Klocwork C/C++ チェッカーにマッピングされた 2021 年版 OWASP トップ 10 セキュリティリスク

ID	チェッカー名
A1	SPECTRE.VARIANT1 SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.LPP.CONST SV.LPP.VAR SV.PCC.CONST SV.PCC.INVALID_TEMP_PATH SV.PCC.MISSING_TEMP_CALLS.MUST SV.PCC.MISSING_TEMP_FILENAME SV.PCC.MODIFIED_BEFORE_CREATE SV.STR_PAR.UNDESIRED_STRING_PARAMETER SV.TAINTED.PATH_TRAVERSAL SV.USAGERULES.PERMISSIONS
A2	CXX.SV.PRIVATE_KEY.EMPTY_PASSWD CXX.SV.PRIVATE_KEY.UNENCRYPTED CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER RCA SV.USAGERULES.SPOOFING SV.WEAK_CRYPTO.WEAK_HASH
A3	ABV.TAINTED CXX.SQL.INJECT NNTS.MUST NNTS.TAINTED SV.CODE_INJECTION.SHELL_EXEC SV.TAINTED.ALLOC_SIZE SV.TAINTED.BINOP SV.TAINTED.CALL.BINOP SV.TAINTED.CALL.DEREF SV.TAINTED.CALL.INDEX_ACCESS SV.TAINTED.CALL.LOOP_BOUND SV.TAINTED.DEREF SV.TAINTED.FMTSTR SV.TAINTED.INDEX_ACCESS SV.TAINTED.INJECTION SV.TAINTED.LOOP_BOUND SV.TAINTED.PATH_TRAVERSAL SV.TAINTED.SECURITY_DECISION SV.TAINTED.XSS.REFLECTED
A4	SV.DLLPRELOAD.NONABSOLUTE.DLL SV.DLLPRELOAD.NONABSOLUTE.EXE SV.DLLPRELOAD.SEARCHPATH SV.USAGERULES.PERMISSIONS
A5	CXX.SV.INSECURE_COOKIE CXX.SV.XXE
A7	CXX.SV.PWD.PLAIN CXX.SV.PWD.PLAIN.LENGTH CXX.SV.PWD.PLAIN.LENGTH.ZERO CXX.SV.PWD_INPUT.REVIEW HCC HCC.PWD HCC.USER SV.WEAK_CRYPTO.WEAK_HASH
A8	SV.TAINTED.PATH_TRAVERSAL

サポートのサマリー: