DISA STIG version 5 IDs: C and C++

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.SIP.CONST  Use of Insecure Macro for Dangerous Functions

SV.SIP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

CXX.SV.PWD_INPUT.REVIEW  Password authentication should be checked against brute force attacks

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.SIP.CONST  Use of Insecure Macro for Dangerous Functions

SV.SIP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

CXX.SV.PWD.PLAIN.LENGTH  Attempt to set password with a length less than 15 characters

CXX.SV.PWD.PLAIN.LENGTH.ZERO  Attempt to set password with a length of zero characters

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

CXX.SV.PRIVATE_KEY.EMPTY_PASSWD  Attempt to serialize private key in an unauthorized way

CXX.SV.PRIVATE_KEY.UNENCRYPTED  Attempt to serialize private key in an unauthorized way

CXX.SV.PWD.PLAIN  Attempt to set password using a plain string

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

RH.LEAK  Resource leak

SV.TOCTOU.FILE_ACCESS  Time of Creation/Time of Use Race condition in File Access

RH.LEAK  Resource leak

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

CXX.SV.INSECURE_COOKIE  Insecure cookie

CXX.SV.PERSISTENT_COOKIE  Illegal usage of a persistent cookie

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

FMM.MIGHT  Freeing Mismatched Memory - possible

FMM.MUST  Freeing Mismatched Memory

INFINITE_LOOP.GLOBAL  Infinite loop

INFINITE_LOOP.LOCAL  Infinite loop

INFINITE_LOOP.MACRO  Infinite loop

SV.STR_PAR.UNDESIRED_STRING_PARAMETER  Undesired String for File Path

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

SPECTRE.VARIANT1  Potential exploit of speculative execution

SV.TAINTED.XSS.REFLECTED  Cross-site Scripting Vulnerability

SV.CODE_INJECTION.SHELL_EXEC  Command Injection into Shell Execution

SV.DLLPRELOAD.NONABSOLUTE.DLL  Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE  Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH  Do not use SearchPath to find DLLs

SV.FIU.PROCESS_VARIANTS  Use of Dangerous Process Creation

SV.DLLPRELOAD.NONABSOLUTE.DLL  Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE  Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH  Do not use SearchPath to find DLLs

ABV.TAINTED  Buffer Overflow from Unvalidated Input

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.DEREF  Dereference Of An Unvalidated Pointer

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.TAINTED.INJECTION  Command Injection

SV.TAINTED.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

ABV.TAINTED  Buffer Overflow from Unvalidated Input

CXX.SQL.INJECT  SQL Injection

SV.TAINTED.INJECTION  Command Injection

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

CXX.SV.XXE  Attempting to resolve external entities while parsing a XML file can lead to XXE attack

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

ABV.NON_ARRAY  Non-array object is used as an array

ABV.ANY_SIZE_ARRAY  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION  Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR  Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER  Buffer Overflow - Array Index Out of Bounds

ABV.STACK  Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED  Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP  Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP  Mapping function failed

ABV.UNICODE.NNTS_MAP  Buffer overflow in mapping character function

ABV.UNKNOWN_SIZE  Buffer Overflow - Array Index Out of Bounds

CXX.FUNC.T2OLE.LOOP  Do not call T2OLE or OLE2CT within a loop

CXX.SUSPICIOUS_INDEX_CHECK  Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL  Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO  Suspicious use of index after index check for zero

INCORRECT.ALLOC_SIZE  Incorrect Allocation Size

MISRA.CAST.FLOAT  Non-trivial float expression is cast to a wider type

MISRA.CAST.FLOAT.WIDER  Cast of floating point expression to a wider floating point type

MISRA.CAST.FLOAT_INT  Cast of floating point expression to integral type

MISRA.CAST.FUNC_PTR  Cast between a function pointer and a non-integral type

MISRA.CAST.FUNC_PTR.2012  Conversion performed between a pointer to a function and another incompatible type

MISRA.CAST.FUNC_PTR.CPP  Cast converts function pointer to other pointer type

MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012  Conversion performed between a pointer to an incomplete type and a different type

MISRA.CAST.INT  Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.INT.SIGN  Non-trivial integral expression is cast to type with different signedness

MISRA.CAST.INT.WIDER  Cast of integral expression to a wider integral type

MISRA.CAST.INT_FLOAT  Cast of integral expression to floating point type

MISRA.CAST.INT_TO_PTR  Object with integer type or pointer to void cast to pointer type

