Klocwork C/C++ チェッカーにマッピングされた 2021 年版 OWASP トップ 10 セキュリティリスク

ID チェッカー名
A1

SPECTRE.VARIANT1

SV.DLLPRELOAD.NONABSOLUTE.DLL

SV.DLLPRELOAD.NONABSOLUTE.EXE

SV.DLLPRELOAD.SEARCHPATH

SV.LPP.CONST

SV.LPP.VAR

SV.PCC.CONST

SV.PCC.INVALID_TEMP_PATH

SV.PCC.MISSING_TEMP_CALLS.MUST

SV.PCC.MISSING_TEMP_FILENAME

SV.PCC.MODIFIED_BEFORE_CREATE

SV.STR_PAR.UNDESIRED_STRING_PARAMETER

SV.TAINTED.PATH_TRAVERSAL

SV.USAGERULES.PERMISSIONS

A2

CXX.SV.PRIVATE_KEY.EMPTY_PASSWD

CXX.SV.PRIVATE_KEY.UNENCRYPTED

CXX.SV.PWD.PLAIN

CXX.SV.PWD.PLAIN.LENGTH

CXX.SV.PWD.PLAIN.LENGTH.ZERO

CXX.SV.PWD_INPUT.REVIEW

HCC

HCC.PWD

HCC.USER

RCA

SV.USAGERULES.SPOOFING

SV.WEAK_CRYPTO.WEAK_HASH

A3

ABV.TAINTED

CXX.SQL.INJECT

NNTS.MUST

NNTS.TAINTED

SV.CODE_INJECTION.SHELL_EXEC

SV.TAINTED.ALLOC_SIZE

SV.TAINTED.BINOP

SV.TAINTED.CALL.BINOP

SV.TAINTED.CALL.DEREF

SV.TAINTED.CALL.INDEX_ACCESS

SV.TAINTED.CALL.LOOP_BOUND

SV.TAINTED.DEREF

SV.TAINTED.FMTSTR

SV.TAINTED.INDEX_ACCESS

SV.TAINTED.INJECTION

SV.TAINTED.LOOP_BOUND

SV.TAINTED.PATH_TRAVERSAL

SV.TAINTED.SECURITY_DECISION

SV.TAINTED.XSS.REFLECTED

A4

SV.DLLPRELOAD.NONABSOLUTE.DLL

SV.DLLPRELOAD.NONABSOLUTE.EXE

SV.DLLPRELOAD.SEARCHPATH

SV.USAGERULES.PERMISSIONS

A5

CXX.SV.INSECURE_COOKIE

CXX.SV.XXE

A7

CXX.SV.PWD.PLAIN

CXX.SV.PWD.PLAIN.LENGTH

CXX.SV.PWD.PLAIN.LENGTH.ZERO

CXX.SV.PWD_INPUT.REVIEW

HCC

HCC.PWD

HCC.USER

SV.WEAK_CRYPTO.WEAK_HASH

A8

SV.TAINTED.PATH_TRAVERSAL

サポートのサマリー:

  • 6 規則