8.1.0 Vulnerability Queries
The queries are executed in version 8.1.0. The list is also available for download - PDF, CSV
Additionally, queries are listed with the query presets they belong to, in this download - PDF, CSV
Language | Package | Query | Severity | CWEID | New | Updated |
Apex | Apex_Force_com_Code_Quality | Async_Future_Method_Inside_Loops | Low | 10530 |
| |
Apex | Apex_Force_com_Code_Quality | Bulkify_Apex_Methods_Using_Collections_In_Methods | Low | 10536 |
| |
Apex | Apex_Force_com_Code_Quality | DML_Statements_Inside_Loops | Low | 10531 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_Ids | Low | 10532 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_Of_Trigger_New | Low | 10533 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_Of_Trigger_Old | Low | 10534 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_References_To_Static_Resources | Low | 10541 |
| |
Apex | Apex_Force_com_Code_Quality | HTTP_Callouts | Information | 10535 |
| |
Apex | Apex_Force_com_Code_Quality | Multiple_Forms_In_Visualforce_Page | Low | 10537 |
| |
Apex | Apex_Force_com_Code_Quality | Multiple_Trigger_On_same_sObject | Low | 10538 |
| |
Apex | Apex_Force_com_Code_Quality | Queries_With_No_Where_Or_Limit_Clause | Low | 10539 |
| |
Apex | Apex_Force_com_Code_Quality | SOSL_SOQL_Statments_Inside_Loops | Low | 10540 |
| |
Apex | Apex_Force_com_Code_Quality | Test_Methods_With_No_Assert | Information | 10542 |
| |
Apex | Apex_Force_com_Code_Quality | Use_Of_Ajax_Toolkit | Information | 10543 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | Reflected_XSS | High | 10501 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | Resource_Injection | High | 99 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | SOQL_SOSL_Injection | High | 10502 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | Stored_XSS | High | 10501 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Cookies_Scoping | Medium | 10549 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | CRUD_Delete | Medium | 10544 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Dereferenced_Field | Medium | 10545 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Create | Medium | 10520 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Create_Partial | Medium | 10520 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Update | Medium | 10546 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Update_Partial | Medium | 10546 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Frame_Spoofing | Medium | 10504 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | HttpSplitting | Medium | 113 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | inputText_Ignoring_FLS | Medium | 10547 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Sharing | Medium | 10505 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Sharing_With_Controller | Medium | 10505 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | URL_Redirection_Attack | Medium | 10506 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | XSRF | Medium | 10503 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | XSRF_With_VF_Call | Medium | 10503 |
| |
Apex | Apex_ISV_Quality_Rules | ActionPoller_Frequency_Check | Information | 11200 |
| |
Apex | Apex_ISV_Quality_Rules | Ajax_Toolkit_From_VF | Information | 11201 |
| |
Apex | Apex_ISV_Quality_Rules | Batch_Apex_exists | Information | 11216 |
| |
Apex | Apex_ISV_Quality_Rules | Batch_Apex_makes_outbound_call | Information | 11202 |
| |
Apex | Apex_ISV_Quality_Rules | DmlOptions_Set_To_False | Information | 11217 |
| |
Apex | Apex_ISV_Quality_Rules | Empty_Catch_Blocks | Information | 11203 |
| |
Apex | Apex_ISV_Quality_Rules | Find_Exposed_Test_Data | Information | 11210 |
| |
Apex | Apex_ISV_Quality_Rules | Future_exists | Information | 11214 |
| |
Apex | Apex_ISV_Quality_Rules | Old_API_Version | Information | 11215 |
| |
Apex | Apex_ISV_Quality_Rules | Outbound_Email_Send | Information | 11218 |
| |
Apex | Apex_ISV_Quality_Rules | Report_with_no_Filter | Information | 11205 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Dynamic_null_in_Where | Information | 11206 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Formula_in_Where | Information | 11213 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Hardcoded_null_in_Where | Information | 11207 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Relationship_in_Where | Information | 11204 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_With_All_Fields | Information | 11208 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_with_All_Fields_in_loop | Information | 11209 |
| |
Apex | Apex_ISV_Quality_Rules | SOSL_With_Where_Clause | Information | 11212 |
| |
Apex | Apex_ISV_Quality_Rules | Warn_About_Viewstate_Size_Limit | Information | 11211 |
| |
Apex | Apex_ISV_Quality_Rules | Workflow_sends_Emails | Information | 11219 |
| |
Apex | Apex_Low_Visibility | Escape_False_Warning | Low | 10507 |
| |
Apex | Apex_Low_Visibility | Hardcoded_Password | Low | 259 |
| |
Apex | Apex_Low_Visibility | Parameter_Tampering | Low | 472 |
| |
Apex | Apex_Low_Visibility | Password_misuse | Low | 10011 |
| |
Apex | Apex_Low_Visibility | Potential_Frame_Injection | Low | 10548 |
| |
Apex | Apex_Low_Visibility | Potential_URL_Redirection_Attack | Low | 10506 |
| |
Apex | Apex_Low_Visibility | Privacy_Violation | Low | 359 |
| |
Apex | Apex_Low_Visibility | Second_Order_SOQL_SOSL_Injection | Low | 10502 |
| |
Apex | Apex_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Apex | Apex_Low_Visibility | Verbose_Error_Reporting | Low | 209 |
| |
ASP | ASP_Best_Coding_Practice | Aptca_Methods_Call_Non_Aptca_Methods | Information | 10022 |
| |
ASP | ASP_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 10008 |
| |
ASP | ASP_Best_Coding_Practice | Empty_Catch | Information | 390 |
| |
ASP | ASP_Best_Coding_Practice | Hardcoded_Connection_String | Information | 10014 |
| |
ASP | ASP_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
ASP | ASP_Best_Coding_Practice | NULL_Argument_to_Equals | Information | 10019 |
| |
ASP | ASP_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 10026 |
| |
ASP | ASP_Best_Coding_Practice | PersistSecurityInfo_is_True | Information | 10023 |
| |
ASP | ASP_Best_Coding_Practice | Sockets_in_WebApp | Information | 246 |
| |
ASP | ASP_Best_Coding_Practice | Threads_in_WebApp | Information | 383 |
| |
ASP | ASP_Best_Coding_Practice | Unclosed_Objects | Information | 10031 |
| |
ASP | ASP_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
ASP | ASP_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 10033 |
| |
ASP | ASP_Best_Coding_Practice | Visible_Fields | Information | 10003 |
| |
ASP | ASP_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
ASP | ASP_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
ASP | ASP_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
ASP | ASP_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
ASP | ASP_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
ASP | ASP_Heuristic | Heuristic_XSRF | Low | 352 |
| |
ASP | ASP_High_Risk | Code_Injection | High | 94 |
| |
ASP | ASP_High_Risk | Command_Injection | High | 77 |
| |
ASP | ASP_High_Risk | Connection_String_Injection | High | 99 |
| |
ASP | ASP_High_Risk | LDAP_Injection | High | 90 |
| |
ASP | ASP_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
ASP | ASP_High_Risk | Resource_Injection | High | 99 |
| |
