• Apex
  • C/C++
  • C#
  • CUDA
  • Go
  • Java
  • JavaScript
  • Kotlin
  • PHP
  • Python
  • Ruby
  • VB.NET

Apex

Coverity Version 2021.12.0 - Apex
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

PMD.VfUnescapeEl

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

PMD.ApexSOQLInjection

A1: Injection

917

Improper Neutralization of Special Elements used in an Expression Language Statement ("Expression Language Injection")

PMD.VfUnescapeEl

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

PMD.ApexSOQLInjection

A2: Broken Authentication

287

Improper Authentication

PMD.ApexBadCrypto, PMD.ApexSuggestUsingNamedCred

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

PMD.ApexInsecureEndpoint

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

PMD.ApexInsecureEndpoint

A3: Sensitive Data Exposure

320

Key Management Errors

PMD.ApexBadCrypto

A5: Broken Access Control

284

Improper Access Control

PMD.ApexBadCrypto, PMD.ApexCRUDViolation, PMD.ApexSharingViolations, PMD.ApexSuggestUsingNamedCred

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

PMD.ApexXSSFromEscapeFalse, PMD.ApexXSSFromURLParam, PMD.VfHtmlStyleTagXss

C/C++

Coverity Version 2021.12.0 - C/C++
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

CERT STR02-C, HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

CERT MSC18-C, HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

CERT MSC18-C, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

AUTOSAR C++14 A20-8-2, AUTOSAR C++14 A20-8-3, AUTOSAR C++14 A20-8-4, AUTOSAR C++14 A20-8-7, CERT POS37-C, HARDCODED_CREDENTIALS, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A5: Broken Access Control

285

Improper Authorization

SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

AUTOSAR C++14 A15-3-3, MISRA C++-2008 Rule 15-3-2, SENSITIVE_DATA_LEAK, UNCAUGHT_EXCEPT

C#

Coverity Version 2021.12.0 - C#
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI, SQL_NOT_CONSTANT

A1: Injection

90

Improper Neutralization of Special Elements used in an LDAP Query ("LDAP Injection")

LDAP_INJECTION, LDAP_NOT_CONSTANT

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XML_INJECTION, XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

LDAP_INJECTION, LDAP_NOT_CONSTANT, SQLI, SQL_NOT_CONSTANT, XPATH_INJECTION

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, UNKNOWN_LANGUAGE_INJECTION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

522

Insufficiently Protected Credentials

CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.HARDCODED_CREDENTIALS_AUDIT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

CONFIG.ASP_VIEWSTATE_MAC, INSECURE_COOKIE, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

CORS_MISCONFIGURATION_AUDIT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

ASPNET_MVC_VERSION_HEADER, CONFIG.ASPNET_VERSION_HEADER, CONFIG.COOKIES_MISSING_HTTPONLY, CONFIG.DYNAMIC_DATA_HTML_COMMENT, CONFIG.ENABLED_DEBUG_MODE, CONFIG.ENABLED_TRACE_MODE

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

1030

XML External Entities (XXE)

UNSAFE_XML_PARSE_CONFIG

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.DEAD_AUTHORIZATION_RULE, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, MISSING_AUTHZ, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, SQL_NOT_CONSTANT, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

285

Improper Authorization

CONFIG.DEAD_AUTHORIZATION_RULE, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, INSECURE_COOKIE, MISSING_AUTHZ, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI, SQL_NOT_CONSTANT

A6: Security Misconfiguration

16

Configuration

CONFIG.ASPNET_VERSION_HEADER, CONFIG.ASP_VIEWSTATE_MAC, CONFIG.CONNECTION_STRING_PASSWORD, CONFIG.COOKIES_MISSING_HTTPONLY, CONFIG.DEAD_AUTHORIZATION_RULE, CONFIG.ENABLED_DEBUG_MODE, CONFIG.ENABLED_TRACE_MODE, CONFIG.MISSING_CUSTOM_ERROR_PAGE, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION

CUDA

Coverity Version 2021.12.0 - CUDA
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

CERT STR02-C, HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

CERT MSC18-C, HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

CERT MSC18-C, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

AUTOSAR C++14 A20-8-2, AUTOSAR C++14 A20-8-3, AUTOSAR C++14 A20-8-4, AUTOSAR C++14 A20-8-7, CERT POS37-C, HARDCODED_CREDENTIALS, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD

A5: Broken Access Control

285

Improper Authorization

SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

AUTOSAR C++14 A15-3-3, MISRA C++-2008 Rule 15-3-2, SENSITIVE_DATA_LEAK, UNCAUGHT_EXCEPT

Go

Coverity Version 2021.12.0 - Go
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

ANONYMOUS_DB_CONNECTION, CONFIG.COOKIE_SIGNING_DISABLED, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, STATIC_API_KEY, UNSAFE_BASIC_AUTH

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

613

Insufficient Session Expiration

CONFIG.UNSAFE_SESSION_TIMEOUT

A2: Broken Authentication

1028

Broken Authentication

INSECURE_COMMUNICATION, INSECURE_COOKIE, INSECURE_NETWORK_BIND

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

CORS_MISCONFIGURATION_AUDIT, INSECURE_COMMUNICATION, INSECURE_NETWORK_BIND, SENSITIVE_DATA_LEAK, UNSAFE_BASIC_AUTH

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

EXPOSED_DIRECTORY_LISTING

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANONYMOUS_DB_CONNECTION, BAD_CERT_VERIFICATION, CONFIG.COOKIE_SIGNING_DISABLED, CONFIG.UNSAFE_SESSION_TIMEOUT, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COOKIE, INSECURE_FILE_PERMISSIONS, OAUTH2_MISCONFIGURATION, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SOCKET_ACCEPT_ALL_ORIGINS, SQLI, STATIC_API_KEY, UNSAFE_BASIC_AUTH

A5: Broken Access Control

285

Improper Authorization

ANONYMOUS_DB_CONNECTION, CONFIG.COOKIE_SIGNING_DISABLED, CORS_MISCONFIGURATION, CORS_MISCONFIGURATION_AUDIT, INSECURE_COOKIE, OAUTH2_MISCONFIGURATION, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.UNSAFE_SESSION_TIMEOUT, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

548

Exposure of Information Through Directory Listing

EXPOSED_DIRECTORY_LISTING

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

INSECURE_CSP, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

DISTRUSTED_DATA_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

INSUFFICIENT_LOGGING

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

INSUFFICIENT_LOGGING

Java

Coverity Version 2021.12.0 - Java
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

CERT IDS07-J, EL_INJECTION, HEADER_INJECTION, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

CERT IDS07-J, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

JSP_SQL_INJECTION, SQLI, SQL_NOT_CONSTANT

A1: Injection

90

Improper Neutralization of Special Elements used in an LDAP Query ("LDAP Injection")

LDAP_INJECTION, LDAP_NOT_CONSTANT

A1: Injection

91

XML Injection (aka Blind XPath Injection)

WEAK_XML_SCHEMA, XML_INJECTION, XPATH_INJECTION

A1: Injection

564

SQL Injection: Hibernate

JSP_SQL_INJECTION, SQLI, SQL_NOT_CONSTANT

A1: Injection

917

Improper Neutralization of Special Elements used in an Expression Language Statement ("Expression Language Injection")

EL_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

JSP_SQL_INJECTION, LDAP_INJECTION, LDAP_NOT_CONSTANT, SQLI, SQL_NOT_CONSTANT, XPATH_INJECTION

A1: Injection

1027

Injection

JAVA_CODE_INJECTION, JCR_INJECTION, JSP_DYNAMIC_INCLUDE, NOSQL_QUERY_INJECTION, OGNL_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, UNKNOWN_LANGUAGE_INJECTION, UNSAFE_JNI, UNSAFE_REFLECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

CERT MSC03-J, CERT SEC02-J, CONFIG.HARDCODED_CREDENTIALS_AUDIT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, SESSION_FIXATION, SIGMA.empty_password_core_java_sql, SIGMA.hardcoded_credentials_uri_core_java, SIGMA.session_fixation_protection_disabled_spring_security, SIGMA.unsafe_xml_canonicalization_spring_saml_code, SIGMA.weak_password_hash_spring_security_code, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD, WEAK_URL_SANITIZATION

A2: Broken Authentication

384

Session Fixation

SESSION_FIXATION, SIGMA.session_fixation_protection_disabled_spring_security

A2: Broken Authentication

522

Insufficiently Protected Credentials

CONFIG.HARDCODED_CREDENTIALS_AUDIT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.empty_password_core_java_sql, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

613

Insufficient Session Expiration

CONFIG.UNSAFE_SESSION_TIMEOUT

A2: Broken Authentication

1028

Broken Authentication

INSECURE_COOKIE, JSP_DYNAMIC_INCLUDE, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION, SIGMA.certificate_verification_disabled_core_java

