Klocwork Java チェッカーにマッピングされる 2021 年版 CWE 最も危険なソフトウェアエラー上位 25

ランクおよびID	チェッカー名
#01 - CWE-787: Out-of-bounds Write	現在、このルールに対する適用可能なチェッカーはありません。
#02 - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	SV.XSS.DB SV.XSS.REF
#03 - CWE-125: Out-of-bounds Read	現在、このルールに対する適用可能なチェッカーはありません。
#04 - CWE-20: Improper Input Validation	ANDROID.LIFECYCLE.SV.GETEXTRA SV.DOS.ARRINDEX SV.LOADLIB.INJ SV.STRUTS.NOTVALID SV.STRUTS.VALIDMET SV.TAINT_NATIVE SV.TAINT JAVA.SV.XML.INVALID
#05 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	SV.EXEC.DIR SV.EXEC.ENV SV.EXEC.LOCAL SV.EXEC
#06 - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	SV.DATA.DB SV.SQL.DBSOURCE SV.SQL
#07 - CWE-416: Use After Free	現在、このルールに対する適用可能なチェッカーはありません。
#08 - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	SV.PATH.INJ SV.PATH
#09 - CWE-352: Cross-Site Request Forgery (CSRF)	SV.CSRF.GET SV.CSRF.ORIGIN SV.CSRF.TOKEN
#10 - CWE-434: Unrestricted Upload of File with Dangerous Type	SV.DATA.FILE
#11 - CWE-306: Missing Authentication for Critical Function	SPRING.AUTHC.ABSENT SPRING.AUTHC.MISSING
#12 - CWE-190: Integer Overflow or Wraparound	SV.INT_OVF
#13 - CWE-502: Deserialization of Untrusted Data	SV.SERIAL.NOFINAL SV.SERIAL.NOREAD SV.SERIAL.NOWRITE SV.SERIAL.OVERRIDE SV.SERIAL.SIG
#14 - CWE-287: Improper Authentication	SV.AUTH.BYPASS.MIGHT SV.AUTH.BYPASS.MUST SV.AUTH.HASH.MIGHT SV.AUTH.HASH.MUST SV.LDAP.ANON
#15 - CWE-476: NULL Pointer Dereference	ANDROID.NPE NPE.COND NPE.CONST NPE.RET.UTIL NPE.RET NPE.STAT REDUN.EQNULL REDUN.NULL RNU.THIS
#16 - CWE-798: Use of Hard-coded Credentials	SV.PASSWD.HC.EMPTY SV.PASSWD.HC
#17 - CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer	現在、このルールに対する適用可能なチェッカーはありません。
#18 - CWE-862: Missing Authorization	SPRING.AUTHZ.ABSENT SPRING.AUTHZ.MISSING
#19 - CWE-276: Incorrect Default Permissions	SV.PERMS.WIDE
#20 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor	SV.IL.DEV SV.IL.FILE SV.SENSITIVE.DATA SV.SENSITIVE.OBJ
#21 - CWE-522: Insufficiently Protected Credentials	SV.PASSWD.PLAIN.HC SV.PASSWD.PLAIN
#22 - CWE-732: Incorrect Permission Assignment for Critical Resource	SV.PERMS.HOME SV.PERMS.WIDE SV.XSS.COOKIE
#23 - CWE-611: Improper Restriction of XML External Entity Reference	SV.XXE.DBF SV.XXE.SF SV.XXE.SPF SV.XXE.TF SV.XXE.XIF SV.XXE.XRF
#24 - CWE-918: Server-Side Request Forgery (SSRF)	SV.SSRF.URI
#25 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')	SV.EXEC.DIR SV.EXEC.ENV SV.EXEC.LOCAL SV.EXEC