ASP | ASP_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
ASP | ASP_High_Risk | SQL_Injection | High | 89 |
| |
ASP | ASP_High_Risk | Stored_XSS | High | 79 |
| |
ASP | ASP_High_Risk | UTF7_XSS | High | 79 |
| |
ASP | ASP_High_Risk | XPath_Injection | High | 643 |
| |
ASP | ASP_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
ASP | ASP_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
ASP | ASP_Low_Visibility | Client_Side_Only_Validation | Low | 10005 |
| |
ASP | ASP_Low_Visibility | Dangerous_File_Upload | Low | 434 |
| |
ASP | ASP_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
ASP | ASP_Low_Visibility | Hardcoded_password_in_Connection_String | Low | 547 |
| |
ASP | ASP_Low_Visibility | Impersonation_Issue | Low | 10024 |
| |
ASP | ASP_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
ASP | ASP_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
ASP | ASP_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
ASP | ASP_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
ASP | ASP_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
ASP | ASP_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
ASP | ASP_Low_Visibility | Insecure_Randomness | Low | 330 |
| |
ASP | ASP_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
ASP | ASP_Low_Visibility | JavaScript_Hijacking | Low | 10598 |
| |
ASP | ASP_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
ASP | ASP_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
ASP | ASP_Low_Visibility | Log_Forging | Low | 117 |
| |
ASP | ASP_Low_Visibility | Open_Redirect | Low | 601 |
| |
ASP | ASP_Low_Visibility | Script_Poinsoning | Low | 10701 |
| |
ASP | ASP_Low_Visibility | Server_Code_In_Client_Comment | Low | 10702 |
| |
ASP | ASP_Low_Visibility | Session_Clearing_Problems | Low | 10027 |
| |
ASP | ASP_Low_Visibility | Session_Poisoning | Low | 10012 |
| |
ASP | ASP_Low_Visibility | Thread_Safety_Issue | Low | 567 |
| |
ASP | ASP_Low_Visibility | URL_Canonicalization_Issue | Low | 10030 |
| |
ASP | ASP_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
ASP | ASP_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
ASP | ASP_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
ASP | ASP_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
ASP | ASP_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
ASP | ASP_Medium_Threat | Improper_Locking | Medium | 667 |
| |
ASP | ASP_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
ASP | ASP_Medium_Threat | Path_Traversal | Medium | 36 |
| |
ASP | ASP_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
ASP | ASP_Medium_Threat | Reflected_XSS_Specific_Clients | Medium | 79 |
| |
ASP | ASP_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
ASP | ASP_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
ASP | ASP_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
ASP | ASP_Medium_Threat | Unclosed_Connection | Medium | 404 |
| |
ASP | ASP_Medium_Threat | Untrusted_Activex | Medium | 10703 |
| |
ASP | ASP_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
ASP | ASP_Medium_Threat | XSRF | Medium | 352 |
| |
CPP | CPP_Best_Coding_Practice | Buffer_Size_Literal | Information | 665 |
| |
CPP | CPP_Best_Coding_Practice | Buffer_Size_Literal_Condition | Information | 665 |
| |
CPP | CPP_Best_Coding_Practice | Buffer_Size_Literal_Overflow | Information | 118 |
| |
CPP | CPP_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
CPP | CPP_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
CPP | CPP_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
CPP | CPP_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
CPP | CPP_Best_Coding_Practice | GOTO_Statement | Information | 699 |
| |
CPP | CPP_Best_Coding_Practice | Methods_Without_ReturnType | Information | 10712 |
| |
CPP | CPP_Best_Coding_Practice | Non_Private_Static_Constructors | Information | 10021 |
| |
CPP | CPP_Best_Coding_Practice | Reliance_On_Untrusted_Inputs_In_Security_Decision | Information | 807 |
| |
CPP | CPP_Best_Coding_Practice | Unused_Variable | Information | 563 |
| |
CPP | CPP_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_AddressOfLocalVarReturned | Medium | 562 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_boundcpy_WrongSizeParam | Medium | 121 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_boundedcpy | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_boundedcpy2 | Medium | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_cin | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_cpycat | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_fgets | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_Indexes | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_IndexFromInput | High | |||
CPP | CPP_Buffer_Overflow | Buffer_Overflow_LongString | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_Loops | Medium | 193 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_LowBound | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_OutOfBound | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_scanf | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_StrcpyStrcat | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_unbounded | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Format_String_Attack | High | 134 |
| |
CPP | CPP_Buffer_Overflow | Missing_Precision | Medium | 120 |
| |
CPP | CPP_Buffer_Overflow | MultiByte_String_Length | Medium | 135 |
| |
CPP | CPP_Buffer_Overflow | Off_by_One_Error_in_Arrays | High | 193 |
| |
CPP | CPP_Buffer_Overflow | Off_by_One_Error_in_Loops | Medium | 193 |
| |
CPP | CPP_Buffer_Overflow | Off_by_One_Error_in_Methods | Medium | 193 |
| |
CPP | CPP_Buffer_Overflow | Open_SSL_HeartBleed | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Potential_Precision_Problem | Low | 120 |
| |
CPP | CPP_Buffer_Overflow | String_Termination_Error | High | 170 |
| |
CPP | CPP_Heuristic | Heuristic_2nd_Order_Buffer_Overflow_malloc | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_2nd_Order_Buffer_Overflow_read | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
CPP | CPP_Heuristic | Heuristic_Buffer_Overflow_malloc | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_Buffer_Overflow_read | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_CGI_Stored_XSS | Low | 79 |
| |
CPP | CPP_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
CPP | CPP_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
CPP | CPP_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
CPP | CPP_Heuristic | Potential_Off_by_One_Error_in_Loops | Low | 193 |
| |
CPP | CPP_High_Risk | CGI_Reflected_XSS | High | 79 |
| |
CPP | CPP_High_Risk | CGI_Stored_XSS | High | 79 |
| |
CPP | CPP_High_Risk | Command_Injection | High | 77 |
| |
CPP | CPP_High_Risk | Connection_String_Injection | High | 99 |
| |
CPP | CPP_High_Risk | LDAP_Injection | High | 90 |
| |
CPP | CPP_High_Risk | Process_Control | High | 114 |
| |
CPP | CPP_High_Risk | Resource_Injection | High | 99 |
| |
CPP | CPP_High_Risk | SQL_Injection | High | 89 |
| |
CPP | CPP_Integer_Overflow | Boolean_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Char_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Float_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Integer_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Long_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Short_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Wrong_Size_t_Allocation | Medium | 789 |
| |
