• Apex
  • C/C++
  • C#
  • CUDA
  • Go
  • Java
  • JavaScript
  • Kotlin
  • PHP
  • Python
  • Ruby
  • VB.NET

Apex

Coverity Version 2021.9.0 - Apex
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

PMD.VfUnescapeEl

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

PMD.ApexSOQLInjection

A1: Injection

917

Improper Neutralization of Special Elements Used in an Expression Language Statement ("Expression Language Injection")

PMD.VfUnescapeEl

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

PMD.ApexSOQLInjection

A2: Broken Authentication

287

Improper Authentication

PMD.ApexBadCrypto, PMD.ApexSuggestUsingNamedCred

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

PMD.ApexInsecureEndpoint

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

PMD.ApexInsecureEndpoint

A3: Sensitive Data Exposure

320

Key Management Errors

PMD.ApexBadCrypto

A5: Broken Access Control

284

Improper Access Control

PMD.ApexBadCrypto, PMD.ApexCRUDViolation, PMD.ApexSharingViolations, PMD.ApexSuggestUsingNamedCred

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

PMD.ApexXSSFromEscapeFalse, PMD.ApexXSSFromURLParam, PMD.VfHtmlStyleTagXss

C/C++

Coverity Version 2021.9.0 - C/C++
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

CERT STR02-C, HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection ("Blind XPath Injection")

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

CERT MSC18-C, HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

CERT MSC18-C, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

AUTOSAR C++14 A20-8-2, AUTOSAR C++14 A20-8-3, AUTOSAR C++14 A20-8-4, AUTOSAR C++14 A20-8-7, CERT POS37-C, HARDCODED_CREDENTIALS, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A5: Broken Access Control

285

Improper Authorization

SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

AUTOSAR C++14 A15-3-3, MISRA C++-2008 Rule 15-3-2, SENSITIVE_DATA_LEAK, UNCAUGHT_EXCEPT

C#

Coverity Version 2021.9.0 - C#
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI, SQL_NOT_CONSTANT

A1: Injection

90

Improper Neutralization of Special Elements Used in an LDAP Query ("LDAP Injection")

LDAP_INJECTION, LDAP_NOT_CONSTANT

A1: Injection

91

XML Injection ("Blind XPath Injection")

XML_INJECTION, XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

LDAP_INJECTION, LDAP_NOT_CONSTANT, SQLI, SQL_NOT_CONSTANT, XPATH_INJECTION

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, UNKNOWN_LANGUAGE_INJECTION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

522

Insufficiently Protected Credentials

CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.HARDCODED_CREDENTIALS_AUDIT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

CONFIG.ASP_VIEWSTATE_MAC, INSECURE_COOKIE, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

CORS_MISCONFIGURATION_AUDIT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

ASPNET_MVC_VERSION_HEADER, CONFIG.ASPNET_VERSION_HEADER, CONFIG.COOKIES_MISSING_HTTPONLY, CONFIG.DYNAMIC_DATA_HTML_COMMENT, CONFIG.ENABLED_DEBUG_MODE, CONFIG.ENABLED_TRACE_MODE

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

1030

XML External Entities (XXE)

UNSAFE_XML_PARSE_CONFIG

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.DEAD_AUTHORIZATION_RULE, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, MISSING_AUTHZ, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, SQL_NOT_CONSTANT, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

285

Improper Authorization

CONFIG.DEAD_AUTHORIZATION_RULE, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, INSECURE_COOKIE, MISSING_AUTHZ, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI, SQL_NOT_CONSTANT

A6: Security Misconfiguration

16

Configuration

CONFIG.ASPNET_VERSION_HEADER, CONFIG.ASP_VIEWSTATE_MAC, CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.COOKIES_MISSING_HTTPONLY, CONFIG.DEAD_AUTHORIZATION_RULE, CONFIG.ENABLED_DEBUG_MODE, CONFIG.ENABLED_TRACE_MODE, CONFIG.MISSING_CUSTOM_ERROR_PAGE, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION

CUDA

Coverity Version 2021.9.0 - CUDA
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

CERT STR02-C, HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection ("Blind XPath Injection")

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

CERT MSC18-C, HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

CERT MSC18-C, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

AUTOSAR C++14 A20-8-2, AUTOSAR C++14 A20-8-3, AUTOSAR C++14 A20-8-4, AUTOSAR C++14 A20-8-7, CERT POS37-C, HARDCODED_CREDENTIALS, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A5: Broken Access Control

