|
ABV.ANY_SIZE_ARRAY
|
Buffer Overflow - Array Index Out of Bounds |
1 |
false |
Pre-9.2 |
9.5 |
|
ABV.GENERAL
|
Buffer Overflow - Array Index Out of Bounds |
1 |
true |
9.6 |
10.1, 10.3, 10.4, 11.0, 11.1, 11.2, 2017.3 |
|
ABV.ITERATOR
|
Buffer Overflow - Array Index may be out of Bounds |
1 |
true |
Pre-9.2 |
9.5, 10.3 |
|
ABV.MEMBER
|
Buffer Overflow - Array Index Out of Bounds |
1 |
true |
9.5 |
10.3 |
|
ABV.STACK
|
Buffer Overflow - Local Array Index Out of Bounds |
1 |
true |
Pre-9.2 |
9.5 |
|
ABV.TAINTED
|
Buffer Overflow from Unvalidated Input |
1 |
true |
Pre-9.2 |
9.5, 10.3, 11.2 |
|
ABV.UNICODE.BOUND_MAP
|
Buffer overflow in mapping character function |
1 |
false |
Pre-9.2 |
9.5 |
|
ABV.UNICODE.FAILED_MAP
|
Mapping function failed |
1 |
false |
Pre-9.2 |
9.5 |
|
ABV.UNICODE.NNTS_MAP
|
Buffer overflow in mapping character function |
1 |
false |
Pre-9.2 |
9.5 |
|
ABV.UNICODE.SELF_MAP
|
Mapping function failed |
1 |
false |
9.6 |
|
|
ABV.UNKNOWN_SIZE
|
Buffer Overflow - Array Index Out of Bounds |
1 |
true |
9.6 |
|
|
ASSIGCOND.CALL
|
Assignment in condition (call) |
3 |
false |
Pre-9.2 |
|
|
ASSIGCOND.GEN
|
Assignment in condition |
3 |
false |
Pre-9.2 |
|
|
BSTR.CAST.C
|
C style type cast to BSTR |
4 |
false |
Pre-9.2 |
|
|
BSTR.CAST.CPP
|
C++ style type cast to BSTR |
4 |
false |
Pre-9.2 |
|
|
BSTR.FUNC.ALLOC
|
Incorrect call to BSTR allocating function |
4 |
false |
Pre-9.2 |
|
|
BSTR.FUNC.FREE
|
Incorrect call to BSTR freeing function |
4 |
false |
Pre-9.2 |
|
|
BSTR.FUNC.LEN
|
Trying to get length of non-BSTR string using BSTR-related functions |
4 |
false |
Pre-9.2 |
|
|
BSTR.FUNC.REALLOC
|
Incorrect call to BSTR reallocating function |
4 |
false |
Pre-9.2 |
|
|
BSTR.IA.ASSIGN
|
BSTR variable is assigned a non-BSTR value |
4 |
false |
Pre-9.2 |
|
|
BSTR.IA.INIT
|
BSTR variable is initialized with a non-BSTR value |
4 |
false |
Pre-9.2 |
|
|
BSTR.OPS.ARITHM
|
Illegal arithmetic operations with BSTR values |
4 |
false |
Pre-9.2 |
|
|
BSTR.OPS.COMP
|
Illegal comparison of BSTR values |
4 |
false |
Pre-9.2 |
|
|
BSTR.OPS.EQS
|
Illegal equality comparison of BSTR values |
4 |
false |
Pre-9.2 |
|
|
BYTEORDER.HTON.SEND
|
Missed conversion from host to network byte order |
3 |
false |
9.2 |
|
|
BYTEORDER.HTON.WRITE
|
Missed conversion from host to network byte order |
3 |
false |
9.2 |
|
|
BYTEORDER.NTOH.READ
|
Missed conversion from network to host byte order |
3 |
false |
9.2 |
|
|
BYTEORDER.NTOH.RECV
|
Missed conversion from network to host byte order |
3 |
false |
9.2 |
|
|
CL.ASSIGN.NON_CONST_ARG
|
Assignment operator declares non-constant reference argument |
4 |
true |
9.5 |
|
|
CL.ASSIGN.RETURN_CONST
|
Assignment operator returns constant reference |
4 |
true |
9.5 |
|
|
CL.ASSIGN.VOID
|
Assignment operator returns void |
4 |
true |
9.5 |
|
|
CL.FFM.ASSIGN
|
Use of free memory (double free) - no operator= |
3 |
true |
Pre-9.2 |
9.5 |
|
CL.FFM.COPY
|
Use of free memory (double free) - no copy constructor |
3 |
true |
Pre-9.2 |
9.5 |
|
CL.FMM
|
Freeing Mismatched Memory - in destructor |
3 |
true |
Pre-9.2 |
9.5, 10.1 |
|
CL.MLK
|
Memory Leak - in destructor |
3 |
true |
Pre-9.2 |
9.5 |
|
CL.MLK.ASSIGN
|
Memory Leak - in assignment operator |
3 |
true |
10.1 |
|
|
CL.MLK.VIRTUAL
|
Memory Leak - possible in destructor |
2 |
true |
Pre-9.2 |
9.5 |
|
CL.SELF-ASSIGN
|
Use of free memory (double free) - in operator= |
2 |
true |
Pre-9.2 |
9.5 |
|
CL.SHALLOW.ASSIGN
|
Use of free memory (double free) - shallow copy in operator= |
