C++ rules
Rule (1) Path Traversal
CWE (23) Relative Path Traversal
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control
Rule (2) Command Injection
CWE (78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (3) SQL Injection
CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (4) LDAP Injection
CWE (90) Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
Rule (5) Buffer Overflow
CWE (122) Heap-based Buffer Overflow
Rule (6) Potential buffer overflow from usage of unsafe function
CWE (122) Heap-based Buffer Overflow
Rule (7) Potential Negative Number Used as Index
CWE (125, 787) Out-of-bounds Read, Out-of-bounds Write
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (8) Size Used as Index
CWE (125, 787) Out-of-bounds Read, Out-of-bounds Write
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (9) Use of Externally-Controlled Format String
CWE (134) Use of Externally-Controlled Format String
Rule (10) Memory Allocation Of String Length
CWE (170) Improper Null Termination
Rule (11) Improper Null Termination
CWE (170) Improper Null Termination
Rule (12) Integer Overflow
CWE (190) Integer Overflow or Wraparound
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (13) Anonymous LDAP binding allows a client to connect without logging in
CWE (287) Improper Authentication
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (14) Use of Hardcoded Cryptographic Key
CWE (321) Use of Hard-coded Cryptographic Key
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Rule (15) Inadequate Encryption Strength
CWE (326) Inadequate Encryption Strength
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Rule (16) Division By Zero
CWE (369) Divide By Zero
Rule (17) Missing Release of Memory after Effective Lifetime
CWE (401) Missing Release of Memory after Effective Lifetime
Rule (18) Double Free
CWE (415) Double Free
Rule (19) Use After Free
CWE (416) Use After Free
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (20) Dereference of a NULL Pointer
CWE (476) NULL Pointer Dereference
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (21) XML External Entity (XXE) Injection
CWE (611) Improper Restriction of XML External Entity Reference
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (22) XPath Injection
CWE (643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection
Rule (23) Missing Release of File Descriptor or Handle after Effective Lifetime
CWE (775) Missing Release of File Descriptor or Handle after Effective Lifetime
Rule (24) Use of Expired File Descriptor
CWE (910) Use of Expired File Descriptor
Rule (25) Use of Password Hash With Insufficient Computational Effort
CWE (916) Use of Password Hash With Insufficient Computational Effort
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures
Rule (26) Server-Side Request Forgery (SSRF)
CWE (918) Server-Side Request Forgery (SSRF)
OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)
OWASP Top 10/SANS 25: SANS/CWE Top 25
Rule (27) User Controlled Pointer
CWE (1285) Improper Validation of Specified Index, Position, or Offset in Input
Rule (28) An optimizing compiler may remove memset non-zero leaving data in memory
CWE (1330) Remanent Data Readable after Memory Erase
Last updated