CPP | CPP_Low_Visibility | Arithmenic_Operation_On_Boolean | Low | 398 |
| |
CPP | CPP_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
CPP | CPP_Low_Visibility | Creation_of_chroot_Jail_without_Changing_Working_Directory | Low | 243 |
| |
CPP | CPP_Low_Visibility | Exposure_of_System_Data_to_Unauthorized_Control_Sphere | Low | 497 |
| |
CPP | CPP_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
CPP | CPP_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
CPP | CPP_Low_Visibility | Improper_Resource_Access_Authorization | Low | 285 |
| |
CPP | CPP_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
CPP | CPP_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
CPP | CPP_Low_Visibility | Inconsistent_Implementations | Low | 474 |
| |
CPP | CPP_Low_Visibility | Incorrect_Permission_Assignment_For_Critical_Resources | Low | 732 |
| |
CPP | CPP_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
CPP | CPP_Low_Visibility | Information_Exposure_Through_Comments | Low | 615 |
| |
CPP | CPP_Low_Visibility | Insecure_Temporary_File | Low | 377 |
| |
CPP | CPP_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
CPP | CPP_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
CPP | CPP_Low_Visibility | Log_Forging | Low | 117 |
| |
CPP | CPP_Low_Visibility | NULL_Pointer_Dereference | Low | 476 |
| |
CPP | CPP_Low_Visibility | Potential_Path_Traversal | Low | 36 |
| |
CPP | CPP_Low_Visibility | Privacy_Violation | Low | 359 |
| |
CPP | CPP_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
CPP | CPP_Low_Visibility | Sizeof_Pointer_Argument | Low | 467 |
| |
CPP | CPP_Low_Visibility | Stored_Blind_SQL_Injections | Low | 89 |
| |
CPP | CPP_Low_Visibility | TOCTOU | Low | 367 |
| |
CPP | CPP_Low_Visibility | Unchecked_Array_Index | Low | 129 |
| |
CPP | CPP_Low_Visibility | Unchecked_Return_Value | Low | 252 |
| |
CPP | CPP_Low_Visibility | Undefined_Behavior | Low | 475 |
| |
CPP | CPP_Low_Visibility | Unreleased_Resource_Leak | Low | 411 |
| |
CPP | CPP_Low_Visibility | Use_Of_Deprecated_Class | Low | 477 |
| |
CPP | CPP_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
CPP | CPP_Low_Visibility | Use_of_Insufficiently_Random_Values | Low | 330 |
| |
CPP | CPP_Low_Visibility | Use_of_Obsolete_Functions | Low | 477 |
| |
CPP | CPP_Low_Visibility | Use_of_Sizeof_On_a_Pointer_Type | Low | 467 |
| |
CPP | CPP_Medium_Threat | Cleartext_Transmission_Of_Sensitive_Information | Medium | 319 |
| |
CPP | CPP_Medium_Threat | Dangerous_Functions | Medium | 242 |
| |
CPP | CPP_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
CPP | CPP_Medium_Threat | Divide_By_Zero | Medium | 369 |
| |
CPP | CPP_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
CPP | CPP_Medium_Threat | Double_Free | Medium | 415 |
| |
CPP | CPP_Medium_Threat | Download_of_Code_Without_Integrity_Check | Medium | 494 |
| |
CPP | CPP_Medium_Threat | Environment_Injection | Medium | 77 |
| |
CPP | CPP_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
CPP | CPP_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
CPP | CPP_Medium_Threat | Improperly_Locked_Memory | Medium | 591 |
| |
CPP | CPP_Medium_Threat | Inadequate_Encryption_Strength | Medium | 326 |
| |
CPP | CPP_Medium_Threat | Inadequate_Pointer_Validation | Medium | 633 |
| |
CPP | CPP_Medium_Threat | Memory_Leak | Medium | 401 |
| |
CPP | CPP_Medium_Threat | MemoryFree_on_StackVariable | Medium | 633 |
| |
CPP | CPP_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
CPP | CPP_Medium_Threat | Path_Traversal | Medium | 36 |
| |
CPP | CPP_Medium_Threat | Plaintext_Storage_Of_A_Password | Medium | 256 |
| |
CPP | CPP_Medium_Threat | Setting_Manipulation | Medium | 15 |
| |
CPP | CPP_Medium_Threat | Uncontrolled_Recursion | Medium | 674 |
| |
CPP | CPP_Medium_Threat | Use_After_Free | Medium | 416 |
| |
CPP | CPP_Medium_Threat | Use_of_a_One_Way_Hash_without_a_Salt | Medium | 759 |
| |
CPP | CPP_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
CPP | CPP_Medium_Threat | Use_of_Uninitialized_Pointer | Medium | 457 |
| |
CPP | CPP_Medium_Threat | Use_of_Uninitialized_Variable | Medium | 457 |
| |
CPP | CPP_Medium_Threat | Use_of_Zero_Initialized_Pointer | Medium | 457 |
| |
CPP | CPP_Medium_Threat | Wrong_Memory_Allocation | Medium | 131 |
| |
CPP | CPP_MISRA_C | R02_02_CPP_Comment_Style | Information | 11000 |
| |
CPP | CPP_MISRA_C | R02_03_Nested_Comments | Information | 11001 |
| |
CPP | CPP_MISRA_C | R02_04_Code_Commented_Out | Information | 11002 |
| |
CPP | CPP_MISRA_C | R03_04_Not_Explained_Pragma_Usage | Information | 11003 |
| |
CPP | CPP_MISRA_C | R04_01_Non_ISO_Escape_Sequences | Information | 11004 |
| |
CPP | CPP_MISRA_C | R04_02_Trigraphs | Information | 11005 |
| |
CPP | CPP_MISRA_C | R05_01_Identifiers_Length_Violation | Information | 11006 |
| |
CPP | CPP_MISRA_C | R05_02_Identifiers_Hiding_Outer_Scope_Identifiers | Information | 11007 |
| |
CPP | CPP_MISRA_C | R05_03_Typedef_Name_Reused | Information | 11008 |
| |
CPP | CPP_MISRA_C | R05_04_Tag_Name_Reused | Information | 11009 |
| |
CPP | CPP_MISRA_C | R05_05_Identifier_With_Static_Storage_Reused | Information | 11010 |
| |
CPP | CPP_MISRA_C | R05_07_Identifier_Name_Reused | Information | 11011 |
| |
CPP | CPP_MISRA_C | R06_01_Plain_Char_Type_Usage | Information | 11012 |
| |
CPP | CPP_MISRA_C | R06_02_Not_Plain_Char_Type_Usage | Information | 11013 |
| |
CPP | CPP_MISRA_C | R06_03_Non_Typedefd_Basic_Types | Information | 11014 |
| |
CPP | CPP_MISRA_C | R06_04_Bit_Fields_Type | Information | 11015 |
| |
CPP | CPP_MISRA_C | R06_05_Bit_Fields_Length | Information | 11016 |
| |
CPP | CPP_MISRA_C | R07_01_Non_Zero_Octal_Constant | Information | 11017 |
| |
CPP | CPP_MISRA_C | R08_03_Identical_Function_Decl_Def | Information | 11018 |
| |
CPP | CPP_MISRA_C | R08_05_Object_Function_In_Header_File | Information | 11019 |
| |
CPP | CPP_MISRA_C | R08_07_Block_Scope_Obj_If_Used_By_Single_Function | Information | 11020 |
| |
CPP | CPP_MISRA_C | R08_08_External_Objects_Declared_Once | Information | 11021 |
| |
CPP | CPP_MISRA_C | R09_03_Initializing_Non_First_And_Not_All_Members_In_Enum | Information | 11022 |
| |
CPP | CPP_MISRA_C | R10_06_U_Suffix_Not_Applied_To_Unsigned_Const | Information | 11023 |
| |
CPP | CPP_MISRA_C | R12_05_AND_OR_Operands_Not_As_Primary_Expressions | Information | 11024 |
| |
CPP | CPP_MISRA_C | R12_07_Bitwise_Operator_On_Signed_Type | Information | 11025 |
| |
CPP | CPP_MISRA_C | R12_09_Unary_Minus_Operator_On_Unsigned_Type | Information | 11026 |
| |
CPP | CPP_MISRA_C | R12_10_Comma_Operator_Used | Information | 11027 |
| |
CPP | CPP_MISRA_C | R12_12_Floating_Point_Bit_Underlying_Representation_Used | Information | 11028 |
| |
CPP | CPP_MISRA_C | R12_13_Using_Of_Incremental_And_Decrimental_Operators | Information | 11029 |
| |
CPP | CPP_MISRA_C | R13_01_Assignment_Operators_In_Boolean_Expressions | Information | 11030 |
| |
CPP | CPP_MISRA_C | R13_03_Floating_Point_Equality_Or_Inequality | Information | 11031 |
| |
CPP | CPP_MISRA_C | R13_04_Floating_Points_Objects_In_For_Control | Information | 11032 |
| |
CPP | CPP_MISRA_C | R13_06_Loop_Iterator_Modified_In_Loop_Body | Information | 11033 |
| |
CPP | CPP_MISRA_C | R14_04_Use_Of_Goto | Information | 11034 |
| |
CPP | CPP_MISRA_C | R14_05_Use_Of_Continue | Information | 11035 |
| |
CPP | CPP_MISRA_C | R14_06_Multiple_Breaks_In_Iteration_Statement | Information | 11036 |
| |
CPP | CPP_MISRA_C | R14_07_Single_Point_Exit_At_Function_End | Information | 11037 |