2 |
true |
10.1 |
|
|
CL.SHALLOW.COPY
|
Use of free memory (double free) - shallow copy in copy constructor |
2 |
true |
10.1 |
|
|
CONC.DL
|
Deadlock |
2 |
false |
9.2 |
|
|
CONC.NO_UNLOCK
|
Missing unlock for variable |
2 |
true |
Pre-9.2 |
|
|
CONC.SLEEP
|
Function may block in critical section |
3 |
true |
Pre-9.2 |
|
|
CWARN.ALIGNMENT
|
Incorrect pointer scaling is used |
4 |
true |
9.5 |
|
|
CWARN.BAD.PTR.ARITH
|
Bad pointer arithmetic |
4 |
false |
10.0 |
|
|
CWARN.BITOP.SIZE
|
Operands of different size in bitwise operation |
4 |
true |
10.0 |
|
|
CWARN.BOOLOP.INC
|
A boolean is incremented or decremented |
4 |
true |
Pre-9.2 |
9.5 |
|
CWARN.CAST.VIRTUAL_INHERITANCE
|
C-style cast of pointer to object with virtual methods to pointer to its derived class |
4 |
false |
10.0 |
|
|
CWARN.CMPCHR.EOF
|
A 'char' expression compared with EOF constant |
4 |
false |
9.2 |
9.5 |
|
CWARN.CONSTCOND.DO
|
'do' controlling expression is constant |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.CONSTCOND.IF
|
'if' controlling expression is constant |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.CONSTCOND.SWITCH
|
'switch' selector expression is constant |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.CONSTCOND.TERNARY
|
Controlling condition in conditional expression is constant |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.CONSTCOND.WHILE
|
'while' controlling expression is constant |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.COPY.NOASSIGN
|
Class defines copy constructor, but no assignment operator |
4 |
false |
Pre-9.2 |
9.5, 11.0 |
|
CWARN.DTOR.NONVIRT.DELETE
|
Delete expression for an object of a class with virtual methods and no virtual destructor |
2 |
true |
Pre-9.2 |
9.5 |
|
CWARN.DTOR.NONVIRT.NOTEMPTY
|
Class has virtual functions inherited from a base class, but its destructor is not virtual and not empty |
2 |
true |
Pre-9.2 |
9.5 |
|
CWARN.EMPTY.LABEL
|
Empty label statement |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.EMPTY.TYPEDEF
|
Missing typedef name |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.FUNCADDR
|
Function address is used instead of a call to this function |
2 |
false |
Pre-9.2 |
9.5 |
|
CWARN.HIDDEN.PARAM
|
Parameter hidden by local variable |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.IMPLICITINT
|
Anachronistic 'implicit int' |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.INCL.ABSOLUTE
|
Absolute path is used in include directive |
4 |
false |
9.6 |
|
|
CWARN.INCL.NO_INTERFACE
|
Source file does not include its interface header |
4 |
false |
10.0 |
|
|
CWARN.INLINE.NONFUNC
|
'inline' used with non-function |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.MEMBER.INIT.ORDER
|
Members of the initialization list are not listed in the order in which they are declared in the class |
4 |
false |
9.5 |
10.4 |
|
CWARN.MEM.NONPOD
|
Memory manipulation routine applied to a non-POD object |
4 |
true |
10.0 |
|
|
CWARN.MEMSET.SIZEOF.PTR
|
Memset-like function is called for 'sizeof' applied to pointer |
4 |
false |
10.0 |
10.3, 11.1 |
|
CWARN.NOEFFECT.OUTOFRANGE
|
Value outside of range |
3 |
false |
10.1 |
|
|
CWARN.NOEFFECT.SELF_ASSIGN
|
A variable is assigned to self |
4 |
false |
9.2 |
9.5, 10.4 |
|
CWARN.NOEFFECT.UCMP.GE
|
Comparison of unsigned value against 0 is always true |
4 |
true |
Pre-9.2 |
9.5 |
|
CWARN.NOEFFECT.UCMP.GE.MACRO
|
Comparison of unsigned value against 0 within a macro is always true |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.NOEFFECT.UCMP.LT
