of transmitted information. |
SPECTRE.VARIANT1 Potential exploit of speculative execution |
| V-222602 [APSC-DV-002490] (CAT 1) |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| V-222602 [APSC-DV-002490] (CAT 1): The application must protect from Cross-Site Scripting (XSS) vulnerabilities. |
SV.TAINTED.XSS.REFLECTED Cross-site Scripting Vulnerability |
| V-222604 [APSC-DV-002510] (CAT 1) |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation |
| V-222604 [APSC-DV-002510] (CAT 1): The application must protect from command injection. |
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation |
| V-222605 [APSC-DV-002520] (CAT 2 |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector |
| V-222605 [APSC-DV-002520] (CAT 2) |
SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| V-222605 [APSC-DV-002520] (CAT 2): The application must protect from canonical representation vulnerabilities. |
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs |
| V-222606 [APSC-DV-002530] (CAT 2) |
ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222606 [APSC-DV-002530] (CAT 2): The application must validate all input. |
ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222607 [APSC-DV-002540] (CAT 1) |
ABV.TAINTED Buffer Overflow from Unvalidated Input CXX.SQL.INJECT SQL Injection SV.TAINTED.INJECTION Command Injection SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222607 [APSC-DV-002540] (CAT 1): The application must not be vulnerable to SQL Injection. |
ABV.TAINTED Buffer Overflow from Unvalidated Input CXX.SQL.INJECT SQL Injection SV.TAINTED.INJECTION Command Injection SV.USAGERULES.PERMISSIONS Use of Privilege Elevation |
| V-222608 [APSC-DV-002550] (CAT 1) |
CXX.SV.XXE Attempting to resolve external entities while parsing a XML file can lead to XXE attack |
| V-222608 [APSC-DV-002550] (CAT 1): The application must not be vulnerable to XML-oriented attacks. |
CXX.SV.XXE Attempting to resolve external entities while parsing a XML file can lead to XXE attack |
| V-222609 [APSC-DV-002560] (CAT 1) |
SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222609 [APSC-DV-002560] (CAT 1): The application must not be subject to input handling vulnerabilities. |
SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222612 [APSC-DV-002590] |
ABV.NON_ARRAY Non-array object is used as an array |
| V-222612 [APSC-DV-002590] (CAT 1) |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.FUNC.T2OLE.LOOP Do not call T2OLE or OLE2CT within a loop CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero INCORRECT.ALLOC_SIZE Incorrect Allocation Size MISRA.CAST.FLOAT Non-trivial float expression is cast to a wider type MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.FUNC_PTR Cast between a function pointer and a non-integral type MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.CAST.FUNC_PTR.CPP Cast converts function pointer to other pointer type MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CAST.INT.WIDER Cast of integral expression to a wider integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CAST.INT_TO_PTR Object with integer type or pointer to void cast to pointer type MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type MISRA.CAST.POLY.TYPE Cast from a polymorphic base class to a derived class MISRA.CAST.PTR Cast between a pointer to object type and a different pointer to object type MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR.VRCLASS A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast' MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization RABV.CHECK Suspicious use of index before boundary check SV.FMTSTR.GENERIC Format String Vulnerability SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| V-222612 [APSC-DV-002590] (CAT 1): The application must not be vulnerable to overflow attacks. |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CXX.FUNC.T2OLE.LOOP Do not call T2OLE or OLE2CT within a loop CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero INCORRECT.ALLOC_SIZE Incorrect Allocation Size MISRA.CAST.FLOAT Non-trivial float expression is cast to a wider type MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.FUNC_PTR Cast between a function pointer and a non-integral type MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.CAST.FUNC_PTR.CPP Cast converts function pointer to other pointer type MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CAST.INT.WIDER Cast of integral expression to a wider integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CAST.INT_TO_PTR Object with integer type or pointer to void cast to pointer type MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type MISRA.CAST.POLY.TYPE Cast from a polymorphic base class to a derived class MISRA.CAST.PTR Cast between a pointer to object type and a different pointer to object type MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR.VRCLASS A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast' MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization RABV.CHECK Suspicious use of index before boundary check SV.FMTSTR.GENERIC Format String Vulnerability SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition |
| V-222625 [APSC-DV-002950] (CAT 2) |
CONC.DL Deadlock |
| V-222625 [APSC-DV-002950] (CAT 2): Execution flow diagrams and design documents must be created to show how deadlock and recursion issues in web services are being mitigated. |
CONC.DL Deadlock |
| V-222641 [APSC-DV-003100] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt |
| V-222641 [APSC-DV-003100] (CAT 2): The application must use encryption to implement key exchange and authenticate endpoints prior to establishing a communication channel for key exchange. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt |
| V-222642 [APSC-DV-003110] (CAT 1) |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| V-222642 [APSC-DV-003110] (CAT 1): The application must not contain embedded authentication data. |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name |
| V-222648 [APSC-DV-003170] |
ABV.NON_ARRAY Non-array object is used as an array |
| V-222648 [APSC-DV-003170] (CAT 2 |
MISRA.CAST.FUNC_PTR.CPP Cast converts function pointer to other pointer type |
| V-222648 [APSC-DV-003170] (CAT 2) |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor CXX.FUNC.T2OLE.LOOP Do not call T2OLE or OLE2CT within a loop CXX.SQL.INJECT SQL Injection CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory INCORRECT.ALLOC_SIZE Incorrect Allocation Size INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop LA_UNUSED Label unused LV_UNUSED.GEN Local variable unused MISRA.CAST.FLOAT Non-trivial float expression is cast to a wider type MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.FUNC_PTR Cast between a function pointer and a non-integral type MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CAST.INT.WIDER Cast of integral expression to a wider integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CAST.INT_TO_PTR Object with integer type or pointer to void cast to pointer type MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type MISRA.CAST.POLY.TYPE Cast from a polymorphic base class to a derived class MISRA.CAST.PTR Cast between a pointer to object type and a different pointer to object type MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR.VRCLASS A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast' MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization RABV.CHECK Suspicious use of index before boundary check SV.FMTSTR.GENERIC Format String Vulnerability SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access SV.USAGERULES.PERMISSIONS Use of Privilege Elevation UNUSED.FUNC.GEN Function defined but not used UNUSED.FUNC.WARN Potential unused function VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| V-222648 [APSC-DV-003170] (CAT 2): An application code review must be performed on the application. |
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.GENERAL Buffer Overflow - Array Index Out of Bounds ABV.GENERAL.MULTIDIMENSION Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.MEMBER Buffer Overflow - Array Index Out of Bounds ABV.NON_ARRAY Non-array object is used as an array ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds CL.MLK Memory Leak - in destructor CL.MLK.ASSIGN Memory Leak - in assignment operator CL.MLK.VIRTUAL Memory Leak - possible in destructor CXX.FUNC.T2OLE.LOOP Do not call T2OLE or OLE2CT within a loop CXX.SQL.INJECT SQL Injection CXX.SUSPICIOUS_INDEX_CHECK Suspicious use of index after boundary check CXX.SUSPICIOUS_INDEX_CHECK.CALL Suspicious use of index in a function call after a boundary check CXX.SUSPICIOUS_INDEX_CHECK.ZERO Suspicious use of index after index check for zero FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory INCORRECT.ALLOC_SIZE Incorrect Allocation Size INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop LA_UNUSED Label unused LV_UNUSED.GEN Local variable unused MISRA.CAST.FLOAT Non-trivial float expression is cast to a wider type MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type MISRA.CAST.FUNC_PTR Cast between a function pointer and a non-integral type MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type MISRA.CAST.FUNC_PTR.CPP Cast converts function pointer to other pointer type MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness MISRA.CAST.INT.WIDER Cast of integral expression to a wider integral type MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type MISRA.CAST.INT_TO_PTR Object with integer type or pointer to void cast to pointer type MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type MISRA.CAST.POLY.TYPE Cast from a polymorphic base class to a derived class MISRA.CAST.PTR Cast between a pointer to object type and a different pointer to object type MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type MISRA.CAST.PTR.VRCLASS A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast' MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned MLK.MIGHT Memory Leak - possible MLK.MUST Memory Leak MLK.RET.MIGHT Memory