| |
CPP | CPP_MISRA_C | R14_08_Not_Compound_Switch_Or_Iteration_Statement | Information | 11038 |
| |
CPP | CPP_MISRA_C | R14_09_Not_Compound_If_Or_Else | Information | 11039 |
| |
CPP | CPP_MISRA_C | R14_10_If_Else_If_Not_Ending_With_Else | Information | 11040 |
| |
CPP | CPP_MISRA_C | R15_01_Case_Not_Enclosed_By_Compound_Switch | Information | 11041 |
| |
CPP | CPP_MISRA_C | R15_02_Non_Empty_Switch_Clause_Without_Break | Information | 11042 |
| |
CPP | CPP_MISRA_C | R15_03_Non_Default_Final_Clause_In_Switch_Statement | Information | 11043 |
| |
CPP | CPP_MISRA_C | R15_05_No_Cases_in_Switch_Statement | Information | 11044 |
| |
CPP | CPP_MISRA_C | R16_01_Function_With_Variable_Number_Of_Arguments | Information | 11045 |
| |
CPP | CPP_MISRA_C | R16_02_Recursion_Exists | Information | 11046 |
| |
CPP | CPP_MISRA_C | R16_03_Function_Prototype_Without_Identifiers | Information | 11047 |
| |
CPP | CPP_MISRA_C | R16_04_Different_Identifiers_In_Function_Definition_And_Prototype | Information | 11048 |
| |
CPP | CPP_MISRA_C | R16_05_Function_Prototype_Declaration_Without_Parameters | Information | 11049 |
| |
CPP | CPP_MISRA_C | R16_06_Function_Invoke_Arg_Number_Not_Match_Function_Def_Number | Information | 11050 |
| |
CPP | CPP_MISRA_C | R16_07_Parameter_Pointer_To_Const_Where_Not_Modified | Information | 11051 |
| |
CPP | CPP_MISRA_C | R16_08_Non_Explicit_Return_Statement_In_Non_Void_Function | Information | 11052 |
| |
CPP | CPP_MISRA_C | R16_09_Using_Function_Identifier_Not_Call_Or_Pointer | Information | 11053 |
| |
CPP | CPP_MISRA_C | R18_04_Use_Of_Union | Information | 11054 |
| |
CPP | CPP_MISRA_C | R19_01_Non_Prepocessor_Command_Before_Include_In_File | Information | 11055 |
| |
CPP | CPP_MISRA_C | R19_02_Non_Standard_Chars_In_Header_File_Name | Information | 11056 |
| |
CPP | CPP_MISRA_C | R19_03_Include_Directive_In_Wrong_Format | Information | 11057 |
| |
CPP | CPP_MISRA_C | R19_05_Using_Define_Or_Undef_Directive_In_Block | Information | 11058 |
| |
CPP | CPP_MISRA_C | R19_06_Use_Of_Undef_Derective | Information | 11059 |
| |
CPP | CPP_MISRA_C | R19_12_Multiple_Pound_Or_Double_Pound_In_Same_Macro | Information | 11060 |
| |
CPP | CPP_MISRA_C | R19_13_Pound_Preprocessor_Operator_Is_Used | Information | 11061 |
| |
CPP | CPP_MISRA_C | R19_17_Preprocessor_If_And_Else_Operators_Reside_In_Different_Files | Information | 11062 |
| |
CPP | CPP_MISRA_C | R20_05_Using_Errno_Indicator_From_Errno_H | Information | 11063 |
| |
CPP | CPP_MISRA_C | R20_06_Using_Offsetof_Macro_From_Stddef_H | Information | 11064 |
| |
CPP | CPP_MISRA_C | R20_07_Using_Setjmp_Longjmp_Macros_From_Setjmp_H | Information | 11065 |
| |
CPP | CPP_MISRA_C | R20_08_Using_Signal_Handling_From_Signal_H | Information | 11066 |
| |
CPP | CPP_MISRA_C | R20_09_Using_Input_Output_From_Stdio_H | Information | 11067 |
| |
CPP | CPP_MISRA_C | R20_10_Using_Atof_Atoi_Atol_Functions_From_Stdlib_H | Information | 11068 |
| |
CPP | CPP_MISRA_C | R20_11_Using_Abort_Exit_Getenv_System_Functions_From_Stdlib_H | Information | 11069 |
| |
CPP | CPP_MISRA_C | R20_12_Using_Time_Handling_From_Time_H | Information | 11070 |
| |
CPP | CPP_MISRA_CPP | R00_01_03_Find_Unused_Variables | Information | 10775 |
| |
CPP | CPP_MISRA_CPP | R00_01_05_Find_Unused_Typedefs | Information | 10776 |
| |
CPP | CPP_MISRA_CPP | R00_01_10_Find_Unused_Defined_Functions | Information | 10777 |
| |
CPP | CPP_MISRA_CPP | R00_01_11_Find_Unused_Parameters | Information | 10778 |
| |
CPP | CPP_MISRA_CPP | R00_01_12_Find_Virtual_Unused_Parameters | Information | 10779 |
| |
CPP | CPP_MISRA_CPP | R02_03_01_Trigraphs | Information | 11109 |
| |
CPP | CPP_MISRA_CPP | R02_05_01_Digraphs | Information | 10750 |
| |
CPP | CPP_MISRA_CPP | R02_07_02_Code_Commented_Out | Information | 11110 |
| |
CPP | CPP_MISRA_CPP | R02_07_03_Code_CPP_Commented_Out | Information | 11111 |
| |
CPP | CPP_MISRA_CPP | R02_10_02_Identifiers_Hide_Outer_Scope_Identifiers | Information | 11104 |
| |
CPP | CPP_MISRA_CPP | R02_10_03_Typedef_Name_Reused | Information | 11105 |
| |
CPP | CPP_MISRA_CPP | R02_10_04_Class_Enum_Union_Names_Reused | Information | 11106 |
| |
CPP | CPP_MISRA_CPP | R02_10_05_Non_Member_Static_Name_Reuse | Information | 10751 |
| |
CPP | CPP_MISRA_CPP | R02_13_01_Non_ISO_Escapes | Information | 10813 |
| |
CPP | CPP_MISRA_CPP | R02_13_02_Non_Zero_Octal_Constant | Information | 11107 |
| |
CPP | CPP_MISRA_CPP | R02_13_03_U_Suffix_Not_Applied_To_Unsigned_Hex_Oct | Information | 11108 |
| |
CPP | CPP_MISRA_CPP | R02_13_04_Literal_Suffix_Uppercase | Information | 10780 |
| |
CPP | CPP_MISRA_CPP | R03_01_03_Find_Arrays_Without_Size | Information | 10781 |
| |
CPP | CPP_MISRA_CPP | R03_02_01_Identical_Function_and_Object_Decl_Def | Information | 10814 |
| |
CPP | CPP_MISRA_CPP | R03_04_01_Obj_Defined_Outside_Minimal_Scope | Information | 10815 |
| |
CPP | CPP_MISRA_CPP | R03_09_02_Non_Typedef_Basic_Types | Information | 11112 |
| |
CPP | CPP_MISRA_CPP | R04_10_01_NULL_As_An_Integer_Value | Information | 10800 |
| |
CPP | CPP_MISRA_CPP | R04_10_02_Literal_Zero_As_Null_Pointer_Constant | Information | 10801 |
| |
CPP | CPP_MISRA_CPP | R05_00_07_Improper_Explicit_Floating_Integral_Conversion_Of_Expression | Information | 11117 |
| |
CPP | CPP_MISRA_CPP | R05_00_10_Bitwise_Operator_On_Unsigned_Char_Short_Types | Information | 11113 |
| |
CPP | CPP_MISRA_CPP | R05_00_11_Plain_Char_Type_Usage | Information | 11114 |
| |
CPP | CPP_MISRA_CPP | R05_00_12_Not_Plain_Char_Type_Usage | Information | 11115 |
| |
CPP | CPP_MISRA_CPP | R05_00_21_Bitwise_Operator_On_Signed_Type | Information | 11116 |
| |
CPP | CPP_MISRA_CPP | R05_02_01_AND_OR_Operands_Not_As_Postfix_Expressions | Information | 11119 |
| |
CPP | CPP_MISRA_CPP | R05_02_10_Using_Of_Incremental_And_Decrimental_Operators | Information | 11120 |
| |
CPP | CPP_MISRA_CPP | R05_02_11_Find_Special_Operator_Overloads | Information | 10782 |
| |
CPP | CPP_MISRA_CPP | R05_03_02_Unary_Minus_Operator_On_Unsigned_Type | Information | 11121 |
| |
CPP | CPP_MISRA_CPP | R05_03_03_Overloading_Reference_Oper | Information | 10753 |
| |
CPP | CPP_MISRA_CPP | R05_18_01_Comma_Operator_Used | Information | 11118 |
| |
CPP | CPP_MISRA_CPP | R06_02_01_Assignment_in_Sub_Expr | Information | 10754 |
| |
CPP | CPP_MISRA_CPP | R06_02_02_FloatingPt_Equality_Inequality_Testing | Information | 10752 |
| |
CPP | CPP_MISRA_CPP | R06_03_01_Not_Compound_Switch_Or_Iteration_Statement | Information | 11122 |
| |
CPP | CPP_MISRA_CPP | R06_04_01_Not_Compound_If_Or_Else | Information | 11123 |
| |
CPP | CPP_MISRA_CPP | R06_04_02_If_Else_If_Not_Ending_With_Else | Information | 11124 |
| |
CPP | CPP_MISRA_CPP | R06_04_04_Case_Not_Enclosed_By_Compound_Switch | Information | 11125 |
| |
CPP | CPP_MISRA_CPP | R06_04_05_Non_Empty_Switch_Clause_Without_Break_or_Throw | Information | 10816 |
| |
CPP | CPP_MISRA_CPP | R06_04_06_Non_Default_Final_Clause_In_Switch_Statement | Information | 10817 |
| |
CPP | CPP_MISRA_CPP | R06_04_07_Find_Switch_Condition_Bool | Information | 10783 |
| |
CPP | CPP_MISRA_CPP | R06_05_01_Single_Non_Float_LC | Information | 10819 |
| |
CPP | CPP_MISRA_CPP | R06_05_02_Loop_Counter_Modify | Information | 10755 |
| |
CPP | CPP_MISRA_CPP | R06_05_03_Change_Lc_In_St_And_Cond | Information | 10756 |
| |
CPP | CPP_MISRA_CPP | R06_05_04_Incremental_Modified | Information | 10757 |
| |
CPP | CPP_MISRA_CPP | R06_05_05_Lcv_Change_In_For_Stmt | Information | 10758 |