|
Comparison of unsigned value against 0 is always false |
4 |
true |
Pre-9.2 |
9.5 |
|
CWARN.NOEFFECT.UCMP.LT.MACRO
|
Comparison of unsigned value against 0 within a macro is always false |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.NULLCHECK.FUNCNAME
|
Function address was directly compared against 0 |
4 |
true |
Pre-9.2 |
9.5 |
|
CWARN.OVERRIDE.CONST
|
Function overriding fails due to mismatch of 'const' qualifiers |
4 |
true |
Pre-9.2 |
9.5 |
|
CWARN.PACKED.TYPEDEF
|
'packed' attribute ignored in typedef |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.PASSBYVALUE.ARG
|
Function argument passed by value is too large |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.PASSBYVALUE.EXC
|
Exception object passed by value is too large |
4 |
false |
Pre-9.2 |
9.5 |
|
CWARN.RET.MAIN
|
Bad return type of main |
4 |
true |
Pre-9.2 |
9.5 |
|
CWARN.SIGNEDBIT
|
Signed one bit field |
4 |
true |
Pre-9.2 |
9.5 |
|
DBZ.CONST
|
Division by a zero constant occurs |
1 |
false |
10.3 |
|
|
DBZ.CONST.CALL
|
The value '0' is passed to function that can use this value as divisor |
1 |
false |
10.3 |
|
|
DBZ.GENERAL
|
Division by zero might occur |
1 |
false |
10.3 |
|
|
DBZ.ITERATOR
|
Division by zero might occur in a loop iterator |
1 |
false |
10.3 |
|
|
EFFECT
|
Statement has no effect |
4 |
false |
Pre-9.2 |
|
|
FMM.MIGHT
|
Freeing Mismatched Memory - possible |
2 |
true |
Pre-9.2 |
10.1 |
|
FMM.MUST
|
Freeing Mismatched Memory |
1 |
true |
Pre-9.2 |
10.1 |
|
FNH.MIGHT
|
Freeing Non-Heap Memory - possible |
1 |
true |
Pre-9.2 |
|
|
FNH.MUST
|
Freeing Non-Heap Memory |
2 |
true |
Pre-9.2 |
|
|
FREE.INCONSISTENT
|
Inconsistent Freeing of Memory |
3 |
false |
Pre-9.2 |
|
|
FUM.GEN.MIGHT
|
Freeing Unallocated Memory - possible |
1 |
true |
Pre-9.2 |
|
|
FUM.GEN.MUST
|
Freeing Unallocated Memory |
1 |
true |
Pre-9.2 |
|
|
FUNCRET.GEN
|
Non-void function does not return value |
1 |
true |
Pre-9.2 |
|
|
FUNCRET.IMPLICIT
|
Non-void function implicitly returning int does not return value |
2 |
true |
Pre-9.2 |
|
|
HCC
|
Use of hardcoded credentials |
2 |
true |
11.1 |
|
|
HCC.PWD
|
Use of a hardcoded password |
2 |
true |
11.1 |
|
|
HCC.USER
|
Use of a hardcoded user name |
2 |
true |
11.1 |
|
|
INCONSISTENT.LABEL
|
Inconsistent Case Labels |
4 |
true |
Pre-9.2 |
9.5 |
|
INCORRECT.ALLOC_SIZE
|
Incorrect Allocation Size |
3 |
true |
Pre-9.2 |
|
|
INFINITE_LOOP.GLOBAL
|
Infinite loop |
2 |
false |
9.5 |
|
|
INFINITE_LOOP.LOCAL
|
Infinite loop |
2 |
true |
9.5 |
10.1, 2017, 2017.3 |
|
INFINITE_LOOP.MACRO
|
Infinite loop |
2 |
false |
9.5 |
|
|
INVARIANT_CONDITION.GEN
|
Invariant expression in a condition |
3 |
false |
10.1 |
10.2 |
|
INVARIANT_CONDITION.UNREACH
|
Invariant expression in a condition |
3 |
false |
10.1 |
10.2 |
|
ITER.CONTAINER.MODIFIED
|
Use of invalid iterator |
3 |
true |
Pre-9.2 |
2017 |
|
ITER.END.DEREF.MIGHT
|
Dereference of 'end' iterator |
3 |
true |
9.5 |
|
|
ITER.END.DEREF.MUST
|
Dereference of 'end' iterator |
3 |
true |
9.5 |
|
|
ITER.INAPPROPRIATE
|
Use of iterator with inappropriate container object |
4 |
true |
9.5 |
|
|
ITER.INAPPROPRIATE.MULTIPLE
|
Use of iterator with inappropriate container object |
4 |
true |
9.5 |
|
|
LA_UNUSED
|
Label unused |
4 |
false |
Pre-9.2 |
|
|
LOCRET.ARG
|
Function returns address of local variable |
1 |
true |
Pre-9.2 |
9.5 |
|
LOCRET.GLOB
|
Function returns address of local variable |
1 |
true |
Pre-9.2 |