Leak - possible MLK.RET.MUST Memory Leak NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String PRECISION.LOSS Loss of Precision PRECISION.LOSS.CALL Loss of Precision during function call PRECISION.LOSS.INIT Loss of Precision during initialization RABV.CHECK Suspicious use of index before boundary check SV.FMTSTR.GENERIC Format String Vulnerability SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index SV.TAINTED.INJECTION Command Injection SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access SV.USAGERULES.PERMISSIONS Use of Privilege Elevation UNUSED.FUNC.GEN Function defined but not used UNUSED.FUNC.WARN Potential unused function VA_UNUSED.GEN Value is Never Used after Assignment VA_UNUSED.INIT Value is Never Used after Initialization |
| V-222656 [APSC-DV-003235] (CAT 2) |
CERT.EXIT.HANDLER_TERMINATE All exit handlers must return normally CWARN.PASSBYVALUE.EXC Exception object passed by value is too large CXX.ERRNO.INCORRECTLY_CHECKED Errno condition check not required after calling library function CXX.ERRNO.NOT_CHECKED Errno condition check is missing after calling library function CXX.ERRNO.NOT_SET Errno is not reset to zero before calling library function MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block MISRA.CATCH.BY_VALUE Exception object of class type is caught by value MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block MISRA.DECL.EXCPT.SPEC Function is declared with different exception specifications MISRA.THROW.EMPTY Empty throw expression does not belong to a catch block MISRA.THROW.NULL NULL is thrown explicitly MISRA.THROW.PTR Exception object is a pointer SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure Resource Handling SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| V-222656 [APSC-DV-003235] (CAT 2): The application must not be subject to error handling vulnerabilities. |
CERT.EXIT.HANDLER_TERMINATE All exit handlers must return normally CWARN.PASSBYVALUE.EXC Exception object passed by value is too large CXX.ERRNO.INCORRECTLY_CHECKED Errno condition check not required after calling library function CXX.ERRNO.NOT_CHECKED Errno condition check is missing after calling library function CXX.ERRNO.NOT_SET Errno is not reset to zero before calling library function MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block MISRA.CATCH.BY_VALUE Exception object of class type is caught by value MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block MISRA.DECL.EXCPT.SPEC Function is declared with different exception specifications MISRA.THROW.EMPTY Empty throw expression does not belong to a catch block MISRA.THROW.NULL NULL is thrown explicitly MISRA.THROW.PTR Exception object is a pointer SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure Resource Handling SV.RVT.RETVAL_NOTTESTED Ignored Return Value |
| V-222662 [APSC-DV-003280] (CAT 1) |
HCC.PWD Use of a hardcoded password |
| V-222662 [APSC-DV-003280] (CAT 1): Default passwords must be changed. |
HCC.PWD Use of a hardcoded password |
| V-222667 [APSC-DV-003320] (CAT 2) |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-222667 [APSC-DV-003320] (CAT 2): Protections against DoS attacks must be implemented. |
FMM.MIGHT Freeing Mismatched Memory - possible FMM.MUST Freeing Mismatched Memory INFINITE_LOOP.GLOBAL Infinite loop INFINITE_LOOP.LOCAL Infinite loop INFINITE_LOOP.MACRO Infinite loop SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal SV.TAINTED.SECURITY_DECISION Security Decision |
| V-254803 [APSC-DV-002010] (CAT 2) |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| V-254803 [APSC-DV-002010] (CAT 2): The application must implement NSA-approved cryptography to protect classified information in accordance with applicable federal laws |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| and guidance for authentication to a cryptographic module. |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| and hash functionality. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| and standards. |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| digital signature |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| directives |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| key exchange |
RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| must enforce authorized access to the corresponding private key. |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
| policies |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| regulations |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| standards |
HCC Use of hardcoded credentials HCC.PWD Use of a hardcoded password HCC.USER Use of a hardcoded user name RCA Risky cryptographic algorithm used RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| when using PKI-based authentication |
CXX.SV.PRIVATE_KEY.EMPTY_PASSWD Attempt to serialize private key in an unauthorized way CXX.SV.PRIVATE_KEY.UNENCRYPTED Attempt to serialize private key in an unauthorized way |
Support Summary:
- 28 rules
"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited.