Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This page was automatically generated and should not be edited.

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

CERT Rule

Related Guidelines

STR34-CCWE-704, Incorrect Type Conversion or Cast
MSC41-CCWE-259, Use of Hard-Coded Password
MSC41-CCWE-798, Use of Hard-Coded Credentials
API00-CCWE-476
API07-CCWE-192
API07-CCWE-227
API07-CCWE-590
API07-CCWE-686
API07-CCWE-704
API07-CCWE-761
API07-CCWE-762
API07-CCWE-843
ARR01-CCWE-569
ARR01-CCWE-783
CON05-CCWE-557
CON05-CCWE-662
CON07-CCWE-366, Race condition within a thread
CON07-CCWE-413, Improper resource locking
CON07-CCWE-567, Unsynchronized access to shared data in a multithreaded context
CON07-CCWE-667, Improper locking
CON08-CCWE-362, Concurrent execution using shared resource with improper synchronization ("race condition")
CON08-CCWE-366, Race condition within a thread
CON08-CCWE-662, Improper synchronization
DCL06-CCWE-547, Use of hard-coded, security-relevant constants
DCL10-CCWE-628, Function call with incorrectly specified arguments
ENV01-CCWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer
ENV01-CCWE-123, Write-what-where Condition
ENV01-CCWE-125, Out-of-bounds Read
ENV02-CCWE-462, Duplicate key in associative list (Alist)
ENV02-CCWE-807, Reliance on untrusted inputs in a security decision
ENV03-CCWE-78, Failure to sanitize data into an OS command (aka "OS command injection")
ENV03-CCWE-88, Argument injection or modification
ENV03-CCWE-426, Untrusted search path
ENV03-CCWE-471, Modification of Assumed-Immutable Data (MAID)
ENV03-CCWE-807, Reliance on intrusted inputs in a security decision
ERR00-CCWE-391, Unchecked error condition
ERR00-CCWE-544, Missing standardized error handling mechanism
ERR04-CCWE-705, Incorrect control flow scoping
ERR07-CCWE-20, Improper Input Validation
ERR07-CCWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ERR07-CCWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ERR07-CCWE-91, XML Injection (aka Blind XPath Injection)
ERR07-CCWE-94, Improper Control of Generation of Code ('Code Injection')
ERR07-CCWE-114, Process Control
ERR07-CCWE-601, URL Redirection to Untrusted Site ('Open Redirect')
ERR07-CCWE-676, Use of potentially dangerous function
EXP02-CCWE-768, Incorrect short circuit evaluation
EXP05-CCWE-704, Incorrect type conversion or cast
EXP08-CCWE-468, Incorrect pointer scaling
EXP09-CCWE-805, Buffer access with incorrect length value
EXP12-CCWE-754, Improper check for unusual or exceptional conditions
EXP15-CCWE-480, Use of incorrect operator
EXP16-CCWE-480, Use of incorrect operator
EXP16-CCWE-482, Comparing instead of assigning
FIO01-CCWE-73, External control of file name or path
FIO01-CCWE-367, Time-of-check, time-of-use race condition
FIO01-CCWE-676, Use of potentially dangerous function
FIO02-CCWE-22, Path traversal
FIO02-CCWE-23, Relative Path Traversal
FIO02-CCWE-28, Path Traversal: '..\filedir'
FIO02-CCWE-40, Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
FIO02-CCWE-41, Failure to resolve path equivalence
FIO02-CCWE-59, Failure to resolve links before file access (aka "link following")
FIO02-CCWE-73, External control of file name or path
FIO05-CCWE-37, Path issue—Slash absolute path
FIO05-CCWE-38, Path Issue—Backslash absolute path
FIO05-CCWE-39, Path Issue—Drive letter or Windows volume
FIO05-CCWE-62, UNIX hard link
FIO05-CCWE-64, Windows shortcut following (.LNK)
FIO05-CCWE-65, Windows hard link
FIO06-CCWE-276, Insecure default permissions
FIO06-CCWE-279, Insecure execution-assigned permissions
FIO06-CCWE-732, Incorrect permission assignment for critical resource
FIO15-CCWE-379, Creation of temporary file in directory with insecure permissions
FIO15-CCWE-552, Files or directories accessible to external parties
FIO21-CCWE-379, Creation of temporary file in directory with insecure permissions
FIO22-CCWE-403, UNIX file descriptor leak
FIO22-CCWE-404, Improper resource shutdown or release
FIO22-CCWE-770, Allocation of resources without limits or throttling
FIO24-CCWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition")
FIO24-CCWE-675, Duplicate Operations on Resource
FLP03-CCWE-369, Divide by zero
FLP06-CCWE-681, Incorrect conversion between numeric types
FLP06-CCWE-682, Incorrect calculation
INT02-CCWE-192, Integer coercion error
INT02-CCWE-197, Numeric truncation error
INT05-CCWE-192, Integer coercion error
INT05-CCWE-197, Numeric truncation error
INT07-CCWE-682, Incorrect calculation
INT10-CCWE-682, Incorrect calculation
INT10-CCWE-129, Unchecked array indexing
INT13-CCWE-682, Incorrect calculation
INT15-CCWE-681, Incorrect conversion between numeric types
INT18-CCWE-681, Incorrect conversion between numeric types
INT18-CCWE-190, Integer overflow (wrap or wraparound)
MEM00-CCWE-415, Double free
MEM00-CCWE-416, Use after free
MEM01-CCWE-415, Double free
MEM01-CCWE-416, Use after free
MEM03-CCWE-226, Sensitive information uncleared before release
MEM03-CCWE-244, Failure to clear heap memory before release ("heap inspection")
MEM04-CCWE-687, Function call with incorrectly specified argument value
MEM06-CCWE-591, Sensitive data storage in improperly locked memory
MEM06-CCWE-528, Information leak through core dump files
MEM07-CCWE-190, Integer overflow (wrap or wraparound)
MEM07-CCWE-128, Wrap-around error
MEM10-CCWE-20, Improper Input Validation
MEM10-CCWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
MEM10-CCWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
MEM10-CCWE-91, XML Injection (aka Blind XPath Injection)
MEM10-CCWE-94, Improper Control of Generation of Code ('Code Injection')
MEM10-CCWE-114, Process Control
MEM10-CCWE-601, URL Redirection to Untrusted Site ('Open Redirect')
MEM11-CCWE-770, Allocation of resources without limits or throttling
MSC00-CCWE-563, Unused variable
MSC00-CCWE-570, Expression is always false
MSC00-CCWE-571, Expression is always true
MSC06-CCWE-14, Compiler removal of code to clear buffers
MSC07-CCWE-561, Dead code
MSC09-CCWE-116, Improper encoding or escaping of output
MSC10-CCWE-176, Failure to handle Unicode encoding
MSC10-CCWE-116, Improper encoding or escaping of output
MSC11-CCWE-190, Reachable assertion
MSC18-CCWE-259, Use of Hard-coded Password
MSC18-CCWE-261, Weak Cryptography for Passwords
MSC18-CCWE-311, Missing encryption of sensitive data
MSC18-CCWE-319, Cleartext Transmission of Sensitive Information
MSC18-CCWE-321, Use of Hard-coded Cryptographic Key
MSC18-CCWE-326, Inadequate encryption strength
MSC18-CCWE-798, Use of hard-coded credentials
MSC24-CCWE-20, Insufficient input validation
MSC24-CCWE-73, External control of file name or path
MSC24-CCWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
MSC24-CCWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
MSC24-CCWE-91, XML Injection (aka Blind XPath Injection)
MSC24-CCWE-94, Improper Control of Generation of Code ('Code Injection')
MSC24-CCWE-114, Process Control
MSC24-CCWE-120, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
MSC24-CCWE-192, Integer coercion error
MSC24-CCWE-197, Numeric truncation error
MSC24-CCWE-367, Time-of-check, time-of-use race condition
MSC24-CCWE-464, Addition of data structure sentinel
MSC24-CCWE-601, URL Redirection to Untrusted Site ('Open Redirect')
MSC24-CCWE-676, Use of potentially dangerous function
POS01-CCWE-59, Failure to resolve links before file access (aka "link following")
POS01-CCWE-362, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
POS01-CCWE-367, Time-of-check, time-of-use (TOCTOU) race condition
POS02-CCWE-250, Execution with unnecessary privileges
POS02-CCWE-272, Least privilege violation
PRE09-CCWE-684, Failure to provide specified functionality
SIG00-CCWE-662, Insufficient synchronization
STR02-CCWE-88, Argument injection or modification
STR02-CCWE-78, Failure to sanitize data into an OS command (aka "OS command injection")
STR03-CCWE-170, Improper null termination
STR03-CCWE-464, Addition of data structure sentinel
STR06-CCWE-464, Addition of data structure sentinel
WIN02-CCWE-250, Execution with unnecessary privileges
WIN02-CCWE-272, Least privilege violation
WIN04-CCWE-311, Missing encryption of sensitive data
WIN04-CCWE-319, Cleartext Transmission of Sensitive Information