9.5 |
|
LOCRET.RET
|
Function returns address of local variable |
1 |
true |
Pre-9.2 |
9.5 |
|
LS.CALL
|
Suspicious use of non-localized string in GUI function |
3 |
false |
11.0 |
|
|
LS.CALL.STRING
|
Suspicious use of non-localized string in GUI function |
3 |
false |
11.0 |
|
|
LV_UNUSED.GEN
|
Local variable unused |
4 |
false |
Pre-9.2 |
|
|
MLK.MIGHT
|
Memory Leak - possible |
2 |
true |
Pre-9.2 |
9.2, 9.5 |
|
MLK.MUST
|
Memory Leak |
2 |
true |
Pre-9.2 |
9.2, 9.5, 11.1, 11.3 |
|
MLK.RET.MIGHT
|
Memory Leak - possible |
2 |
false |
9.6 |
|
|
MLK.RET.MUST
|
Memory Leak |
2 |
true |
9.6 |
|
|
NNTS.MIGHT
|
Buffer Overflow - Non-null Terminated String |
1 |
true |
Pre-9.2 |
9.2, 10.3 |
|
NNTS.MUST
|
Buffer Overflow - Non-null Terminated String |
1 |
true |
Pre-9.2 |
9.2, 10.3 |
|
NNTS.TAINTED
|
Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String |
1 |
true |
Pre-9.2 |
9.2, 10.3 |
|
NPD.CHECK.CALL.MIGHT
|
Pointer may be passed to function that can dereference it after it was positively checked for NULL |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.CHECK.CALL.MUST
|
Pointer will be passed to function that may dereference it after it was positively checked for NULL |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.CHECK.MIGHT
|
Pointer may be dereferenced after it was positively checked for NULL |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.CHECK.MUST
|
Pointer will be dereferenced after it was positively checked for NULL |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.CONST.CALL
|
NULL is passed to function that can dereference it |
1 |
false |
Pre-9.2 |
9.2, 9.5 |
|
NPD.CONST.DEREF
|
NULL is dereferenced |
1 |
false |
Pre-9.2 |
9.2, 9.5 |
|
NPD.FUNC.CALL.MIGHT
|
Result of function that may return NULL may be passed to another function that may dereference it |
1 |
false |
Pre-9.2 |
9.2, 9.5 |
|
NPD.FUNC.CALL.MUST
|
Result of function that may return NULL will be passed to another function that may dereference it |
1 |
false |
Pre-9.2 |
9.2, 9.5 |
|
NPD.FUNC.MIGHT
|
Result of function that can return NULL may be dereferenced |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.FUNC.MUST
|
Result of function that may return NULL will be dereferenced |
1 |
true |
Pre-9.2 |
9.2, 9.5, 10.4 |
|
NPD.GEN.CALL.MIGHT
|
Null pointer may be passed to function that may dereference it |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.GEN.CALL.MUST
|
Null pointer will be passed to function that may dereference it |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.GEN.MIGHT
|
Null pointer may be dereferenced |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
NPD.GEN.MUST
|
Null pointer will be dereferenced |
1 |
true |
Pre-9.2 |
9.2, 9.5, 11.0 |
|
NUM.OVERFLOW
|
Possible Overflow |
3 |
false |
10.1 |
|
|
PORTING.BITFIELDS
|
Usage of bitfields within a structure |
4 |
false |
9.2 |
9.5 |
|
PORTING.BSWAP.MACRO
|
A custom byte swap macro is used without checking endian |
4 |
false |
9.2 |
9.5 |
|
PORTING.BYTEORDER.SIZE
|
An incompatible type is used with a network macro such as 'ntohl' |
4 |
false |
9.2 |
9.5 |
|
PORTING.CAST.FLTPNT
|
Cast of a floating point expression to a non floating point type |
4 |
false |
9.2 |
9.5 |
|
PORTING.CAST.PTR
|
Cast between types that are not both pointers or not pointers |
4 |
false |
9.2 |
9.5 |
|
PORTING.CAST.PTR.FLTPNT
|
Cast of a pointer to a floating point expression to a non floating point type pointer |
4 |
false |
9.2 |
9.5 |
|
PORTING.CAST.PTR.SIZE