285

Improper Authorization

SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

AUTOSAR C++14 A15-3-3, MISRA C++-2008 Rule 15-3-2, SENSITIVE_DATA_LEAK, UNCAUGHT_EXCEPT

Go

Coverity Version 2021.9.0 - Go
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection ("Blind XPath Injection")

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

ANONYMOUS_DB_CONNECTION, CONFIG.COOKIE_SIGNING_DISABLED, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, STATIC_API_KEY, UNSAFE_BASIC_AUTH

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

613

Insufficient Session Expiration

CONFIG.UNSAFE_SESSION_TIMEOUT

A2: Broken Authentication

1028

Broken Authentication

INSECURE_COMMUNICATION, INSECURE_COOKIE, INSECURE_NETWORK_BIND

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

CORS_MISCONFIGURATION_AUDIT, INSECURE_COMMUNICATION, INSECURE_NETWORK_BIND, SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

EXPOSED_DIRECTORY_LISTING

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANONYMOUS_DB_CONNECTION, BAD_CERT_VERIFICATION, CONFIG.COOKIE_SIGNING_DISABLED, CONFIG.UNSAFE_SESSION_TIMEOUT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COOKIE, INSECURE_FILE_PERMISSIONS, OAUTH2_MISCONFIGURATION, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SOCKET_ACCEPT_ALL_ORIGINS, SQLI, STATIC_API_KEY, UNSAFE_BASIC_AUTH

A5: Broken Access Control

285

Improper Authorization

ANONYMOUS_DB_CONNECTION, CONFIG.COOKIE_SIGNING_DISABLED, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, INSECURE_COOKIE, OAUTH2_MISCONFIGURATION, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.UNSAFE_SESSION_TIMEOUT, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

548

Exposure of Information Through Directory Listing

EXPOSED_DIRECTORY_LISTING

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

INSECURE_CSP, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

DISTRUSTED_DATA_DESERIALIZATION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

INSUFFICIENT_LOGGING

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

INSUFFICIENT_LOGGING

Java

Coverity Version 2021.9.0 - Java
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

CERT IDS07-J, EL_INJECTION, HEADER_INJECTION, MISSING_HEADER_VALIDATION, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

CERT IDS07-J, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, MISSING_HEADER_VALIDATION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

CONFIG.MYBATIS_MAPPER_SQLI, JSP_SQL_INJECTION, SQLI, SQL_NOT_CONSTANT

A1: Injection

90

Improper Neutralization of Special Elements Used in an LDAP Query ("LDAP Injection")

LDAP_INJECTION, LDAP_NOT_CONSTANT

A1: Injection

91

XML Injection ("Blind XPath Injection")

WEAK_XML_SCHEMA, XML_INJECTION, XPATH_INJECTION

A1: Injection

564

SQL Injection: Hibernate

CONFIG.MYBATIS_MAPPER_SQLI, JSP_SQL_INJECTION, SQLI, SQL_NOT_CONSTANT

A1: Injection

917

Improper Neutralization of Special Elements Used in an Expression Language Statement ("Expression Language Injection")

EL_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

CONFIG.MYBATIS_MAPPER_SQLI, JSP_SQL_INJECTION, LDAP_INJECTION, LDAP_NOT_CONSTANT, SQLI, SQL_NOT_CONSTANT, XPATH_INJECTION

A1: Injection

1027

Injection

JAVA_CODE_INJECTION, JCR_INJECTION, JSP_DYNAMIC_INCLUDE, NOSQL_QUERY_INJECTION, OGNL_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, UNKNOWN_LANGUAGE_INJECTION, UNSAFE_JNI, UNSAFE_REFLECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

CERT MSC03-J, CERT SEC02-J, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT, CONFIG.SPRING_BOOT_ADMIN_ACCESS_ENABLED, CONFIG.SPRING_BOOT_SSL_DISABLED, CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS, CONFIG.SPRING_SECURITY_SESSION_FIXATION, CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH, CONFIG.WEAK_SECURITY_CONSTRAINT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, SESSION_FIXATION, SIGMA.empty_password_core_java_sql, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD, WEAK_URL_SANITIZATION

A2: Broken Authentication

384

Session Fixation

CONFIG.SPRING_SECURITY_SESSION_FIXATION, SESSION_FIXATION

A2: Broken Authentication

522

Insufficiently Protected Credentials

CONFIG.HARDCODED_CREDENTIALS_AUDIT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.empty_password_core_java_sql, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