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

CERT MSC00-J, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, SIGMA.cors_with_credentials_http_origin_core_java, SIGMA.cors_with_credentials_http_origin_servlet, SIGMA.cors_with_credentials_http_origin_spring_corsconfiguration, SIGMA.cors_with_credentials_http_origin_spring_corsregistration, SIGMA.encryption_disabled_spring_security, SIGMA.login_over_http_spring_security, SIGMA.missing_secure_attribute_remember_me_cookie_spring_security_code, SIGMA.missing_secure_attribute_servlet, SIGMA.missing_tls_apache_http, SIGMA.missing_tls_apache_telnet, SIGMA.missing_tls_core_java_httprequest, SIGMA.missing_tls_core_java_httpurlconnection, SIGMA.missing_tls_java_unirest, SIGMA.missing_tls_spring_ftp, SIGMA.missing_tls_spring_resttemplate, SIGMA.null_cipher_used_core_java, SIGMA.sensitive_data_in_cookie_servlet, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, SIGMA.sensitive_data_in_cookie_servlet, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.cors_with_credentials_http_origin_core_java, SIGMA.cors_with_credentials_http_origin_servlet, SIGMA.cors_with_credentials_http_origin_spring_corsconfiguration, SIGMA.cors_with_credentials_http_origin_spring_corsregistration, SIGMA.login_over_http_spring_security, SIGMA.missing_tls_apache_http, SIGMA.missing_tls_apache_telnet, SIGMA.missing_tls_core_java_httprequest, SIGMA.missing_tls_core_java_httpurlconnection, SIGMA.missing_tls_java_unirest, SIGMA.missing_tls_spring_ftp, SIGMA.missing_tls_spring_resttemplate, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO, SIGMA.insecure_cipher_core_java_block_cipher, SIGMA.insecure_cipher_core_java_block_cipher_mode, SIGMA.insecure_cipher_core_java_stream_cipher, SIGMA.insufficient_asymmetric_key_size_core_java, SIGMA.insufficient_symmetric_key_size_core_java, SIGMA.weak_password_hash_spring_security_code

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, SIGMA.deprecated_http_client_apache_default_http_client, SIGMA.deprecated_http_client_apache_system_default_http_client, SIGMA.improper_use_of_symmetric_cryptography_hazelcast_code, SIGMA.insecure_tls_version_core_java, SIGMA.rsa_no_padding_core_java, SIGMA.unspecified_cipher_transformation_core_java, SIGMA.weak_hash_apache_commons_codec, SIGMA.weak_hash_core_java, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

CONFIG.DYNAMIC_DATA_HTML_COMMENT, CONFIG.JAVAEE_MISSING_HTTPONLY

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

JSP_DYNAMIC_INCLUDE, PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANDROID_CAPABILITY_LEAK, BAD_CERT_VERIFICATION, CERT ENV03-J, CERT FIO01-J, CERT MSC03-J, CERT SEC00-J, CERT SEC01-J, CERT SEC02-J, CERT SEC06-J, CERT SER08-J, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.UNSAFE_SESSION_TIMEOUT, HARDCODED_CREDENTIALS, IMPLICIT_INTENT, INSECURE_COMMUNICATION, JSP_SQL_INJECTION, MISSING_AUTHZ, MISSING_PERMISSION_FOR_BROADCAST, MISSING_PERMISSION_ON_EXPORTED_COMPONENT, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SESSION_FIXATION, SIGMA.cors_no_credentials_permissive_origin_core_java, SIGMA.cors_no_credentials_permissive_origin_servlet, SIGMA.cors_no_credentials_permissive_origin_spring_corsconfiguration, SIGMA.cors_no_credentials_permissive_origin_spring_corsregistration, SIGMA.cors_preflight_age_too_long_core_java, SIGMA.cors_preflight_age_too_long_servlet, SIGMA.cors_preflight_age_too_long_spring_corsconfiguration, SIGMA.cors_preflight_age_too_long_spring_corsregistration, SIGMA.cors_with_credentials_all_origin_core_java, SIGMA.cors_with_credentials_all_origin_servlet, SIGMA.cors_with_credentials_all_origin_spring_corsconfiguration, SIGMA.cors_with_credentials_all_origin_spring_corsregistration, SIGMA.cors_with_credentials_null_origin_core_java, SIGMA.cors_with_credentials_null_origin_servlet, SIGMA.cors_with_credentials_null_origin_spring_corsconfiguration, SIGMA.cors_with_credentials_null_origin_spring_corsregistration, SIGMA.cors_with_credentials_subdomain_origin_core_java, SIGMA.cors_with_credentials_subdomain_origin_servlet, SIGMA.cors_with_credentials_subdomain_origin_spring_corsconfiguration, SIGMA.cors_with_credentials_subdomain_origin_spring_corsregistration, SIGMA.empty_password_core_java_sql, SIGMA.hardcoded_credentials_uri_core_java, SIGMA.insecure_file_permission_core_java, SIGMA.missing_httponly_attribute_servlet, SIGMA.session_fixation_protection_disabled_spring_security, SIGMA.unsafe_xml_canonicalization_spring_saml_code, SIGMA.weak_password_hash_spring_security_code, SIGMA.webview_file_access_android, SQLI, SQL_NOT_CONSTANT, UNENCRYPTED_SENSITIVE_DATA, WEAK_GUARD, WEAK_URL_SANITIZATION