|
Attempt to cast an expression to a type of a potentially incompatible size |
4 |
false |
9.2 |
9.5 |
|
PORTING.CAST.SIZE
|
Expression is cast to a type of potentially different size |
4 |
false |
9.2 |
9.5 |
|
PORTING.CMPSPEC.EFFECTS.ASSIGNMENT
|
Assignment in a function parameter |
4 |
false |
9.2 |
9.5, 10.3 |
|
PORTING.CMPSPEC.TYPE.BOOL
|
Assignment to a 'bool' type is larger than 1 byte |
4 |
false |
9.2 |
9.5 |
|
PORTING.CMPSPEC.TYPE.LONGLONG
|
Use of 'long long' |
4 |
false |
9.2 |
9.5 |
|
PORTING.MACRO.NUMTYPE
|
Macro describing a builtin numeric type is used |
4 |
false |
9.2 |
9.5 |
|
PORTING.OPTS
|
Compiler dependant option is used |
4 |
false |
9.2 |
9.5 |
|
PORTING.PRAGMA.ALIGN
|
#pragma align usage |
4 |
false |
9.2 |
9.5 |
|
PORTING.PRAGMA.PACK
|
#pragma pack usage |
4 |
false |
9.2 |
9.5 |
|
PORTING.SIGNED.CHAR
|
'char' used without explicitly specifying signedness |
4 |
false |
9.2 |
9.5 |
|
PORTING.STORAGE.STRUCT
|
Byte position of elements in a structure could depend on alignment and packing attributes. |
4 |
false |
9.2 |
9.5 |
|
PORTING.STRUCT.BOOL
|
Struct/class has a bool member |
4 |
false |
9.2 |
9.5 |
|
PORTING.UNIONS
|
Union is used within an enclosing struct/class/other union |
4 |
false |
9.2 |
9.5 |
|
PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE
|
Relational expression may be always false depending on 'char' type signedness |
4 |
false |
9.2 |
9.5 |
|
PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE
|
Relational expression may be always true depending on 'char' type signedness |
4 |
false |
9.2 |
9.5 |
|
PORTING.UNSIGNEDCHAR.RELOP
|
Relational operations used between explicitly signed/unsigned char and char without signedness specification |
4 |
false |
9.2 |
9.5 |
|
PORTING.VAR.EFFECTS
|
Variable used twice in one expression where one usage is subject to side-effects |
4 |
false |
9.2 |
9.5 |
|
PRECISION.LOSS
|
Loss of Precision |
4 |
false |
Pre-9.2 |
9.5 |
|
PRECISION.LOSS.CALL
|
Loss of Precision during function call |
4 |
false |
Pre-9.2 |
9.5 |
|
RABV.CHECK
|
Suspicious use of index before boundary check |
1 |
true |
11.3 |
2017 |
|
RCA
|
Risky cryptographic algorithm used |
2 |
true |
11.0 |
2017 |
|
RCA.HASH.SALT.EMPTY
|
Use of a one-way hash with an empty salt |
2 |
true |
11.1 |
|
|
RETVOID.GEN
|
Non-void function returns void value |
2 |
true |
Pre-9.2 |
|
|
RETVOID.IMPLICIT
|
Implicitly int function returns void value |
2 |
true |
Pre-9.2 |
|
|
RH.LEAK
|
Resource leak |
2 |
true |
Pre-9.2 |
9.5, 11.1 |
|
RN.INDEX
|
Suspicious use of index before negative check |
1 |
true |
9.5 |
|
|
RNPD.CALL
|
Suspicious dereference of pointer in function call before NULL check |
1 |
true |
Pre-9.2 |
|
|
RNPD.DEREF
|
Suspicious dereference of pointer before NULL check |
1 |
true |
Pre-9.2 |
|
|
SEMICOL
|
Suspiciously placed semicolon |
4 |
false |
Pre-9.2 |
|
|
SPECTRE.VARIANT1
|
Potential exploit of speculative execution |
3 |
false |
2017.3, 2018, 2018.1* |
|
|
STRONG.TYPE.ASSIGN
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.ASSIGN.ARG
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.ASSIGN.CONST
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.ASSIGN.INIT
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.ASSIGN.RETURN
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.ASSIGN.ZERO
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.EXTRACT
|
Assignment does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.JOIN.CMP
|