| |
CPP | CPP_MISRA_CPP | R06_05_06_Bool_Lcv_Change | Information | 10759 |
| |
CPP | CPP_MISRA_CPP | R06_06_02_Backward_Use_Of_Goto | Information | 10818 |
| |
CPP | CPP_MISRA_CPP | R06_06_03_Continue_In_Legal_For | Information | 10760 |
| |
CPP | CPP_MISRA_CPP | R06_06_04_One_GoTo_Break_In_Iteration | Information | 10807 |
| |
CPP | CPP_MISRA_CPP | R06_06_05_Single_Point_Exit_At_Function_End | Information | 11126 |
| |
CPP | CPP_MISRA_CPP | R07_01_01_Declare_Const_if_not_Modified | Information | 10784 |
| |
CPP | CPP_MISRA_CPP | R07_01_02_Declare_Ref_Const_if_not_Modified | Information | 10785 |
| |
CPP | CPP_MISRA_CPP | R07_03_01_Definitions_in_Global_Namespace | Information | 10786 |
| |
CPP | CPP_MISRA_CPP | R07_03_02_Find_non_Global_Mains | Information | 10787 |
| |
CPP | CPP_MISRA_CPP | R07_03_03_Unnamed_NS_in_Headers | Information | 10788 |
| |
CPP | CPP_MISRA_CPP | R07_03_04_Find_Using_Directives | Information | 10789 |
| |
CPP | CPP_MISRA_CPP | R07_03_05_Multiple_Declarations_After_Using | Information | 10790 |
| |
CPP | CPP_MISRA_CPP | R07_03_06_Find_Using_in_Headers | Information | 10791 |
| |
CPP | CPP_MISRA_CPP | R07_05_02_Address_Assignment_out_of_Scope | Information | 10792 |
| |
CPP | CPP_MISRA_CPP | R07_05_03_Return_Parameter_Passed_by_Ref | Information | 10793 |
| |
CPP | CPP_MISRA_CPP | R07_05_04_Recursion_Exists | Information | 11127 |
| |
CPP | CPP_MISRA_CPP | R08_00_01_Find_Multiple_Declarators | Information | 10794 |
| |
CPP | CPP_MISRA_CPP | R08_04_01_Function_With_Variable_Number_Of_Arguments | Information | 11128 |
| |
CPP | CPP_MISRA_CPP | R08_04_03_Explicit_Return_Throw | Information | 10808 |
| |
CPP | CPP_MISRA_CPP | R08_05_01_Uninitialized_Variable_Use | Information | 10761 |
| |
CPP | CPP_MISRA_CPP | R09_05_01_Use_Of_Union | Information | 11129 |
| |
CPP | CPP_MISRA_CPP | R09_06_02_bool_Unsigned_Signed_Bit_Field | Information | 10809 |
| |
CPP | CPP_MISRA_CPP | R09_06_03_Enum_Bit_Fields | Information | 10810 |
| |
CPP | CPP_MISRA_CPP | R09_06_04_Bit_Fields_Length | Information | 11130 |
| |
CPP | CPP_MISRA_CPP | R10_01_01_Find_Virtual_Base_Classes | Information | 10795 |
| |
CPP | CPP_MISRA_CPP | R10_03_02_Find_Override_Without_Virtual | Information | 10796 |
| |
CPP | CPP_MISRA_CPP | R10_03_03_Redeclare_Function_as_Pure | Information | 10797 |
| |
CPP | CPP_MISRA_CPP | R12_01_03_Find_non_Explicit_Constructor | Information | 10798 |
| |
CPP | CPP_MISRA_CPP | R15_00_02_Throw_Pointers | Information | 10762 |
| |
CPP | CPP_MISRA_CPP | R15_00_03_Goto_Label_Inside_TryCatch | Information | 10763 |
| |
CPP | CPP_MISRA_CPP | R15_01_02_No_Explicit_Null_Throw | Information | 10764 |
| |
CPP | CPP_MISRA_CPP | R15_01_03_Empty_Throw_Outside_Catch | Information | 10765 |
| |
CPP | CPP_MISRA_CPP | R15_03_02_Catch_All_In_Main | Information | 10766 |
| |
CPP | CPP_MISRA_CPP | R15_03_03_Accessing_Non_Static_Mem_In_Ctr_Dtr | Information | 10767 |
| |
CPP | CPP_MISRA_CPP | R15_03_07_Catch_All_Final | Information | 10768 |
| |
CPP | CPP_MISRA_CPP | R15_05_01_Statements_Outside_TryCatch_Dtr | Information | 10769 |
| |
CPP | CPP_MISRA_CPP | R16_00_02_Define_Only_in_Global_Namespace | Information | 10770 |
| |
CPP | CPP_MISRA_CPP | R16_00_03_Use_Of_Undef_Directive | Information | 11100 |
| |
CPP | CPP_MISRA_CPP | R16_00_04_Function_Like_Macros_Shall_Not_Be_Defined | Information | 10771 |
| |
CPP | CPP_MISRA_CPP | R16_00_05_No_Tokens_In_Func_Like_Macro | Information | 10772 |
| |
CPP | CPP_MISRA_CPP | R16_00_07_Undefined_Macro_Identifiers | Information | 10799 |
| |
CPP | CPP_MISRA_CPP | R16_00_08_Sharp_Before_Preprocessing_Token | Information | 10773 |
| |
CPP | CPP_MISRA_CPP | R16_01_01_Defined_Standart_Forms | Information | 10774 |
| |
CPP | CPP_MISRA_CPP | R16_01_02_Preprocessor_If_And_Else_Operators_Reside_In_Different_Files | Information | 11101 |
| |
CPP | CPP_MISRA_CPP | R16_02_06_Include_Directive_In_Wrong_Format | Information | 11102 |
| |
CPP | CPP_MISRA_CPP | R16_03_02_Pound_Preprocessor_Operator_Is_Used | Information | 11103 |
| |
CPP | CPP_MISRA_CPP | R17_00_01_Standard_Library_Redefined_Or_Undefined | Information | 10802 |
| |
CPP | CPP_MISRA_CPP | R17_00_02_Standard_Library_Macros_Reuse | Information | 10803 |
| |
CPP | CPP_MISRA_CPP | R17_00_03_Standard_Library_Functions_Override | Information | 10804 |
| |
CPP | CPP_MISRA_CPP | R18_00_04_Ctime | Information | 10811 |
| |
CPP | CPP_MISRA_CPP | R18_00_05_Unbounded_Functions_Of_Library_CString | Information | 10805 |
| |
CPP | CPP_MISRA_CPP | R18_04_01_Dynamic_Heap_Memory_Allocation | Information | 10806 |
| |
CPP | CPP_MISRA_CPP | R18_07_01_Csignal | Information | 10812 |
| |
CPP | CPP_Stored_Vulnerabilities | Second_Order_SQL_Injection | Medium | 89 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_boundcpy | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_cpycat | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_fgets | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_fscanf | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Command_Injection | Medium | 77 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Connection_String_Injection | Medium | 99 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_DB_Parameter_Tampering | Low | 284 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_DoS_by_Sleep | Low | 730 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Environment_Injection | Low | 77 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Format_String_Attack | Medium | 134 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Log_Forging | Low | 117 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Parameter_Tampering | Low | 472 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Path_Traversal | Low | 36 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Process_Control | Medium | 114 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Resource_Injection | Medium | 99 |
| |
CSharp | CSharp_Best_Coding_Practice | Aptca_Methods_Call_Non_Aptca_Methods | Information | 10022 |
| |
CSharp | CSharp_Best_Coding_Practice | Catch_NullPointerException | Information | 395 |
| |
CSharp | CSharp_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
CSharp | CSharp_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
CSharp | CSharp_Best_Coding_Practice | Direct_Use_of_Sockets | Information | 246 |
| |
CSharp | CSharp_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
CSharp | CSharp_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
CSharp | CSharp_Best_Coding_Practice | GetLastWin32Error_Is_Not_Called_After_Pinvoke | Information | 10018 |
| |
CSharp | CSharp_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
CSharp | CSharp_Best_Coding_Practice | Leftover_Debug_Code | Information | 489 |
| |
CSharp | CSharp_Best_Coding_Practice | Magic_Numbers | Information | 10017 |
| |
CSharp | CSharp_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
CSharp | CSharp_Best_Coding_Practice | Non_Private_Static_Constructors | Information | 10021 |
| |
CSharp | CSharp_Best_Coding_Practice | NULL_Argument_to_Equals | Information | 10019 |
| |
CSharp | CSharp_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 544 |
| |
CSharp | CSharp_Best_Coding_Practice | PersistSecurityInfo_is_True | Information | 10023 |
| |
CSharp | CSharp_Best_Coding_Practice | Threads_in_WebApp | Information | 383 |
| |
CSharp | CSharp_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
