Apex rules
Each rule includes the following information.
Rule Name: The Snyk name of the rule.
CWE(s): The CWE numbers that are covered by this rule.
Security Categories: The OWASP Top 10 (2021 edition) category to which the rule belongs to, if any, and if it is included in SANS 25.
Autofixable: Security rules that are autofixable by DeepCode AI Fix. This information is included only for the supported programming languages.
Access Violation
CWE-284, CWE-285
OWASP:A01
Yes
Clear Text Sensitive Storage
CWE-200, CWE-312
OWASP:A01, OWASP:A04
No
Command Injection
CWE-78
Sans Top 25, OWASP:A03
No
Improper Access Control: Email Content Injection
CWE-284
OWASP:A01
No
Use of Hardcoded Credentials
CWE-798, CWE-259
Sans Top 25, OWASP:A07
No
Use of Hardcoded Passwords
CWE-798, CWE-259
Sans Top 25, OWASP:A07
No
Hardcoded Secret
CWE-547
OWASP:A05
No
Use of Password Hash With Insufficient Computational Effort
CWE-916
OWASP:A02
Yes
Insecure Data Transmission
CWE-319
OWASP:A02
No
Open Redirect
CWE-601
OWASP:A01
No
Cross-site Scripting (XSS)
CWE-79
Sans Top 25, OWASP:A03
No
Regular expression injection
CWE-400, CWE-730
None
No
SOQL Injection
CWE-89
Sans Top 25, OWASP:A03
No
SOSL Injection
CWE-89
Sans Top 25, OWASP:A03
No
Server-Side Request Forgery (SSRF)
CWE-918
Sans Top 25, OWASP:A10
No
Unverified Password Change
CWE-620
OWASP:A07
No
Unsafe SOQL Concatenation
CWE-89
Sans Top 25, OWASP:A03
No
Unsafe SOSL Concatenation
CWE-89
Sans Top 25, OWASP:A03
No
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614
OWASP:A05
Yes
XML Injection
CWE-91
OWASP:A03
No
Last updated