613

Insufficient Session Expiration

CONFIG.UNSAFE_SESSION_TIMEOUT

A2: Broken Authentication

1028

Broken Authentication

CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID, CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP, CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER, DISABLED_ENCRYPTION, INSECURE_COOKIE, INSECURE_REMEMBER_ME_COOKIE, JSP_DYNAMIC_INCLUDE, VERBOSE_ERROR_REPORTING, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION, CONFIG.SPRING_BOOT_SSL_DISABLED

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

CERT MSC00-J, CONFIG.SPRING_BOOT_SSL_DISABLED, CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP, DISABLED_ENCRYPTION, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, INSECURE_REMEMBER_ME_COOKIE, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP, DISABLED_ENCRYPTION, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH, RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH, RISKY_CRYPTO, SIGMA.rsa_no_padding_core_java, SIGMA.unspecified_cipher_transformation_core_java, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

CONFIG.SPRING_BOOT_SSL_DISABLED, CONFIG.SPRING_SECURITY_EXPOSED_SESSIONID, CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP, CONFIG.SPRING_SECURITY_UNSAFE_AUTHENTICATION_FILTER, CORS_MISCONFIGURATION_AUDIT, DISABLED_ENCRYPTION, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA, VERBOSE_ERROR_REPORTING

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

CONFIG.DYNAMIC_DATA_HTML_COMMENT, CONFIG.JAVAEE_MISSING_HTTPONLY, CONFIG.SPRING_SECURITY_DEBUG_MODE

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

JSP_DYNAMIC_INCLUDE, PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANDROID_CAPABILITY_LEAK, ANDROID_WEBVIEW_FILEACCESS, BAD_CERT_VERIFICATION, CERT ENV03-J, CERT MSC03-J, CERT SEC00-J, CERT SEC01-J, CERT SEC02-J, CERT SEC06-J, CERT SER08-J, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT, CONFIG.MYBATIS_MAPPER_SQLI, CONFIG.SPRING_BOOT_ADMIN_ACCESS_ENABLED, CONFIG.SPRING_BOOT_SSL_DISABLED, CONFIG.SPRING_SECURITY_DEBUG_MODE, CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS, CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS, CONFIG.SPRING_SECURITY_SESSION_FIXATION, CONFIG.SPRING_SECURITY_WEAK_PASSWORD_HASH, CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN, CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION, CONFIG.STRUTS2_ENABLED_DEV_MODE, CONFIG.UNSAFE_SESSION_TIMEOUT, CONFIG.WEAK_SECURITY_CONSTRAINT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, IMPLICIT_INTENT, INSECURE_COMMUNICATION, INSECURE_REMEMBER_ME_COOKIE, JSP_SQL_INJECTION, MISSING_AUTHZ, MISSING_PERMISSION_FOR_BROADCAST, MISSING_PERMISSION_ON_EXPORTED_COMPONENT, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SESSION_FIXATION, SIGMA.empty_password_core_java_sql, SIGMA.insecure_file_permission_core_java, SQLI, SQL_NOT_CONSTANT, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD, WEAK_URL_SANITIZATION

A5: Broken Access Control

285

Improper Authorization

ANDROID_CAPABILITY_LEAK, CERT ENV03-J, CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT, CONFIG.MYBATIS_MAPPER_SQLI, CONFIG.SPRING_BOOT_SSL_DISABLED, CONFIG.SPRING_SECURITY_DEBUG_MODE, CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS, CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN, CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION, CONFIG.STRUTS2_ENABLED_DEV_MODE, CONFIG.WEAK_SECURITY_CONSTRAINT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, IMPLICIT_INTENT, JSP_SQL_INJECTION, MISSING_AUTHZ, MISSING_PERMISSION_FOR_BROADCAST, MISSING_PERMISSION_ON_EXPORTED_COMPONENT, SENSITIVE_DATA_LEAK, SIGMA.insecure_file_permission_core_java, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

425

Direct Request ("Forced Browsing")

CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

CONFIG.MYBATIS_MAPPER_SQLI, JSP_SQL_INJECTION, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.DUPLICATE_SERVLET_DEFINITION, CONFIG.HTTP_VERB_TAMPERING, CONFIG.JAVAEE_MISSING_HTTPONLY, CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER, CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT, CONFIG.SPRING_SECURITY_DEBUG_MODE, CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS, CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS, CONFIG.SPRING_SECURITY_LOGIN_OVER_HTTP, CONFIG.SPRING_SECURITY_SESSION_FIXATION, CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN, CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION, CONFIG.STRUTS2_ENABLED_DEV_MODE, CONFIG.UNSAFE_SESSION_TIMEOUT, INSECURE_COMMUNICATION, INSECURE_HTTP_FIREWALL, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK, VERBOSE_ERROR_REPORTING

