Support
API docs
Product updates Sign up for free

Scala rules

Rule (1) External Control of System or Configuration Setting

CWE (15) External Control of System or Configuration Setting

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (2) Path Traversal

CWE (23) Relative Path Traversal

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

Rule (3) Java Naming and Directory Interface (JNDI) Injection

CWE (74) Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (4) Command Injection

CWE (78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (5) Indirect Command Injection via User Controlled Environment

CWE (78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (6) Cross-site Scripting (XSS)

CWE (79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (7) SQL Injection

CWE (89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (8) LDAP Injection

CWE (90) Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (9) Code Injection

CWE (94) Improper Control of Generation of Code ('Code Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (10) Improper Neutralization of CRLF Sequences in HTTP Headers

CWE (113) Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (11) Disabled Neutralization of CRLF Sequences in HTTP Headers

CWE (113) Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (12) Process Control

CWE (114) Process Control

Rule (13) Use of Externally-Controlled Format String

CWE (134) Use of Externally-Controlled Format String

Rule (14) Information Exposure

CWE (200) Exposure of Sensitive Information to an Unauthorized Actor

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (15) Observable Timing Discrepancy (Timing Attack)

CWE (208) Observable Timing Discrepancy

Rule (16) Server Information Exposure

CWE (209) Generation of Error Message Containing Sensitive Information

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Rule (17) Unprotected Storage of Credentials

CWE (256) Plaintext Storage of a Password

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Rule (18) Use of Hardcoded Credentials

CWE (259, 798) Use of Hard-coded Password, Use of Hard-coded Credentials

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (19) Improper Authentication

CWE (287) Improper Authentication

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (20) Improper Certificate Validation

CWE (295) Improper Certificate Validation

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

Rule (21) Improper Validation of Certificate with Host Mismatch

CWE (297) Improper Validation of Certificate with Host Mismatch

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

Rule (22) Cryptographic Issues

CWE (310) Cryptographic Issues

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (23) The cipher text is equal to the provided input plain text

CWE (311) Missing Encryption of Sensitive Data

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Rule (24) Cleartext Storage of Sensitive Information in a Cookie

CWE (315) Cleartext Storage of Sensitive Information in a Cookie

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (25) Cleartext Transmission of Sensitive Information

CWE (319) Cleartext Transmission of Sensitive Information

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (26) Inadequate Padding for AES encryption

CWE (326) Inadequate Encryption Strength

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (27) Inadequate Encryption Strength

CWE (326) Inadequate Encryption Strength

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (28) Use of a Broken or Risky Cryptographic Algorithm

CWE (327) Use of a Broken or Risky Cryptographic Algorithm

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (29) Use of Insufficiently Random Values

CWE (330) Use of Insufficiently Random Values

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (30) Origin Validation Error

CWE (346, 942) Origin Validation Error, Permissive Cross-domain Policy with Untrusted Domains

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (31) Cross-Site Request Forgery (CSRF)

CWE (352) Cross-Site Request Forgery (CSRF)

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (32) Regular expression injection

CWE (400, 730) Uncontrolled Resource Consumption, OWASP Top Ten 2004 Category A9 - Denial of Service

Rule (33) Trust Boundary Violation

CWE (501) Trust Boundary Violation

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A04:2021 - Insecure Design

Rule (34) Deserialization of Untrusted Data

CWE (502) Deserialization of Untrusted Data

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (35) Hardcoded Secret

CWE (547) Use of Hard-coded, Security-relevant Constants

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (36) Use of Hardcoded, Security-relevant Constants

CWE (547) Use of Hard-coded, Security-relevant Constants

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (37) Open Redirect

CWE (601) URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

Rule (38) XML External Entity (XXE) Injection

CWE (611) Improper Restriction of XML External Entity Reference

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (39) Insufficient Session Expiration

CWE (613) Insufficient Session Expiration

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

Rule (40) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CWE (614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

Rule (41) XPath Injection

CWE (643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A03:2021 - Injection

Rule (42) Use of Potentially Dangerous Function

CWE (676) Use of Potentially Dangerous Function

Rule (43) Android World Writeable/Readable File Permission Found

CWE (732) Incorrect Permission Assignment for Critical Resource

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (44) Use of Password Hash With Insufficient Computational Effort

CWE (916) Use of Password Hash With Insufficient Computational Effort

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

Rule (45) Server-Side Request Forgery (SSRF)

CWE (918) Server-Side Request Forgery (SSRF)

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)

OWASP Top 10/SANS 25: SANS/CWE Top 25

Rule (46) Sensitive Cookie Without 'HttpOnly' Flag

CWE (1004) Sensitive Cookie Without 'HttpOnly' Flag

OWASP Top 10/SANS 25: OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

PreviousRuby rulesNextSwift rules

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.