Joining with binary operator does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.JOIN.CONST
|
Joining with binary operator does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.JOIN.EQ
|
Joining with binary operator does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.JOIN.OTHER
|
Joining with binary operator does not respect strong typing |
4 |
false |
9.2 |
|
|
STRONG.TYPE.JOIN.ZERO
|
Joining with binary operator does not respect strong typing |
4 |
false |
9.2 |
|
|
SV.BANNED.RECOMMENDED.ALLOCA
|
Banned recommended API: stack allocation functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.NUMERIC
|
Banned recommended API: unsafe numeric conversion functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.OEM
|
Banned recommended API: OEM character page conversion functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.PATH
|
Banned recommended API: unsafe path name manipulation functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.SCANF
|
Banned recommended API: unsafe scanf-type functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.SPRINTF
|
Banned recommended API: unsafe sprintf-type functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.STRLEN
|
Banned recommended API: unsafe string length functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.TOKEN
|
Banned recommended API: unsafe string tokenizing functions |
4 |
false |
9.5 |
|
|
SV.BANNED.RECOMMENDED.WINDOW
|
Banned recommended API: unsafe window functions |
4 |
false |
Pre-9.2 |
|
|
SV.BANNED.REQUIRED.CONCAT
|
Banned required API: unsafe string concatenation functions |
4 |
false |
9.5 |
|
|
SV.BANNED.REQUIRED.COPY
|
Banned required API: unsafe buffer copy functions |
4 |
false |
9.5 |
|
|
SV.BANNED.REQUIRED.GETS
|
Banned required API: unsafe stream reading functions |
4 |
false |
Pre-9.2 |
|
|
SV.BANNED.REQUIRED.ISBAD
|
Banned required API: IsBad-type functions |
4 |
false |
9.5 |
|
|
SV.BANNED.REQUIRED.SPRINTF
|
Banned required API: unsafe sprintf-type functions |
4 |
false |
9.5 |
|
|
SV.BFC.USING_STRUCT
|
Use of INADDR_ANY in sin_addr.s_addr field of struct sockaddr_in Structure Used for Call to bind Function |
4 |
false |
Pre-9.2 |
|
|
SV.BRM.HKEY_LOCAL_MACHINE
|
HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function |
4 |
false |
Pre-9.2 |
|
|
SV.CODE_INJECTION.SHELL_EXEC
|
Command Injection into Shell Execution |
3 |
false |
Pre-9.2 |
|
|
SV.DLLPRELOAD.NONABSOLUTE.DLL
|
Potential DLL-preload hijack vector |
2 |
false |
9.5 |
|
|
SV.DLLPRELOAD.NONABSOLUTE.EXE
|
Potential process injection vector |
2 |
false |
9.5 |
|
|
SV.DLLPRELOAD.SEARCHPATH
|
Do not use SearchPath to find DLLs |
2 |
false |
9.5 |
|
|
SV.FIU.PROCESS_VARIANTS
|
Use of Dangerous Process Creation |
4 |
false |
Pre-9.2 |
11.3 |
|
SV.FMTSTR.GENERIC
|
Format String Vulnerability |
1 |
false |
Pre-9.2 |
11.2 |
|
SV.FMT_STR.BAD_SCAN_FORMAT
|
Input format specifier error |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD
|
Incompatible type of a print function parameter |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED
|
Unexpected type of a print function parameter |
4 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.PRINT_IMPROP_LENGTH
|
Improper use of length modifier in a print function call |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW
|
Too few arguments in a print function call |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY
|
Too many arguments in a print function call |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD
|