A6: Security Misconfiguration

1032

Security Misconfiguration

CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

CONFIG.SPRING_SECURITY_DEPRECATED_XSS_HEADER, SIGMA.markdown_allow_dangerous_html_react, SIGMA.unsafe_innerhtml_manipulation_vue_jsx, XSS

A8:Insecure Deserialization

502

Deserialization of Untrusted Data

CERT SER01-J, CERT SER12-J, UNSAFE_DESERIALIZATION

A9: Insecure Deserialization

1035

Using Components with Known Vulnerabilities

CONFIG.ANDROID_UNSAFE_MINSDKVERSION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION

JavaScript

Coverity Version 2021.9.0 - JavaScript
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI

A1: Injection

1027

Injection

ANGULAR_EXPRESSION_INJECTION, NOSQL_QUERY_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

AWS_SSL_DISABLED, AWS_VALIDATION_DISABLED, CONFIG.COOKIE_SIGNING_DISABLED, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.HARDCODED_TOKEN, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, HPKP_MISCONFIGURATION, INSECURE_COMMUNICATION, MISSING_AUTHZ, MULTER_MISCONFIGURATION, SENSITIVE_DATA_LEAK, UNLESS_CASE_SENSITIVE_ROUTE_MATCHING, WEAK_URL_SANITIZATION

A2: Broken Authentication

522

Insufficiently Protected Credentials

AWS_SSL_DISABLED, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.HARDCODED_TOKEN, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK

A2: Broken Authentication

523

Unprotected Transport of Credentials

AWS_SSL_DISABLED, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK

A2: Broken Authentication

613

Insufficient Session Expiration

CONFIG.UNSAFE_SESSION_TIMEOUT, CORS_MISCONFIGURATION_AUDIT, HPKP_MISCONFIGURATION, INSUFFICIENT_PRESIGNED_URL_TIMEOUT, SIGMA.jwt_ignored_expiration_time_hapi, SIGMA.jwt_ignored_expiration_time_jsonwebtoken, SIGMA.jwt_ignored_start_time_hapi, SIGMA.jwt_ignored_start_time_jsonwebtoken, SIGMA.jwt_non_expiring_token_jsonwebtoken, TEMPORARY_CREDENTIALS_DURATION

A2: Broken Authentication

1028

Broken Authentication

INSECURE_ACL, INSECURE_COOKIE, INSECURE_REFERRER_POLICY, REVERSE_TABNABBING, UNSAFE_BUFFER_METHOD

A3: Sensitive Data Exposure

295

Improper Certificate Validation

AWS_VALIDATION_DISABLED, BAD_CERT_VERIFICATION, CONFIG.MYSQL_SSL_VERIFY_DISABLED, HPKP_MISCONFIGURATION, SIGMA.certificate_verification_disabled_node_request_strict_ssl

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

AWS_SSL_DISABLED, HAPI_SESSION_MONGO_MISSING_TLS, INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, SIGMA.missing_tls_node_ftp, SIGMA.missing_tls_node_http, SIGMA.missing_tls_sequelize

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

AWS_SSL_DISABLED, HAPI_SESSION_MONGO_MISSING_TLS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.missing_tls_node_ftp, SIGMA.missing_tls_node_http, SIGMA.missing_tls_sequelize

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

INSECURE_SALT, RISKY_CRYPTO, SA.RISKY_CRYPTO

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

AWS_SSL_DISABLED, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HPKP_MISCONFIGURATION, INSECURE_ACL, INSECURE_COMMUNICATION, INSECURE_REFERRER_POLICY, REVERSE_TABNABBING, SENSITIVE_DATA_LEAK, UNSAFE_BUFFER_METHOD

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

CONFIG.ENABLED_DEBUG_MODE, CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS, EXPOSED_DIRECTORY_LISTING, EXPRESS_X_POWERED_BY_ENABLED

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

BUSBOY_MISCONFIGURATION, FILE_UPLOAD_MISCONFIGURATION, MULTER_MISCONFIGURATION, PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