MISRA.CAST.OBJ_PTR_TO_INT.2012  Conversion performed between a pointer to an object and an integer type

MISRA.CAST.OBJ_PTR_TO_NON_INT.2012  A cast between a pointer to object and a non-integer arithmetic type

MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012  Cast between a pointer to object type and a pointer to a different object type

MISRA.CAST.POLY.TYPE  Cast from a polymorphic base class to a derived class

MISRA.CAST.PTR  Cast between a pointer to object type and a different pointer to object type

MISRA.CAST.PTR.UNRELATED  Object of pointer type cast to unrelated type

MISRA.CAST.PTR.VRCLASS  A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast'

MISRA.CAST.PTR_TO_INT  Cast between a pointer and an integral type

MISRA.CAST.UNSIGNED_BITS  The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.CAST.VOID_PTR_TO_INT.2012  Cast between a pointer to void and an arithmetic type

MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012  Conversion performed from a pointer to void to a pointer to an object

MISRA.SIGNED_CHAR.NOT_NUMERIC  'signed char' or 'unsigned char' is used for non-numeric value

MISRA.UMINUS.UNSIGNED  Operand of unary minus is unsigned

NNTS.MIGHT  Buffer Overflow - Non-null Terminated String

NNTS.MUST  Buffer Overflow - Non-null Terminated String

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

PRECISION.LOSS  Loss of Precision

PRECISION.LOSS.CALL  Loss of Precision during function call

PRECISION.LOSS.INIT  Loss of Precision during initialization

RABV.CHECK  Suspicious use of index before boundary check

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.FMT_STR.BAD_SCAN_FORMAT  Input format specifier error

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD  Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED  Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH  Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW  Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY  Too many arguments in a print function call

SV.FMT_STR.UNKWN_FORMAT  Unknown format specifier in a print function call

SV.STRBO.BOUND_COPY.OVERFLOW  Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM  Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF  Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_COPY  Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF  Buffer Overflow in Unbound sprintf

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.TAINTED.INJECTION  Command Injection

SV.TAINTED.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition

CONC.DL  Deadlock

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

ABV.NON_ARRAY  Non-array object is used as an array

MISRA.CAST.FUNC_PTR.CPP  Cast converts function pointer to other pointer type

ABV.ANY_SIZE_ARRAY  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION  Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR  Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER  Buffer Overflow - Array Index Out of Bounds

ABV.STACK  Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED  Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP  Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP  Mapping function failed

ABV.UNICODE.NNTS_MAP  Buffer overflow in mapping character function

ABV.UNKNOWN_SIZE  Buffer Overflow - Array Index Out of Bounds

CL.MLK  Memory Leak - in destructor

CL.MLK.ASSIGN  Memory Leak - in assignment operator

CL.MLK.VIRTUAL  Memory Leak - possible in destructor

CXX.FUNC.T2OLE.LOOP  Do not call T2OLE or OLE2CT within a loop

CXX.SQL.INJECT  SQL Injection

CXX.SUSPICIOUS_INDEX_CHECK  Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL  Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO  Suspicious use of index after index check for zero

FMM.MIGHT  Freeing Mismatched Memory - possible

FMM.MUST  Freeing Mismatched Memory

INCORRECT.ALLOC_SIZE  Incorrect Allocation Size

INFINITE_LOOP.GLOBAL  Infinite loop

INFINITE_LOOP.LOCAL  Infinite loop

INFINITE_LOOP.MACRO  Infinite loop

LA_UNUSED  Label unused

LV_UNUSED.GEN  Local variable unused

MISRA.CAST.FLOAT  Non-trivial float expression is cast to a wider type

MISRA.CAST.FLOAT.WIDER  Cast of floating point expression to a wider floating point type

MISRA.CAST.FLOAT_INT  Cast of floating point expression to integral type

MISRA.CAST.FUNC_PTR  Cast between a function pointer and a non-integral type

MISRA.CAST.FUNC_PTR.2012  Conversion performed between a pointer to a function and another incompatible type

MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012  Conversion performed between a pointer to an incomplete type and a different type

MISRA.CAST.INT  Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.INT.SIGN  Non-trivial integral expression is cast to type with different signedness

MISRA.CAST.INT.WIDER  Cast of integral expression to a wider integral type

MISRA.CAST.INT_FLOAT  Cast of integral expression to floating point type

MISRA.CAST.INT_TO_PTR  Object with integer type or pointer to void cast to pointer type