A5: Broken Access Control

285

Improper Authorization

ANDROID_CAPABILITY_LEAK, CERT ENV03-J, CERT FIO01-J, IMPLICIT_INTENT, JSP_SQL_INJECTION, MISSING_AUTHZ, MISSING_PERMISSION_FOR_BROADCAST, MISSING_PERMISSION_ON_EXPORTED_COMPONENT, SENSITIVE_DATA_LEAK, SIGMA.insecure_file_permission_core_java, SIGMA.missing_httponly_attribute_servlet, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

JSP_SQL_INJECTION, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.HTTP_VERB_TAMPERING, CONFIG.JAVAEE_MISSING_HTTPONLY, CONFIG.UNSAFE_SESSION_TIMEOUT, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK, SIGMA.verbose_error_message_spring_boot_exception_code

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

SIGMA.dangerously_exposed_interface_android, SIGMA.markdown_allow_dangerous_html_react, SIGMA.unsafe_innerhtml_manipulation_react, SIGMA.unsafe_innerhtml_manipulation_vue_jsx, SIGMA.weak_xss_protection_servlet, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

CERT SER01-J, CERT SER06-J, CERT SER12-J, SIGMA.ldap_entry_poisoning_core_java, SIGMA.unsafe_deserialization_activemq_settrustallpackages, SIGMA.unsafe_deserialization_activemq_settrustedpackages, SIGMA.unsafe_deserialization_apache_xmlrpc, SIGMA.unsafe_deserialization_core_java_xmldecoder, SIGMA.unsafe_deserialization_jackson_objectmapper, UNSAFE_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION

JavaScript

Coverity Version 2021.12.0 - JavaScript
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION, TAINTED_ENVIRONMENT_WITH_EXECUTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI

A1: Injection

1027

Injection

ANGULAR_EXPRESSION_INJECTION, NOSQL_QUERY_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.HARDCODED_TOKEN, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, SIGMA.hardcoded_secret_express_jwt, SIGMA.hardcoded_secret_passport, SIGMA.hsts_http_header_short_max_age_express_helmet, SIGMA.insufficient_token_entropy_hapi_crumb, SIGMA.middleware_applied_globally_express_multer, UNLESS_CASE_SENSITIVE_ROUTE_MATCHING, WEAK_URL_SANITIZATION

A2: Broken Authentication

522

Insufficiently Protected Credentials

CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.HARDCODED_TOKEN, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.hsts_http_header_short_max_age_express_helmet

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.hsts_http_header_short_max_age_express_helmet

A2: Broken Authentication

613

Insufficient Session Expiration

CONFIG.UNSAFE_SESSION_TIMEOUT, SIGMA.excessive_session_lifetime_connect_mongo, SIGMA.excessive_session_lifetime_connect_redis, SIGMA.excessive_session_lifetime_express_client_sessions, SIGMA.excessive_session_lifetime_express_cookie_session, SIGMA.excessive_session_lifetime_express_session, SIGMA.excessive_session_lifetime_google_cloud_datastore, SIGMA.excessive_token_lifetime_node_aws_sdk, SIGMA.insufficient_presigned_url_timeout_node_aws_sdk, SIGMA.insufficient_presigned_url_timeout_node_google_cloud_storage, SIGMA.jwt_ignored_expiration_time_hapi, SIGMA.jwt_ignored_expiration_time_jsonwebtoken, SIGMA.jwt_ignored_start_time_hapi, SIGMA.jwt_ignored_start_time_jsonwebtoken, SIGMA.jwt_non_expiring_token_jsonwebtoken, SIGMA.jwt_revoke_missing_express_jwt

