Objective-C rules

Code analysis support for Objective-C is in Early Access and is available only with Enterprise plans. To enable the feature, see Snyk Preview.

Each rule includes the following information.

Rule Name: The Snyk name of the rule.
CWE(s): The CWE numbers that are covered by this rule.
Security Categories: The OWASP Top 10 (2021 edition) category to which the rule belongs to, if any, and if it is included in SANS 25.
Autofixable: Security rules that are autofixable by Snyk Agent Fix. This information is included only for the supported programming languages.

Rule Name

CWE(s)

Security Categories

Autofixable

Clear Text Logging

CWE-200, CWE-312

OWASP:A01, OWASP:A04

Client-Side Request Forgery (CSRF)

CWE-918

Sans Top 25, OWASP:A10

Code Injection

CWE-94

OWASP:A03

Command Injection

CWE-78

Sans Top 25, OWASP:A03

Device Authentication Bypass

CWE-287

OWASP:A07

Improper Certificate Validation

CWE-295

OWASP:A07

Inadequate Encryption Strength

CWE-326

OWASP:A02

Information Exposure

CWE-200

OWASP:A01, OWASP:A04

Insecure Data Storage

CWE-922

Memory Corruption

CWE-822

OWASP:A03

Path Traversal

CWE-23

OWASP:A01

SQL Injection

CWE-89

Sans Top 25, OWASP:A03

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE-614

OWASP:A05

Use of Hardcoded Cryptographic Key

CWE-321

OWASP:A02

Use of Insufficiently Random Values

CWE-330

OWASP:A02

Use of Password Hash With Insufficient Computational Effort

CWE-916

OWASP:A02

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

OWASP:A02

XML External Entity (XXE) Injection

CWE-611

OWASP:A05

PreviousKotlin rules NextPHP rules

Last updated 1 day ago

Was this helpful?