Apex rules

Each rule includes the following information.

  • Rule Name: The Snyk name of the rule.

  • CWE(s): The CWE numbers that are covered by this rule.

  • Security Categories: The OWASP Top 10 (2021 edition) category to which the rule belongs to, if any, and if it is included in SANS 25.

  • Autofixable: Security rules that are autofixable by DeepCode AI Fix. This information is included only for the supported programming languages.

Rule Name
CWE(s)
Security Categories
Autofixable

Access Violation

CWE-284, CWE-285

OWASP:A01

Yes

Clear Text Sensitive Storage

CWE-200, CWE-312

OWASP:A01, OWASP:A04

No

Command Injection

CWE-78

Sans Top 25, OWASP:A03

No

Improper Access Control: Email Content Injection

CWE-284

OWASP:A01

No

Use of Hardcoded Credentials

CWE-798, CWE-259

Sans Top 25, OWASP:A07

No

Use of Hardcoded Passwords

CWE-798, CWE-259

Sans Top 25, OWASP:A07

No

Hardcoded Secret

CWE-547

OWASP:A05

No

Use of Password Hash With Insufficient Computational Effort

CWE-916

OWASP:A02

Yes

Insecure Data Transmission

CWE-319

OWASP:A02

No

Open Redirect

CWE-601

OWASP:A01

No

Cross-site Scripting (XSS)

CWE-79

Sans Top 25, OWASP:A03

No

Regular expression injection

CWE-400, CWE-730

None

No

SOQL Injection

CWE-89

Sans Top 25, OWASP:A03

No

SOSL Injection

CWE-89

Sans Top 25, OWASP:A03

No

Server-Side Request Forgery (SSRF)

CWE-918

Sans Top 25, OWASP:A10

No

Unverified Password Change

CWE-620

OWASP:A07

No

Unsafe SOQL Concatenation

CWE-89

Sans Top 25, OWASP:A03

No

Unsafe SOSL Concatenation

CWE-89

Sans Top 25, OWASP:A03

No

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-614

OWASP:A05

Yes

XML Injection

CWE-91

OWASP:A03

No

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.