Incompatible type of a scan function parameter |
2 |
true |
10.0 |
11.3 |
|
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED
|
Unexpected type of a scan function parameter |
2 |
true |
10.0 |
|
|
SV.FMT_STR.SCAN_IMPROP_LENGTH
|
Improper use of length modifier in a scan function call |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW
|
Too few arguments in a scan function call |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY
|
Too many arguments in a scan function call |
2 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.UNKWN_FORMAT
|
Unknown format specifier in a print function call |
3 |
true |
Pre-9.2 |
9.5 |
|
SV.FMT_STR.UNKWN_FORMAT.SCAN
|
Unknown format specifier in a scan function call |
3 |
true |
Pre-9.2 |
9.5 |
|
SV.INCORRECT_RESOURCE_HANDLING.URH
|
Insecure Resource Handling |
3 |
false |
Pre-9.2 |
|
|
SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS
|
Insecure Resource Handling |
3 |
false |
Pre-9.2 |
|
|
SV.LPP.CONST
|
Use of Insecure Macro for Dangerous Functions |
3 |
false |
9.5 |
|
|
SV.LPP.VAR
|
Use of Insecure Parameter for Dangerous Functions |
3 |
false |
9.5 |
|
|
SV.PCC.CONST
|
Insecure (Constant) Temporary File Name in Call to CreateFile |
4 |
false |
Pre-9.2 |
|
|
SV.PCC.INVALID_TEMP_PATH
|
Insecure Temporary File Name in Call to CreateFile |
4 |
false |
Pre-9.2 |
|
|
SV.PCC.MISSING_TEMP_CALLS.MUST
|
Missing Secure Temporary File Names in Call to CreateFile |
4 |
false |
Pre-9.2 |
|
|
SV.PCC.MISSING_TEMP_FILENAME
|
Missing Temporary File Name in Call to CreateFile |
4 |
false |
Pre-9.2 |
|
|
SV.PCC.MODIFIED_BEFORE_CREATE
|
Modification of Temporary File Name before Call to CreateFile |
4 |
false |
Pre-9.2 |
|
|
SV.PIPE.CONST
|
Potential pipe hijacking |
3 |
false |
9.5 |
|
|
SV.PIPE.VAR
|
Potential pipe hijacking |
3 |
false |
9.5 |
|
|
SV.RVT.RETVAL_NOTTESTED
|
Ignored Return Value |
4 |
false |
Pre-9.2 |
|
|
SV.SIP.CONST
|
Use of Insecure Macro for Dangerous Functions |
3 |
false |
9.6 |
|
|
SV.SIP.VAR
|
Use of Insecure Parameter for Dangerous Functions |
3 |
false |
9.6 |
|
|
SV.STRBO.BOUND_COPY.OVERFLOW
|
Buffer Overflow in Bound String Copy |
1 |
false |
10.0 |
|
|
SV.STRBO.BOUND_COPY.UNTERM
|
Possible Buffer Overflow in Following String Operations |
2 |
false |
10.0 |
|
|
SV.STRBO.BOUND_SPRINTF
|
Buffer Overflow in Bound sprintf |
1 |
false |
Pre-9.2 |
10.3 |
|
SV.STRBO.UNBOUND_COPY
|
Buffer Overflow in Unbound String Copy |
1 |
false |
Pre-9.2 |
|
|
SV.STRBO.UNBOUND_SPRINTF
|
Buffer Overflow in Unbound sprintf |
1 |
false |
Pre-9.2 |
|
|
SV.STR_PAR.UNDESIRED_STRING_PARAMETER
|
Undesired String for File Path |
4 |
false |
Pre-9.2 |
|
|
SV.TAINTED.ALLOC_SIZE
|
Use of Unvalidated Integer in Memory Allocation |
2 |
true |
Pre-9.2 |
10.1, 10.2 |
|
SV.TAINTED.BINOP
|
Use of Unvalidated Integer in Binary Operation |
3 |
false |
10.3 |
|
|
SV.TAINTED.CALL.BINOP
|
Use of Unvalidated Integer in Binary Operation |
3 |
false |
10.3 |
|
|
SV.TAINTED.CALL.DEREF
|
Dereference Of An Unvalidated Pointer |
3 |
false |
11.2 |
|
|
SV.TAINTED.CALL.INDEX_ACCESS
|
Use of Unvalidated Integer as Array Index by Function Call |
2 |
true |
Pre-9.2 |
10.1, 10.2 |
|
SV.TAINTED.CALL.LOOP_BOUND
|
Use of Unvalidated Integer in Loop Condition through a Function Call |
2 |
true |
Pre-9.2 |
10.1, 10.2 |
|
SV.TAINTED.DEREF
|
Dereference Of An Unvalidated Pointer |
3 |
false |
11.2 |
|
|
SV.TAINTED.FMTSTR
|
Use of Unvalidated Data in a Format String |
1 |
true |
Pre-9.2 |
10.1 |
|
SV.TAINTED.INDEX_ACCESS