CSharp | CSharp_Best_Coding_Practice | Unchecked_Return_Value | Information | 252 |
| |
CSharp | CSharp_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
CSharp | CSharp_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
CSharp | CSharp_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 398 |
| |
CSharp | CSharp_Best_Coding_Practice | Use_Of_Uninitialized_Variables | Information | 457 |
| |
CSharp | CSharp_Best_Coding_Practice | Using_Of_Index_Instead_Of_Key | Information | 398 |
| |
CSharp | CSharp_Best_Coding_Practice | Visible_Pointers | Information | 10002 |
| |
CSharp | CSharp_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
CSharp | CSharp_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
CSharp | CSharp_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
CSharp | CSharp_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
CSharp | CSharp_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
CSharp | CSharp_Heuristic | Heuristic_XSRF | Low | 352 |
| |
CSharp | CSharp_High_Risk | Code_Injection | High | 94 |
| |
CSharp | CSharp_High_Risk | Command_Injection | High | 77 |
| |
CSharp | CSharp_High_Risk | Connection_String_Injection | High | 99 |
| |
CSharp | CSharp_High_Risk | LDAP_Injection | High | 90 |
| |
CSharp | CSharp_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
CSharp | CSharp_High_Risk | Resource_Injection | High | 99 |
| |
CSharp | CSharp_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
CSharp | CSharp_High_Risk | SQL_Injection | High | 89 |
| |
CSharp | CSharp_High_Risk | Stored_XSS | High | 79 |
| |
CSharp | CSharp_High_Risk | UTF7_XSS | High | 79 |
| |
CSharp | CSharp_High_Risk | XPath_Injection | High | 643 |
| |
CSharp | CSharp_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
CSharp | CSharp_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
CSharp | CSharp_Low_Visibility | Client_Side_Only_Validation | Low | 10005 |
| |
CSharp | CSharp_Low_Visibility | Dangerous_File_Upload | Low | 434 |
| |
CSharp | CSharp_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
CSharp | CSharp_Low_Visibility | Impersonation_Issue | Low | 10024 |
| |
CSharp | CSharp_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
CSharp | CSharp_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
CSharp | CSharp_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
CSharp | CSharp_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
CSharp | CSharp_Low_Visibility | Inappropriate_Encoding_for_Output_Context | Low | 838 |
| |
CSharp | CSharp_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
CSharp | CSharp_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
CSharp | CSharp_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
CSharp | CSharp_Low_Visibility | JavaScript_Hijacking | Low | 10598 |
| |
CSharp | CSharp_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
CSharp | CSharp_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
CSharp | CSharp_Low_Visibility | Log_Forging | Low | 117 |
| |
CSharp | CSharp_Low_Visibility | Off_By_One_Error | Low | 193 |
| |
CSharp | CSharp_Low_Visibility | Open_Redirect | Low | 601 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS_By_Injection | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS_In_Code | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS_In_Static_Field | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
CSharp | CSharp_Low_Visibility | Session_Clearing_Problems | Low | 10027 |
| |
CSharp | CSharp_Low_Visibility | Session_Poisoning | Low | 10012 |
| |
CSharp | CSharp_Low_Visibility | Thread_Safety_Issue | Low | 567 |
| |
CSharp | CSharp_Low_Visibility | URL_Canonicalization_Issue | Low | 10030 |
| |
CSharp | CSharp_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
CSharp | CSharp_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
CSharp | CSharp_Low_Visibility | Use_of_RSA_Algorithm_without_OAEP | Low | 780 |
| |
CSharp | CSharp_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
CSharp | CSharp_Medium_Threat | Buffer_Overflow | Medium | 120 |
| |
CSharp | CSharp_Medium_Threat | CGI_XSS | Medium | 79 |
| |
CSharp | CSharp_Medium_Threat | Cookie_Injection | Medium | 20 |
| |
CSharp | CSharp_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
CSharp | CSharp_Medium_Threat | Data_Filter_Injection | Medium | 200 |
| |
CSharp | CSharp_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
CSharp | CSharp_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
CSharp | CSharp_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
CSharp | CSharp_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
CSharp | CSharp_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
CSharp | CSharp_Medium_Threat | Improper_Encoding_Of_Output | Medium | 116 |
| |
CSharp | CSharp_Medium_Threat | Improper_Locking | Medium | 667 |
| |
CSharp | CSharp_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
CSharp | CSharp_Medium_Threat | Insecure_Cookie | Medium | 614 |
| |
CSharp | CSharp_Medium_Threat | Integer_Overflow | Medium | 190 |
| |
CSharp | CSharp_Medium_Threat | MVC_View_Injection | Medium | 74 |
| |
CSharp | CSharp_Medium_Threat | No_Request_Validation | Medium | 20 |
| |
CSharp | CSharp_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
CSharp | CSharp_Medium_Threat | Path_Traversal | Medium | 36 |
| |
CSharp | CSharp_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
CSharp | CSharp_Medium_Threat | Race_Condition_within_a_Thread | Medium | 366 |
| |
CSharp | CSharp_Medium_Threat | ReDoS_By_Regex_Injection | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | ReDoS_In_Code | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | ReDoS_In_Validation | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | Reflected_XSS_Specific_Clients | Medium | 79 |
| |
CSharp | CSharp_Medium_Threat | Session_Fixation | Medium | 384 |
| |
CSharp | CSharp_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
CSharp | CSharp_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
CSharp | CSharp_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
CSharp | CSharp_Medium_Threat | Stored_XPath_Injection | Medium | 643 |
| |
CSharp | CSharp_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
CSharp | CSharp_Medium_Threat | Unclosed_Connection | Medium | 404 |
| |
CSharp | CSharp_Medium_Threat | Use_of_Cryptographically_Weak_PRNG | Medium | 338 |
| |
CSharp | CSharp_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
CSharp | CSharp_Medium_Threat | Value_Shadowing | Medium | 233 |
| |
CSharp | CSharp_Medium_Threat | XSRF | Medium | 352 |
| |
CSharp | CSharp_WebConfig | CookieLess_Authentication | Medium | 10704 |
| |
CSharp | CSharp_WebConfig | CookieLess_Session_State | Medium | 10705 |
| |
CSharp | CSharp_WebConfig | CustomError | Low | 12 |
| |
CSharp | CSharp_WebConfig | DebugEnabled | Low | 11 |
| |
CSharp | CSharp_WebConfig | Directory_Browse | Low | 548 |
| |
CSharp | CSharp_WebConfig | HardcodedCredentials | Medium | 489 |
| |
CSharp | CSharp_WebConfig | HttpOnlyCookies_In_Config | Medium | 10706 |
| |
CSharp | CSharp_WebConfig | Missing_X_Frame_Options | Low | 829 |
| |
CSharp | CSharp_WebConfig | NonUniqueFormName | Low | 10707 |
| |
CSharp | CSharp_WebConfig | Password_in_Configuration_File | Low | 260 |
| |
CSharp | CSharp_WebConfig | RequireSSL | Medium | 614 |
| |
CSharp | CSharp_WebConfig | SlidingExpiration | Low | 613 |
| |
CSharp | CSharp_WebConfig | TraceEnabled | Low | 10708 |