MISRA.CAST.OBJ_PTR_TO_INT.2012  Conversion performed between a pointer to an object and an integer type

MISRA.CAST.OBJ_PTR_TO_NON_INT.2012  A cast between a pointer to object and a non-integer arithmetic type

MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012  Cast between a pointer to object type and a pointer to a different object type

MISRA.CAST.POLY.TYPE  Cast from a polymorphic base class to a derived class

MISRA.CAST.PTR  Cast between a pointer to object type and a different pointer to object type

MISRA.CAST.PTR.UNRELATED  Object of pointer type cast to unrelated type

MISRA.CAST.PTR.VRCLASS  A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast'

MISRA.CAST.PTR_TO_INT  Cast between a pointer and an integral type

MISRA.CAST.UNSIGNED_BITS  The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.CAST.VOID_PTR_TO_INT.2012  Cast between a pointer to void and an arithmetic type

MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012  Conversion performed from a pointer to void to a pointer to an object

MISRA.SIGNED_CHAR.NOT_NUMERIC  'signed char' or 'unsigned char' is used for non-numeric value

MISRA.UMINUS.UNSIGNED  Operand of unary minus is unsigned

MLK.MIGHT  Memory Leak - possible

MLK.MUST  Memory Leak

MLK.RET.MIGHT  Memory Leak - possible

MLK.RET.MUST  Memory Leak

NNTS.MIGHT  Buffer Overflow - Non-null Terminated String

NNTS.MUST  Buffer Overflow - Non-null Terminated String

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

PRECISION.LOSS  Loss of Precision

PRECISION.LOSS.CALL  Loss of Precision during function call

PRECISION.LOSS.INIT  Loss of Precision during initialization

RABV.CHECK  Suspicious use of index before boundary check

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.FMT_STR.BAD_SCAN_FORMAT  Input format specifier error

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD  Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED  Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH  Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW  Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY  Too many arguments in a print function call

SV.FMT_STR.UNKWN_FORMAT  Unknown format specifier in a print function call

SV.STRBO.BOUND_COPY.OVERFLOW  Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM  Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF  Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_COPY  Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF  Buffer Overflow in Unbound sprintf

SV.STR_PAR.UNDESIRED_STRING_PARAMETER  Undesired String for File Path

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.DEREF  Dereference Of An Unvalidated Pointer

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.TAINTED.INJECTION  Command Injection

SV.TAINTED.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

SV.TOCTOU.FILE_ACCESS  Time of Creation/Time of Use Race condition in File Access

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

UNUSED.FUNC.GEN  Function defined but not used

UNUSED.FUNC.WARN  Potential unused function

VA_UNUSED.GEN  Value is Never Used after Assignment

VA_UNUSED.INIT  Value is Never Used after Initialization

CERT.EXIT.HANDLER_TERMINATE  All exit handlers must return normally

CWARN.PASSBYVALUE.EXC  Exception object passed by value is too large

CXX.ERRNO.INCORRECTLY_CHECKED  Errno condition check not required after calling library function

CXX.ERRNO.NOT_CHECKED  Errno condition check is missing after calling library function

CXX.ERRNO.NOT_SET  Errno is not reset to zero before calling library function

MISRA.CATCH.ALL  No ellipsis exception handler in a try-catch block

MISRA.CATCH.BY_VALUE  Exception object of class type is caught by value

MISRA.CATCH.NOALL  Ellipsis exception handler is not the last one in a try-catch block

MISRA.CATCH.WRONGORD  Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block

MISRA.DECL.EXCPT.SPEC  Function is declared with different exception specifications

MISRA.THROW.EMPTY  Empty throw expression does not belong to a catch block

MISRA.THROW.NULL  NULL is thrown explicitly

MISRA.THROW.PTR  Exception object is a pointer

SV.INCORRECT_RESOURCE_HANDLING.URH  Insecure Resource Handling

SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS  Insecure Resource Handling

SV.RVT.RETVAL_NOTTESTED  Ignored Return Value

HCC.PWD  Use of a hardcoded password

FMM.MIGHT  Freeing Mismatched Memory - possible

FMM.MUST  Freeing Mismatched Memory

INFINITE_LOOP.GLOBAL  Infinite loop

INFINITE_LOOP.LOCAL  Infinite loop

INFINITE_LOOP.MACRO  Infinite loop

SV.STR_PAR.UNDESIRED_STRING_PARAMETER  Undesired String for File Path

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function