AWS_SSL_DISABLED, AWS_VALIDATION_DISABLED, BAD_CERT_VERIFICATION, CONFIG.COOKIE_SIGNING_DISABLED, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.HARDCODED_TOKEN, CONFIG.UNSAFE_SESSION_TIMEOUT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, HPKP_MISCONFIGURATION, INSECURE_ACL, INSECURE_COMMUNICATION, INSECURE_COOKIE, INSUFFICIENT_PRESIGNED_URL_TIMEOUT, MISSING_AUTHZ, MULTER_MISCONFIGURATION, RISKY_CRYPTO, SA.RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SIGMA.cors_no_credentials_permissive_origin_apollo_graphql, SOCKET_ACCEPT_ALL_ORIGINS, SQLI, TEMPORARY_CREDENTIALS_DURATION, UNCHECKED_ORIGIN, UNLESS_CASE_SENSITIVE_ROUTE_MATCHING, WEAK_URL_SANITIZATION

A5: Broken Access Control

285

Improper Authorization

AWS_VALIDATION_DISABLED, CONFIG.COOKIE_SIGNING_DISABLED, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HPKP_MISCONFIGURATION, INSECURE_ACL, INSECURE_COOKIE, MISSING_AUTHZ, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.ENABLED_DEBUG_MODE, CONFIG.HANA_XS_PREVENT_XSRF_DISABLED, CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER, CONFIG.UNSAFE_SESSION_TIMEOUT, CORS_MISCONFIGURATION_AUDIT, HPKP_MISCONFIGURATION, INSUFFICIENT_PRESIGNED_URL_TIMEOUT, SENSITIVE_DATA_LEAK, TEMPORARY_CREDENTIALS_DURATION

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

548

Exposure of Information Through Directory Listing

EXPOSED_DIRECTORY_LISTING

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

ANGULAR_BYPASS_SECURITY, ANGULAR_ELEMENT_REFERENCE, ANGULAR_SCE_DISABLED, DOM_XSS, REACT_DANGEROUS_INNERHTML, VUE_TEMPLATE_UNSAFE_VHTML_DIRECTIVE, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

INSUFFICIENT_LOGGING

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

INSUFFICIENT_LOGGING

Kotlin

Coverity Version 2021.9.0 - Kotlin
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection ("Blind XPath Injection")

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

REGEX_INJECTION, UNSAFE_JNI, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

522

Insufficiently Protected Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANDROID_CAPABILITY_LEAK, BAD_CERT_VERIFICATION, HARDCODED_CREDENTIALS, IMPLICIT_INTENT, INSECURE_COMMUNICATION, MISSING_PERMISSION_FOR_BROADCAST, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

285

Improper Authorization

ANDROID_CAPABILITY_LEAK, IMPLICIT_INTENT, MISSING_PERMISSION_FOR_BROADCAST, SENSITIVE_DATA_LEAK, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

1032

Security Misconfiguration

CONFIG.ANDROID_OUTDATED_TARGETSDKVERSION

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A9: Insecure Deserialization

1035

Using Components with Known Vulnerabilities

CONFIG.ANDROID_UNSAFE_MINSDKVERSION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION

PHP

Coverity Version 2021.9.0 - PHP
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI

A1:Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, SCRIPT_CODE_INJECTION, SYMFONY_EL_INJECTION, UNSAFE_REFLECTION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, MISSING_AUTHZ, SENSITIVE_DATA_LEAK

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

HARDCODED_CREDENTIALS, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, SQLI

A5: Broken Access Control

285

Improper Authorization

MISSING_AUTHZ, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A6: Security Misconfiguration

16

Configuration

CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

Python

Coverity Version 2021.9.0 - Python
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection ("Blind XPath Injection")

XML_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

ANONYMOUS_DB_CONNECTION, HARDCODED_CREDENTIALS, HOST_HEADER_VALIDATION_DISABLED, MISSING_AUTHZ, MISSING_PASSWORD_VALIDATOR, SENSITIVE_DATA_LEAK, WEAK_URL_SANITIZATION

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

1028

Broken Authentication

INSECURE_COMMUNICATION, INSECURE_COOKIE, INSECURE_NETWORK_BIND, INSECURE_REFERRER_POLICY, SECURE_TEMP, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

INSECURE_SALT, RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

INSECURE_COMMUNICATION, INSECURE_NETWORK_BIND, INSECURE_REFERRER_POLICY, SECURE_TEMP, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

CONFIG.ENABLED_DEBUG_MODE

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

1030

XML External Entities (XXE)

UNSAFE_XML_PARSE_CONFIG

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANONYMOUS_DB_CONNECTION, BAD_CERT_VERIFICATION, HARDCODED_CREDENTIALS, HOST_HEADER_VALIDATION_DISABLED, INSECURE_COOKIE, MISSING_AUTHZ, MISSING_PASSWORD_VALIDATOR, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, WEAK_URL_SANITIZATION