| |
CSharp | CSharp_Windows_Phone | Client_Side_Injection | High | 89 |
| |
CSharp | CSharp_Windows_Phone | Failure_to_Implement_Least_Privilege | Low | 807 |
| |
CSharp | CSharp_Windows_Phone | Hard_Coded_Cryptography_Key | Medium | 327 |
| |
CSharp | CSharp_Windows_Phone | Insecure_Data_Storage | High | 311 |
| |
CSharp | CSharp_Windows_Phone | Insufficient_Transport_Layer_Protect | High | 311 |
| |
CSharp | CSharp_Windows_Phone | Poor_Authorization_and_Authentication | Medium | 285 |
| |
CSharp | CSharp_Windows_Phone | Side_Channel_Data_Leakage | Low | 200 |
| |
Groovy | Groovy_Best_Coding_Practice | Assign_Collection | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Assigning_instead_of_Comparing | Information | 481 |
| |
Groovy | Groovy_Best_Coding_Practice | Comparing_instead_of_Assigning | Information | 482 |
| |
Groovy | Groovy_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
Groovy | Groovy_Best_Coding_Practice | Declaration_of_Throws_for_Generic_Exception | Information | 397 |
| |
Groovy | Groovy_Best_Coding_Practice | Deprecated_Groovy_Code | Information | 477 |
| |
Groovy | Groovy_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Groovy | Groovy_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Explicit_Calls_To_Methods | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Explicit_Instantiation | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
Groovy | Groovy_Best_Coding_Practice | Getter_Method_Could_Be_Property | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | GOTO_Statement | Information | 699 |
| |
Groovy | Groovy_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
Groovy | Groovy_Best_Coding_Practice | Incorrect_Block_Delimitation | Information | 483 |
| |
Groovy | Groovy_Best_Coding_Practice | Missing_Default_Case_In_Switch_Statement | Information | 478 |
| |
Groovy | Groovy_Best_Coding_Practice | Omitted_Break_Statement_In_Switch | Information | 484 |
| |
Groovy | Groovy_Best_Coding_Practice | Public_Static_Field_Not_Marked_Final | Information | 500 |
| |
Groovy | Groovy_Best_Coding_Practice | Return_Inside_Finally_Block | Information | 584 |
| |
Groovy | Groovy_Best_Coding_Practice | Use_Collect_Many | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Use_Collect_Nested | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Use_of_Wrong_Operator_in_String_Comparison | Information | 597 |
| |
Groovy | Groovy_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
Groovy | Groovy_Heuristic | Heuristic_CGI_Stored_XSS | Low | 79 |
| |
Groovy | Groovy_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
Groovy | Groovy_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
Groovy | Groovy_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
Groovy | Groovy_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
Groovy | Groovy_Heuristic | Heuristic_XSRF | Low | 352 |
| |
Groovy | Groovy_High_Risk | Code_Injection | High | 94 |
| |
Groovy | Groovy_High_Risk | Command_Injection | High | 77 |
| |
Groovy | Groovy_High_Risk | Connection_String_Injection | High | 99 |
| |
Groovy | Groovy_High_Risk | LDAP_Injection | High | 90 |
| |
Groovy | Groovy_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Groovy | Groovy_High_Risk | Resource_Injection | High | 99 |
| |
Groovy | Groovy_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Groovy | Groovy_High_Risk | SQL_Injection | High | 89 |
| |
Groovy | Groovy_High_Risk | Stored_XSS | High | 79 |
| |
Groovy | Groovy_High_Risk | UTF7_XSS | High | 79 |
| |
Groovy | Groovy_High_Risk | XPath_Injection | High | 643 |
| |
Groovy | Groovy_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | 566 |
| |
Groovy | Groovy_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
Groovy | Groovy_Low_Visibility | Channel_Accessible_by_NonEndpoint | Low | 300 |
| |
Groovy | Groovy_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
Groovy | Groovy_Low_Visibility | Collapse_of_Data_into_Unsafe_Value | Low | 182 |
| |
Groovy | Groovy_Low_Visibility | Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions | Low | 379 |
| |
Groovy | Groovy_Low_Visibility | Creation_of_Temp_File_With_Insecure_Permissions | Low | 378 |
| |
Groovy | Groovy_Low_Visibility | Data_Leak_Between_Sessions | Low | 488 |
| |
Groovy | Groovy_Low_Visibility | DB_Control_of_System_or_Config_Setting | Low | 15 |
| |
Groovy | Groovy_Low_Visibility | Divide_By_Zero | Low | 369 |
| |
Groovy | Groovy_Low_Visibility | Empty_Password_In_Connection_String | Low | 259 |
| |
Groovy | Groovy_Low_Visibility | ESAPI_Same_Password_Repeats_Twice | Low | 521 |
| |
Groovy | Groovy_Low_Visibility | Escape_False | Low | 116 |
| |
Groovy | Groovy_Low_Visibility | Exposure_of_System_Data | Low | 497 |
| |
Groovy | Groovy_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Groovy | Groovy_Low_Visibility | Improper_Build_Of_Sql_Mapping | Low | 89 |
| |
Groovy | Groovy_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
Groovy | Groovy_Low_Visibility | Improper_Resource_Locking | Low | 413 |
| |
Groovy | Groovy_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Groovy | Groovy_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
Groovy | Groovy_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
Groovy | Groovy_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Groovy | Groovy_Low_Visibility | Information_Exposure_Through_Debug_Log | Low | 534 |
| |
Groovy | Groovy_Low_Visibility | Information_Exposure_Through_Server_Log | Low | 533 |
| |
Groovy | Groovy_Low_Visibility | Information_Leak_Through_Comments | Low | 615 |
| |
Groovy | Groovy_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
Groovy | Groovy_Low_Visibility | Information_Leak_Through_Shell_Error_Message | Low | 535 |
| |
Groovy | Groovy_Low_Visibility | Insufficient_Session_Expiration | Low | 613 |
| |
Groovy | Groovy_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
Groovy | Groovy_Low_Visibility | Integer_Overflow | Low | 190 |
| |
Groovy | Groovy_Low_Visibility | Integer_Underflow | Low | 191 |
| |
Groovy | Groovy_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
Groovy | Groovy_Low_Visibility | Leaving_Temporary_File | Low | 376 |
| |
Groovy | Groovy_Low_Visibility | Log_Forging | Low | 117 |
| |
Groovy | Groovy_Low_Visibility | Logic_Time_Bomb | Low | 511 |
| |
Groovy | Groovy_Low_Visibility | Missing_Password_Field_Masking | Low | 549 |
| |
Groovy | Groovy_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | 329 |
| |
Groovy | Groovy_Low_Visibility | Object_Hijack | Low | 491 |
| |
Groovy | Groovy_Low_Visibility | Off_by_One_Error | Low | 193 |
| |
Groovy | Groovy_Low_Visibility | Open_Redirect | Low | 601 |
| |
Groovy | Groovy_Low_Visibility | Parse_Double_DoS | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Plaintext_Storage_in_a_Cookie | Low | 315 |
| |
Groovy | Groovy_Low_Visibility | Potenial_UTF7_XSS | Low | 79 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_By_Injection | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_In_Match | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_In_Replace | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_In_Static_Field | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Public_Static_Final_References_Mutable_Object | Low | 607 |
| |
Groovy | Groovy_Low_Visibility | Race_Condition | Low | 362 |
| |
Groovy | Groovy_Low_Visibility | Race_Condition_Format_Flaw | Low | 362 |
| |
Groovy | Groovy_Low_Visibility | Relative_Path_Traversal | Low | 23 |
