Groovy rules

Code analysis support for Groovy is in Early Access and is available only with Enterprise plans. To enable the feature, see Snyk Preview.

Each rule includes the following information.

Rule Name: The Snyk name of the rule.
CWE(s): The CWE numbers that are covered by this rule.
Security Categories: The OWASP Top 10 (2021 edition) category to which the rule belongs to, if any, and if it is included in SANS 25.
Autofixable: Security rules that are autofixable by Snyk Agent Fix. This information is included only for the supported programming languages.

Rule Name

CWE(s)

Security Categories

Autofixable

Code Injection

CWE-94

OWASP:A03

Command Injection

CWE-78

Sans Top 25, OWASP:A03

Deserialization of Untrusted Data

CWE-502

OWASP:A08

Hardcoded Secret

CWE-547

OWASP:A05

Open Redirect

CWE-601

OWASP:A01

Path Traversal

CWE-23

OWASP:A01

SQL Injection

CWE-89

Sans Top 25, OWASP:A03

Server-Side Request Forgery (SSRF)

CWE-918

Sans Top 25, OWASP:A10

Use of Hardcoded Passwords

CWE-798, CWE-259

Sans Top 25, OWASP:A07

Use of Hardcoded, Security-relevant Constants

CWE-547

OWASP:A05

XML External Entity (XXE) Injection

CWE-611

OWASP:A05

Last updated 26 days ago

Was this helpful?