A5: Broken Access Control

285

Improper Authorization

ANONYMOUS_DB_CONNECTION, INSECURE_COOKIE, MISSING_AUTHZ, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.ENABLED_DEBUG_MODE, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

JINJA2_AUTOESCAPE_DISABLED, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

INSUFFICIENT_LOGGING

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

INSUFFICIENT_LOGGING

Ruby

Coverity Version 2021.9.0 - Ruby
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

DYNAMIC_OBJECT_ATTRIBUTES, RUBY_VULNERABLE_LIBRARY, SQLI

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

DYNAMIC_OBJECT_ATTRIBUTES, RUBY_VULNERABLE_LIBRARY, SQLI

A1: Injection

1027

Injection

REGEX_INJECTION, SCRIPT_CODE_INJECTION, UNSAFE_REFLECTION

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, RAILS_DEVISE_CONFIG, RUBY_VULNERABLE_LIBRARY, STRICT_TRANSPORT_SECURITY, UNSAFE_BASIC_AUTH, UNSAFE_SESSION_SETTING

A2: Broken Authentication

522

Insufficiently Protected Credentials

STRICT_TRANSPORT_SECURITY

A2: Broken Authentication

523

Unprotected Transport of Credentials

STRICT_TRANSPORT_SECURITY

A2: Broken Authentication

1028

Broken Authentication

SENSITIVE_DATA_LEAK, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COOKIE, STRICT_TRANSPORT_SECURITY, UNSAFE_SESSION_SETTING

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

STRICT_TRANSPORT_SECURITY

A3: Sensitive Data Exposure

320

Key Management Errors

UNSAFE_SESSION_SETTING

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RAILS_DEVISE_CONFIG, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION, RUBY_VULNERABLE_LIBRARY

A5: Broken Access Control

284

Improper Access Control

BAD_CERT_VERIFICATION, HARDCODED_CREDENTIALS, INSECURE_COOKIE, INSECURE_DIRECT_OBJECT_REFERENCE, RAILS_DEFAULT_ROUTES, RAILS_DEVISE_CONFIG, RAILS_MISSING_FILTER_ACTION, RUBY_VULNERABLE_LIBRARY, STRICT_TRANSPORT_SECURITY, UNSAFE_BASIC_AUTH, UNSAFE_SESSION_SETTING

A5: Broken Access Control

285

Improper Authorization

INSECURE_COOKIE, INSECURE_DIRECT_OBJECT_REFERENCE, RAILS_DEFAULT_ROUTES, RAILS_MISSING_FILTER_ACTION, UNSAFE_SESSION_SETTING

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

INSECURE_DIRECT_OBJECT_REFERENCE

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

RUBY_VULNERABLE_LIBRARY, TEMPLATE_INJECTION, UNESCAPED_HTML, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

COOKIE_SERIALIZER_CONFIG, RUBY_VULNERABLE_LIBRARY, UNSAFE_DESERIALIZATION

A9: Insecure Deserialization

1035

Using Components with Known Vulnerabilities

RUBY_VULNERABLE_LIBRARY

VB.NET

Coverity Version 2021.9.0 - VB.NET
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements Used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements Used in an SQL Command ("SQL Injection")

SQLI, SQL_NOT_CONSTANT

A1: Injection

90

Improper Neutralization of Special Elements Used in an LDAP Query ("LDAP Injection")

LDAP_INJECTION, LDAP_NOT_CONSTANT

A1: Injection

91

XML Injection ("Blind XPath Injection")

XML_INJECTION, XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

LDAP_INJECTION, LDAP_NOT_CONSTANT, SQLI, SQL_NOT_CONSTANT, XPATH_INJECTION

A1: Injection

1027

Injection

REGEX_INJECTION, SCRIPT_CODE_INJECTION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

522

Insufficiently Protected Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

ASPNET_MVC_VERSION_HEADER, CONFIG.DYNAMIC_DATA_HTML_COMMENT

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, SQL_NOT_CONSTANT, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

285

Improper Authorization

MISSING_AUTHZ, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI, SQL_NOT_CONSTANT

A6: Security Misconfiguration

16

Configuration

CONFIG.MISSING_CUSTOM_ERROR_PAGE, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Webpage Generation ("Cross-Site Scripting")

XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging and Monitoring

223

Omission of Security-Relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging and Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION