DISA STIG version 3 IDs mapped to Klocwork C and C++ checkers

MISRA.EXPANSION.UNSAFE Unsafe macro usage

MISRA.INCL.UNSAFE Unsafe header inclusion

LA_UNUSED  Label unused

UNREACH.GEN  Unreachable code

UNREACH.RETURN  Unreachable Void Return

UNREACH.SIZEOF  Architecture-related unreachable code

VA_UNUSED.GEN  Value is Never Used after Assignment

VA_UNUSED.INIT  Value is Never Used after Initialization

SV.USAGERULES.SPOOFING  Use of Function Susceptible to Spoofing

SV.PCC.CONST  Insecure (Constant) Temporary File Name in Call to CreateFile

SV.PCC.INVALID_TEMP_PATH  Insecure Temporary File Name in Call to CreateFile

SV.PCC.MISSING_TEMP_CALLS.MUST  Missing Secure Temporary File Names in Call to CreateFile

SV.PCC.MISSING_TEMP_FILENAME  Missing Temporary File Name in Call to CreateFile

CWARN.PASSBYVALUE.EXC  Exception object passed by value is too large

MISRA.CATCH.ALL No ellipsis exception handler in a try-catch block

MISRA.CATCH.BY_VALUE Exception object of class type is caught by value

MISRA.CATCH.NOALL Ellipsis exception handler is not the last one in a try-catch block

MISRA.CATCH.WRONGORD Handler for a base exception class precedes to a handler for a derived exception class in a try-catch block

MISRA.DECL.EXCPT.SPEC Function is declared with different exception specifications

MISRA.THROW.EMPTY Empty throw expression does not belong to a catch block

MISRA.THROW.NULL NULL is thrown explicitly

MISRA.THROW.PTR Exception object is a pointer

SV.INCORRECT_RESOURCE_HANDLING.URH  Insecure Resource Handling

SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS  Insecure Resource Handling

SV.RVT.RETVAL_NOTTESTED  Ignored Return Value

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

HCC  Use of hardcoded credentials

HCC.PWD  Use of a hardcoded password

HCC.USER  Use of a hardcoded user name

RCA  Risky cryptographic algorithm used

RCA.HASH.SALT.EMPTY  Use of a one-way hash with an empty salt

SV.WEAK_CRYPTO.WEAK_HASH  Weak Hash Function

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

SV.BRM.HKEY_LOCAL_MACHINE  HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.PIPE.VAR  Potential pipe hijacking

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

ABV.TAINTED  Buffer Overflow from Unvalidated Input

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.TAINTED.ALLOC_SIZE  Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.DEREF  Dereference Of An Unvalidated Pointer

SV.TAINTED.CALL.INDEX_ACCESS  Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.DEREF  Dereference Of An Unvalidated Pointer

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS  Use of Unvalidated Integer as Array Index

SV.TAINTED.LOOP_BOUND  Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL  Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION  Security Decision

SV.TAINTED.INJECTION  Command Injection

SV.TAINTED.INJECTION  Command Injection

DBZ.CONST  Division by a zero constant occurs

DBZ.CONST.CALL  The value '0' is passed to function that can use this value as divisor

DBZ.GENERAL  Division by zero might occur

DBZ.ITERATOR  Division by zero might occur in a loop iterator

MISRA.CAST.FLOAT Non-trivial float expression is cast to a wider type

MISRA.CAST.FLOAT.WIDER Cast of floating point expression to a wider floating point type

MISRA.CAST.FLOAT_INT Cast of floating point expression to integral type

MISRA.CAST.FUNC_PTR Cast between a function pointer and a non-integral type

MISRA.CAST.FUNC_PTR.2012 Conversion performed between a pointer to a function and another incompatible type

MISRA.CAST.FUNC_PTR.CPP Cast converts function pointer to other pointer type

MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012 Conversion performed between a pointer to an incomplete type and a different type

MISRA.CAST.INT Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.INT.SIGN Non-trivial integral expression is cast to type with different signedness

MISRA.CAST.INT.WIDER Cast of integral expression to a wider integral type

MISRA.CAST.INT_FLOAT Cast of integral expression to floating point type

MISRA.CAST.INT_TO_PTR Object with integer type or pointer to void cast to pointer type

MISRA.CAST.OBJ_PTR_TO_INT.2012 Conversion performed between a pointer to an object and an integer type

MISRA.CAST.OBJ_PTR_TO_NON_INT.2012 A cast between a pointer to object and a non-integer arithmetic type

MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012 Cast between a pointer to object type and a pointer to a different object type

MISRA.CAST.POLY.TYPE Cast from a polymorphic base class to a derived class

MISRA.CAST.PTR Cast between a pointer to object type and a different pointer to object type

MISRA.CAST.PTR.UNRELATED Object of pointer type cast to unrelated type

MISRA.CAST.PTR.VRCLASS A cast form pointer to a virtual base class to pointer to a derived class does not use 'dynamic_cast'

MISRA.CAST.PTR_TO_INT Cast between a pointer and an integral type

MISRA.CAST.UNSIGNED_BITS The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.CAST.VOID_PTR_TO_INT.2012 Cast between a pointer to void and an arithmetic type

MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012 Conversion performed from a pointer to void to a pointer to an object

MISRA.UMINUS.UNSIGNED Operand of unary minus is unsigned

PRECISION.LOSS  Loss of Precision

PRECISION.LOSS.CALL  Loss of Precision during function call

SV.TAINTED.BINOP  Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP  Use of Unvalidated Integer in Binary Operation

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.FMT_STR.BAD_SCAN_FORMAT  Input format specifier error

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD  Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED  Unexpected type of a print function parameter

SV.FMT_STR.PRINT_IMPROP_LENGTH  Improper use of length modifier in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW  Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY  Too many arguments in a print function call

SV.FMT_STR.UNKWN_FORMAT  Unknown format specifier in a print function call

SV.TAINTED.FMTSTR  Use of Unvalidated Data in a Format String

SV.TAINTED.INJECTION  Command Injection

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.CODE_INJECTION.SHELL_EXEC  Command Injection into Shell Execution

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.TAINTED.INJECTION  Command Injection

ABV.ANY_SIZE_ARRAY  Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL  Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR  Buffer Overflow - Array Index may be out of Bounds

ABV.STACK  Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED  Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP  Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP  Mapping function failed

ABV.UNICODE.NNTS_MAP  Buffer overflow in mapping character function

NNTS.MIGHT  Buffer Overflow - Non-null Terminated String

NNTS.MUST  Buffer Overflow - Non-null Terminated String

NNTS.TAINTED  Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

RABV.CHECK  Suspicious use of index before boundary check

SV.STRBO.BOUND_COPY.OVERFLOW  Buffer Overflow in Bound String Copy

SV.STRBO.BOUND_COPY.UNTERM  Possible Buffer Overflow in Following String Operations

SV.STRBO.BOUND_SPRINTF  Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_COPY  Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF  Buffer Overflow in Unbound sprintf

SV.TAINTED.INJECTION  Command Injection

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.FMT_STR.BAD_SCAN_FORMAT  Input format specifier error

SV.STRBO.UNBOUND_COPY  Buffer Overflow in Unbound String Copy

SV.STRBO.UNBOUND_SPRINTF  Buffer Overflow in Unbound sprintf

SV.TAINTED.INJECTION  Command Injection

SV.USAGERULES.PERMISSIONS  Use of Privilege Elevation

ABV.GENERAL  Buffer Overflow - Array Index Out of Bounds

MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value

SV.DLLPRELOAD.NONABSOLUTE.DLL  Potential DLL-preload hijack vector

SV.TOCTOU.FILE_ACCESS  Time of Creation/Time of Use Race condition in File Access

MISRA.DEFINE.NOTGLOBAL Define not at the global level

MISRA.ONEDEFRULE.VAR Global variable definition in a header file

CONC.DL  Deadlock

SV.LPP.CONST  Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR  Use of Insecure Parameter for Dangerous Functions

SV.PIPE.CONST  Potential pipe hijacking

SV.FMTSTR.GENERIC  Format String Vulnerability

SV.FMTSTR.GENERIC  Format String Vulnerability

CONC.DL  Deadlock