A2: Broken Authentication

1028

Broken Authentication

INSECURE_COOKIE, UNSAFE_BUFFER_METHOD

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION, SIGMA.certificate_verification_disabled_node_https, SIGMA.certificate_verification_disabled_node_libcurl, SIGMA.certificate_verification_disabled_node_mysql, SIGMA.certificate_verification_disabled_node_mysql2, SIGMA.certificate_verification_disabled_node_request_reject_unauthorized, SIGMA.certificate_verification_disabled_node_request_strict_ssl, SIGMA.certificate_verification_disabled_node_restify, SIGMA.certificate_verification_disabled_node_tls, SIGMA.certificate_verification_disabled_node_ws, SIGMA.certificate_verification_disabled_sequelize, SIGMA.certificate_verification_disabled_sequelize_mssql, SIGMA.certificate_verification_disabled_socket_io, SIGMA.credentials_validation_disabled_node_aws_sdk, SIGMA.expect_ct_disabled_express_helmet, SIGMA.hpkp_max_age_too_long_express, SIGMA.hpkp_max_age_too_long_koa, SIGMA.hpkp_report_uri_missing_tls_express, SIGMA.hpkp_report_uri_missing_tls_koa

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK, SIGMA.cors_with_credentials_http_origin_express_cors, SIGMA.cors_with_credentials_http_origin_koa, SIGMA.cors_with_credentials_http_origin_nestjs, SIGMA.hsts_http_header_subdomains_disabled_express_helmet, SIGMA.hsts_http_header_subdomains_disabled_express_hsts, SIGMA.missing_secure_attribute_session_cookie_express, SIGMA.missing_tls_axios, SIGMA.missing_tls_got, SIGMA.missing_tls_hapi_session_mongo, SIGMA.missing_tls_node_aws_sdk, SIGMA.missing_tls_node_ftp, SIGMA.missing_tls_node_grpc, SIGMA.missing_tls_node_http, SIGMA.missing_tls_node_rest_client, SIGMA.missing_tls_node_telnet, SIGMA.missing_tls_node_telnet_client, SIGMA.missing_tls_sequelize, SIGMA.missing_tls_socket_io_client, SIGMA.missing_tls_websocket, SIGMA.missing_tls_ws

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, SIGMA.cors_with_credentials_http_origin_express_cors, SIGMA.cors_with_credentials_http_origin_koa, SIGMA.cors_with_credentials_http_origin_nestjs, SIGMA.hsts_http_header_subdomains_disabled_express_helmet, SIGMA.hsts_http_header_subdomains_disabled_express_hsts, SIGMA.missing_tls_axios, SIGMA.missing_tls_got, SIGMA.missing_tls_hapi_session_mongo, SIGMA.missing_tls_node_aws_sdk, SIGMA.missing_tls_node_ftp, SIGMA.missing_tls_node_grpc, SIGMA.missing_tls_node_http, SIGMA.missing_tls_node_rest_client, SIGMA.missing_tls_node_telnet, SIGMA.missing_tls_node_telnet_client, SIGMA.missing_tls_sequelize, SIGMA.missing_tls_socket_io_client, SIGMA.missing_tls_websocket, SIGMA.missing_tls_ws

A3: Sensitive Data Exposure

320

Key Management Errors

SIGMA.empty_encryption_key_node_crypto

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

INSECURE_SALT, RISKY_CRYPTO, SA.RISKY_CRYPTO, SIGMA.insecure_tls_cipher_suite_node_https, SIGMA.insecure_tls_cipher_suite_node_request, SIGMA.insecure_tls_cipher_suite_node_tls, SIGMA.insecure_tls_version_node_https, SIGMA.insecure_tls_version_node_request, SIGMA.insecure_tls_version_node_tls, SIGMA.weak_hash_node_crypto

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNSAFE_BUFFER_METHOD

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

CONFIG.ENABLED_DEBUG_MODE, CONFIG.VUE_ROUTER_PARAMS_EXPOSED_TO_PROPS, EXPRESS_X_POWERED_BY_ENABLED

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

SIGMA.xml_external_entity_enabled_libxmljs, XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

BAD_CERT_VERIFICATION, CONFIG.HARDCODED_CREDENTIALS_AUDIT, CONFIG.HARDCODED_TOKEN, CONFIG.UNSAFE_SESSION_TIMEOUT, HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, INSECURE_COOKIE, MISSING_AUTHZ, RISKY_CRYPTO, SA.RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SIGMA.allow_all_authz_policy_node_aws_sdk_s3_bucket, SIGMA.allow_all_authz_policy_node_aws_sdk_s3_object, SIGMA.allow_all_authz_policy_node_google_cloud_storage_bucket, SIGMA.cors_configured_globally_express_cors, SIGMA.cors_configured_globally_koa, SIGMA.cors_no_credentials_permissive_origin_apollo_graphql, SIGMA.cors_no_credentials_permissive_origin_express_cors, SIGMA.cors_no_credentials_permissive_origin_koa, SIGMA.cors_no_credentials_permissive_origin_nestjs, SIGMA.cors_preflight_age_too_long_express_cors, SIGMA.cors_preflight_age_too_long_koa, SIGMA.cors_preflight_age_too_long_nestjs, SIGMA.cors_with_credentials_all_origin_express_cors, SIGMA.cors_with_credentials_all_origin_koa, SIGMA.cors_with_credentials_all_origin_nestjs, SIGMA.cors_with_credentials_null_origin_express_cors, SIGMA.cors_with_credentials_null_origin_koa, SIGMA.cors_with_credentials_null_origin_nestjs, SIGMA.hardcoded_secret_express_jwt, SIGMA.hardcoded_secret_passport, SIGMA.hsts_http_header_short_max_age_express_helmet, SIGMA.insufficient_token_entropy_hapi_crumb, SIGMA.middleware_applied_globally_express_multer, SIGMA.missing_httponly_attribute_session_cookie_express, SIGMA.socket_accepts_all_origins_socket_io, SQLI, UNCHECKED_ORIGIN, UNLESS_CASE_SENSITIVE_ROUTE_MATCHING, WEAK_URL_SANITIZATION

A5: Broken Access Control

285

Improper Authorization

INSECURE_COOKIE, MISSING_AUTHZ, SIGMA.allow_all_authz_policy_node_aws_sdk_s3_bucket, SIGMA.allow_all_authz_policy_node_aws_sdk_s3_object, SIGMA.allow_all_authz_policy_node_google_cloud_storage_bucket, SIGMA.missing_httponly_attribute_session_cookie_express, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.ENABLED_DEBUG_MODE, CONFIG.HANA_XS_PREVENT_XSRF_DISABLED, CONFIG.UNSAFE_SESSION_TIMEOUT, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

548

Exposure of Information Through Directory Listing

SIGMA.exposed_directory_listing_hapi_inert

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

ANGULAR_BYPASS_SECURITY, ANGULAR_ELEMENT_REFERENCE, ANGULAR_SCE_DISABLED, DOM_XSS, SIGMA.content_security_policy_disabled_express_helmet, SIGMA.insecure_xss_filter_express_helmet, SIGMA.no_sniff_disabled_express_helmet, SIGMA.xss_filter_disabled_express_helmet, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

INSUFFICIENT_LOGGING

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

INSUFFICIENT_LOGGING

Kotlin

Coverity Version 2021.12.0 - Kotlin
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI, XPATH_INJECTION

A1: Injection

1027

Injection

REGEX_INJECTION, UNSAFE_JNI, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

522

Insufficiently Protected Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANDROID_CAPABILITY_LEAK, BAD_CERT_VERIFICATION, HARDCODED_CREDENTIALS, IMPLICIT_INTENT, INSECURE_COMMUNICATION, MISSING_PERMISSION_FOR_BROADCAST, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

285

Improper Authorization

ANDROID_CAPABILITY_LEAK, IMPLICIT_INTENT, MISSING_PERMISSION_FOR_BROADCAST, SENSITIVE_DATA_LEAK, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION

PHP

Coverity Version 2021.12.0 - PHP
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, SCRIPT_CODE_INJECTION, SYMFONY_EL_INJECTION, UNSAFE_REFLECTION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, MISSING_AUTHZ, SENSITIVE_DATA_LEAK

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

HARDCODED_CREDENTIALS, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, SQLI

A5: Broken Access Control

285

Improper Authorization

MISSING_AUTHZ, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A6: Security Misconfiguration

16

Configuration

CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

Python

Coverity Version 2021.12.0 - Python
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XML_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

SQLI

A1: Injection

1027

Injection

NOSQL_QUERY_INJECTION, REGEX_INJECTION, SCRIPT_CODE_INJECTION, URL_MANIPULATION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK

A2: Broken Authentication

287

Improper Authentication

ANONYMOUS_DB_CONNECTION, HARDCODED_CREDENTIALS, HOST_HEADER_VALIDATION_DISABLED, MISSING_AUTHZ, MISSING_PASSWORD_VALIDATOR, SENSITIVE_DATA_LEAK, WEAK_URL_SANITIZATION

A2: Broken Authentication

522

Insufficiently Protected Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

523

Unprotected Transport of Credentials

SENSITIVE_DATA_LEAK

A2: Broken Authentication

1028

Broken Authentication

INSECURE_COMMUNICATION, INSECURE_COOKIE, INSECURE_NETWORK_BIND, INSECURE_REFERRER_POLICY, SECURE_TEMP, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

INSECURE_COMMUNICATION, INSECURE_COOKIE, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

INSECURE_SALT, RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

INSECURE_COMMUNICATION, INSECURE_NETWORK_BIND, INSECURE_REFERRER_POLICY, SECURE_TEMP, SENSITIVE_DATA_LEAK

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

CONFIG.ENABLED_DEBUG_MODE

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

1030

XML External Entities (XXE)

UNSAFE_XML_PARSE_CONFIG

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

ANONYMOUS_DB_CONNECTION, BAD_CERT_VERIFICATION, HARDCODED_CREDENTIALS, HOST_HEADER_VALIDATION_DISABLED, INSECURE_COOKIE, MISSING_AUTHZ, MISSING_PASSWORD_VALIDATOR, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, WEAK_URL_SANITIZATION

A5: Broken Access Control

285

Improper Authorization

ANONYMOUS_DB_CONNECTION, INSECURE_COOKIE, MISSING_AUTHZ, SQLI

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI

A5: Broken Access Control

1031

Broken Access Control

URL_MANIPULATION

A6: Security Misconfiguration

16

Configuration

CONFIG.ENABLED_DEBUG_MODE, SENSITIVE_DATA_LEAK

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

JINJA2_AUTOESCAPE_DISABLED, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

INSUFFICIENT_LOGGING

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

INSUFFICIENT_LOGGING

Ruby

Coverity Version 2021.12.0 - Ruby
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

DYNAMIC_OBJECT_ATTRIBUTES, RUBY_VULNERABLE_LIBRARY, SQLI

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

DYNAMIC_OBJECT_ATTRIBUTES, RUBY_VULNERABLE_LIBRARY, SQLI

A1: Injection

1027

Injection

REGEX_INJECTION, SCRIPT_CODE_INJECTION, UNSAFE_REFLECTION

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, RAILS_DEVISE_CONFIG, RUBY_VULNERABLE_LIBRARY, STRICT_TRANSPORT_SECURITY, UNSAFE_BASIC_AUTH, UNSAFE_SESSION_SETTING

A2: Broken Authentication

522

Insufficiently Protected Credentials

STRICT_TRANSPORT_SECURITY

A2: Broken Authentication

523

Unprotected Transport of Credentials

STRICT_TRANSPORT_SECURITY

A2: Broken Authentication

1028

Broken Authentication

SENSITIVE_DATA_LEAK, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

295

Improper Certificate Validation

BAD_CERT_VERIFICATION

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COOKIE, STRICT_TRANSPORT_SECURITY, UNSAFE_SESSION_SETTING

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

STRICT_TRANSPORT_SECURITY

A3: Sensitive Data Exposure

320

Key Management Errors

UNSAFE_SESSION_SETTING

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RAILS_DEVISE_CONFIG, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION, RUBY_VULNERABLE_LIBRARY

A5: Broken Access Control

284

Improper Access Control

BAD_CERT_VERIFICATION, HARDCODED_CREDENTIALS, INSECURE_COOKIE, INSECURE_DIRECT_OBJECT_REFERENCE, RAILS_DEFAULT_ROUTES, RAILS_DEVISE_CONFIG, RAILS_MISSING_FILTER_ACTION, RUBY_VULNERABLE_LIBRARY, STRICT_TRANSPORT_SECURITY, UNSAFE_BASIC_AUTH, UNSAFE_SESSION_SETTING

A5: Broken Access Control

285

Improper Authorization

INSECURE_COOKIE, INSECURE_DIRECT_OBJECT_REFERENCE, RAILS_DEFAULT_ROUTES, RAILS_MISSING_FILTER_ACTION, UNSAFE_SESSION_SETTING