|
Use of Unvalidated Integer as Array Index |
1 |
true |
Pre-9.2 |
10.1, 10.2, 11.1, 2017 |
|
SV.TAINTED.INJECTION
|
Command Injection |
3 |
true |
Pre-9.2 |
10.1 |
|
SV.TAINTED.LOOP_BOUND
|
Use of Unvalidated Integer in Loop Condition |
2 |
true |
Pre-9.2 |
10.1, 10.2 |
|
SV.TAINTED.PATH_TRAVERSAL
|
Use of Unvalidated Data in a Path Traversal |
1 |
true |
11.0 |
|
|
SV.TAINTED.SECURITY_DECISION
|
Security Decision |
3 |
false |
10.4 |
|
|
SV.TOCTOU.FILE_ACCESS
|
Time of Creation/Time of Use Race condition in File Access |
4 |
false |
Pre-9.2 |
11.3 |
|
SV.UNBOUND_STRING_INPUT.CIN
|
Usage of cin for unbounded string input |
1 |
true |
9.5 |
|
|
SV.UNBOUND_STRING_INPUT.FUNC
|
Usage of unbounded string input |
1 |
true |
9.5 |
|
|
SV.USAGERULES.PERMISSIONS
|
Use of Privilege Elevation |
4 |
false |
Pre-9.2 |
11.3 |
|
SV.USAGERULES.PROCESS_VARIANTS
|
Use of Dangerous Process Creation Function |
4 |
false |
Pre-9.2 |
|
|
SV.USAGERULES.SPOOFING
|
Use of Function Susceptible to Spoofing |
4 |
false |
Pre-9.2 |
|
|
SV.WEAK_CRYPTO.WEAK_HASH
|
Weak Hash Function |
4 |
false |
Pre-9.2 |
|
|
UFM.DEREF.MIGHT
|
Use of free memory (access) - possible |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.DEREF.MUST
|
Use of Freed Memory by Pointer |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.FFM.MIGHT
|
Use of free memory (double free) - possible |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.FFM.MUST
|
Freeing Freed Memory |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.RETURN.MIGHT
|
Use of freed memory (return) - possible |
2 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.RETURN.MUST
|
Use of Freed Memory on Return |
2 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.USE.MIGHT
|
Use of free memory - possible |
2 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UFM.USE.MUST
|
Use of Freed Memory |
2 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.CTOR.MIGHT
|
Uninitialized Variable in Constructor - possible |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.CTOR.MUST
|
Uninitialized Variable in Constructor |
2 |
false |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.HEAP.MIGHT
|
Uninitialized Heap Use - possible |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.HEAP.MUST
|
Uninitialized Heap Use |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.STACK.ARRAY.MIGHT
|
Uninitialized Array - possible |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.STACK.ARRAY.MUST
|
Uninitialized Array |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.STACK.ARRAY.PARTIAL.MUST
|
Partialy Uninitialized Array |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.STACK.MIGHT
|
Uninitialized Variable - possible |
1 |
true |
Pre-9.2 |
9.2, 9.5 |
|
UNINIT.STACK.MUST
|
Uninitialized Variable |
1 |
true |
Pre-9.2 |
9.2, 9.5, 11.2 |
|
UNREACH.GEN
|
Unreachable code |
3 |
false |
Pre-9.2 |
9.2, 9.5, 10.1, 10.3, 10.4, 11.2 |
|
UNREACH.RETURN
|
Unreachable Void Return |
3 |
false |
Pre-9.2 |
9.2, 9.5, 11.2 |
|
UNREACH.SIZEOF
|
Architecture-related unreachable code |
3 |
false |
10.1 |
|
|
UNUSED.FUNC.GEN
|
Function defined but not used |
4 |
false |
10.1 |
11.3 |
|
UNUSED.FUNC.WARN
|
Potential unused function |
4 |
false |
10.1 |
11.3 |
|
VA_UNUSED.GEN
|
Value is Never Used after Assignment |
4 |
false |
Pre-9.2 |
9.5 |
|
VA_UNUSED.INIT
|
Value is Never Used after Initialization |
4 |
false |
Pre-9.2 |
9.5, 11.2 |
|
VOIDRET
|
Void function returns value |
2 |
true |
Pre-9.2 |
9.5 |