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

INSECURE_DIRECT_OBJECT_REFERENCE

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

RUBY_VULNERABLE_LIBRARY, TEMPLATE_INJECTION, UNESCAPED_HTML, XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

COOKIE_SERIALIZER_CONFIG, RUBY_VULNERABLE_LIBRARY, UNSAFE_DESERIALIZATION

A9: Insecure Deserialization

1035

Using Components with Known Vulnerabilities

RUBY_VULNERABLE_LIBRARY

VB.NET

Coverity Version 2021.12.0 - VB.NET
Category CWE Description Coverity Checker

A1: Injection

77

Improper Neutralization of Special Elements used in a Command ("Command Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

78

Improper Neutralization of Special Elements used in an OS Command ("OS Command Injection")

OS_CMD_INJECTION

A1: Injection

88

Improper Neutralization of Argument Delimiters in a Command ("Argument Injection")

HEADER_INJECTION, OS_CMD_INJECTION

A1: Injection

89

Improper Neutralization of Special Elements used in an SQL Command ("SQL Injection")

SQLI, SQL_NOT_CONSTANT

A1: Injection

90

Improper Neutralization of Special Elements used in an LDAP Query ("LDAP Injection")

LDAP_INJECTION, LDAP_NOT_CONSTANT

A1: Injection

91

XML Injection (aka Blind XPath Injection)

XML_INJECTION, XPATH_INJECTION

A1: Injection

943

Improper Neutralization of Special Elements in Data Query Logic

LDAP_INJECTION, LDAP_NOT_CONSTANT, SQLI, SQL_NOT_CONSTANT, XPATH_INJECTION

A1: Injection

1027

Injection

REGEX_INJECTION, SCRIPT_CODE_INJECTION

A2: Broken Authentication

256

Plaintext Storage of a Password

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

287

Improper Authentication

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

522

Insufficiently Protected Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

523

Unprotected Transport of Credentials

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A2: Broken Authentication

1028

Broken Authentication

WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

311

Missing Encryption of Sensitive Data

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

312

Cleartext Storage of Sensitive Information

HARDCODED_CREDENTIALS, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

319

Cleartext Transmission of Sensitive Information

INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

320

Key Management Errors

HARDCODED_CREDENTIALS

A3: Sensitive Data Exposure

326

Inadequate Encryption Strength

RISKY_CRYPTO

A3: Sensitive Data Exposure

327

Use of a Broken or Risky Cryptographic Algorithm

RISKY_CRYPTO, WEAK_PASSWORD_HASH

A3: Sensitive Data Exposure

328

Reversible One-Way Hash

RISKY_CRYPTO

A3: Sensitive Data Exposure

359

Exposure of Private Personal Information to an Unauthorized Actor

SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A3: Sensitive Data Exposure

1029

Sensitive Data Exposure

ASPNET_MVC_VERSION_HEADER, CONFIG.DYNAMIC_DATA_HTML_COMMENT

A4: XML External Entities (XXE)

611

Improper Restriction of XML External Entity Reference

XML_EXTERNAL_ENTITY

A4: XML External Entities (XXE)

776

Improper Restriction of Recursive Entity References in DTDs ("XML Entity Expansion")

XML_EXTERNAL_ENTITY

A5: Broken Access Control

22

Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")

PATH_MANIPULATION

A5: Broken Access Control

284

Improper Access Control

HARDCODED_CREDENTIALS, INSECURE_COMMUNICATION, MISSING_AUTHZ, RISKY_CRYPTO, SENSITIVE_DATA_LEAK, SQLI, SQL_NOT_CONSTANT, UNENCRYPTED_SENSITIVE_DATA

A5: Broken Access Control

285

Improper Authorization

MISSING_AUTHZ, SQLI, SQL_NOT_CONSTANT

A5: Broken Access Control

639

Authorization Bypass Through User-Controlled Key

SQLI, SQL_NOT_CONSTANT

A6: Security Misconfiguration

16

Configuration

CONFIG.MISSING_CUSTOM_ERROR_PAGE, INSECURE_COMMUNICATION, SENSITIVE_DATA_LEAK, UNENCRYPTED_SENSITIVE_DATA

A6: Security Misconfiguration

209

Generation of Error Message Containing Sensitive Information

SENSITIVE_DATA_LEAK

A7: Cross-Site Scripting (XSS)

79

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")

XSS

A8: Insecure Deserialization

502

Deserialization of Untrusted Data

UNSAFE_DESERIALIZATION

A10: Insufficient Logging & Monitoring

223

Omission of Security-relevant Information

UNLOGGED_SECURITY_EXCEPTION

A10: Insufficient Logging & Monitoring

778

Insufficient Logging

UNLOGGED_SECURITY_EXCEPTION