| |
Groovy | Groovy_Low_Visibility | Reliance_on_Cookies_in_a_Decision | Low | 784 |
| |
Groovy | Groovy_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
Groovy | Groovy_Low_Visibility | Reversible_One_Way_Hash | Low | 328 |
| |
Groovy | Groovy_Low_Visibility | Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute | Low | 614 |
| |
Groovy | Groovy_Low_Visibility | Serializable_Class_Containing_Sensitive_Data | Low | 499 |
| |
Groovy | Groovy_Low_Visibility | Spring_defaultHtmlEscape_Not_True | Low | 10711 |
| |
Groovy | Groovy_Low_Visibility | Stored_Absolute_Path_Traversal | Low | 36 |
| |
Groovy | Groovy_Low_Visibility | Stored_Command_Injection | Low | 77 |
| |
Groovy | Groovy_Low_Visibility | Stored_Relative_Path_Traversal | Low | 23 |
| |
Groovy | Groovy_Low_Visibility | Storing_Passwords_in_a_Recoverable_Format | Low | 257 |
| |
Groovy | Groovy_Low_Visibility | TOCTOU | Low | 367 |
| |
Groovy | Groovy_Low_Visibility | Uncaught_Exception | Low | 248 |
| |
Groovy | Groovy_Low_Visibility | Unchecked_Return_Value_to_NULL_Pointer_Dereference | Low | 690 |
| |
Groovy | Groovy_Low_Visibility | Uncontrolled_Memory_Allocation | Low | 789 |
| |
Groovy | Groovy_Low_Visibility | Unsynchronized_Access_To_Shared_Data | Low | 567 |
| |
Groovy | Groovy_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Groovy | Groovy_Low_Visibility | Use_of_Client_Side_Authentication | Low | 603 |
| |
Groovy | Groovy_Low_Visibility | Use_Of_getenv | Low | 589 |
| |
Groovy | Groovy_Low_Visibility | Use_of_Hard_coded_Security_Constants | Low | 547 |
| |
Groovy | Groovy_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Groovy | Groovy_Low_Visibility | Use_of_RSA_Algorithm_without_OAEP | Low | 780 |
| |
Groovy | Groovy_Low_Visibility | Using_Referer_Field_for_Authentication | Low | 293 |
| |
Groovy | Groovy_Medium_Threat | Absolute_Path_Traversal | Medium | 36 |
| |
Groovy | Groovy_Medium_Threat | CGI_Reflected_XSS_All_Clients | Medium | 79 |
| |
Groovy | Groovy_Medium_Threat | CGI_Stored_XSS | Medium | 79 |
| |
Groovy | Groovy_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | 319 |
| |
Groovy | Groovy_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Groovy | Groovy_Medium_Threat | Dangerous_File_Inclusion | Medium | 98 |
| |
Groovy | Groovy_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Groovy | Groovy_Medium_Threat | Direct_Use_of_Unsafe_JNI | Medium | 111 |
| |
Groovy | Groovy_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | External_Control_of_Critical_State_Data | Medium | 642 |
| |
Groovy | Groovy_Medium_Threat | External_Control_of_System_or_Config_Setting | Medium | 15 |
| |
Groovy | Groovy_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
Groovy | Groovy_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
Groovy | Groovy_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
Groovy | Groovy_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
Groovy | Groovy_Medium_Threat | HttpOnlyCookies_In_Config | Medium | 10706 |
| |
Groovy | Groovy_Medium_Threat | Improper_Locking | Medium | 667 |
| |
Groovy | Groovy_Medium_Threat | Multiple_Binds_to_the_Same_Port | Medium | 605 |
| |
Groovy | Groovy_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Groovy | Groovy_Medium_Threat | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
Groovy | Groovy_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Groovy | Groovy_Medium_Threat | Process_Control | Medium | 114 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_From_Regex_Injection | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_In_Match | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_In_Pattern | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_In_Replace | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | Reliance_on_Cookies_without_Validation | Medium | 565 |
| |
Groovy | Groovy_Medium_Threat | Same_Seed_in_PRNG | Medium | 336 |
| |
Groovy | Groovy_Medium_Threat | Session_Fixation | Medium | 384 |
| |
Groovy | Groovy_Medium_Threat | Spring_ModelView_Injection | Medium | 74 |
| |
Groovy | Groovy_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
Groovy | Groovy_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Groovy | Groovy_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Groovy | Groovy_Medium_Threat | Unchecked_Input_for_Loop_Condition | Medium | 606 |
| |
Groovy | Groovy_Medium_Threat | Uncontrolled_Format_String | Medium | 134 |
| |
Groovy | Groovy_Medium_Threat | Unnormalize_Input_String | Medium | 20 |
| |
Groovy | Groovy_Medium_Threat | Unvalidated_Forwards | Medium | 819 |
| |
Groovy | Groovy_Medium_Threat | Use_of_a_One_Way_Hash_with_a_Predictable_Salt | Medium | 760 |
| |
Groovy | Groovy_Medium_Threat | Use_of_a_One_Way_Hash_without_a_Salt | Medium | 759 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Cryptographically_Weak_PRNG | Medium | 338 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Native_Language | Medium | 111 |
| |
Groovy | Groovy_Medium_Threat | Use_of_System_exit | Medium | 382 |
| |
Groovy | Groovy_Medium_Threat | XSRF | Medium | 352 |
| |
Groovy | Groovy_Stored | Stored_Boundary_Violation | Low | 646 |
| |
Groovy | Groovy_Stored | Stored_Code_Injection | Low | 94 |
| |
Groovy | Groovy_Stored | Stored_HTTP_Response_Splitting | Low | 113 |
| |
Groovy | Groovy_Stored | Stored_Open_Redirect | Low | 601 |
| |
Groovy | Groovy_Stored | Stored_XPath_Injection | Low | 643 |
| |
Java | Java_Android | Accessible_Content_Provider | Low | 668 |
| |
Java | Java_Android | Android_Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Java | Java_Android | Client_Side_Injection | High | 89 |
| |
Java | Java_Android | Client_Side_ReDoS | Low | 10035 |
| |
Java | Java_Android | Debuggable_App | Low | 668 |
| |
Java | Java_Android | Exported_Service_Without_Permissions | Medium | 668 |
| |
Java | Java_Android | Exposure_Of_Resource_To_Other_Applications | Information | 668 |
| |
Java | Java_Android | Failure_To_Implement_Least_Privilege | Medium | 265 |
| |
Java | Java_Android | General_Android_Find_Request_Permissions | Information |
| ||
Java | Java_Android | Implicit_Intent_With_Read_Write_Permissions | Low | 668 |
| |
Java | Java_Android | Improper_Verification_Of_Intent_By_Broadcast_Receiver | Medium | 925 |
| |
Java | Java_Android | Insecure_Data_Storage | Low | 285 |
| |
Java | Java_Android | Insecure_WebView_Usage | High | 829 |
| |
Java | Java_Android | Insufficient_Sensitive_Transport_Layer | High | 359 |
| |
Java | Java_Android | Insufficient_Transport_Layer_Protect | Low | 359 |
| |
Java | Java_Android | Malicious_Program | High | 265 |
| |
Java | Java_Android | Non_Encrypted_Data_Storage | Low | 311 |
| |
Java | Java_Android | Passing_Non_Encrypted_Data_Between_Activities | Low | 311 |
| |
Java | Java_Android | Poor_Authorization_and_Authentication | Medium | 259 |
| |
Java | Java_Android | Side_Channel_Data_Leakage | High | 359 |
| |
Java | Java_Android | Use_Of_Implicit_Intent_For_Sensitive_Communication | Medium | 927 |
| |
Java | Java_Android | Use_of_Native_Language | Low | 111 |
| |
Java | Java_Android | Use_of_WebView_AddJavascriptInterface | High | |||
Java | Java_Android | Weak_Encryption | Medium | 326 |
| |
Java | Java_Best_Coding_Practice | Access_Specifier_Manipulation | Information | 749 |
| |
Java | Java_Best_Coding_Practice | Array_Declared_Public_Final_and_Static | Information | 582 |
| |
Java | Java_Best_Coding_Practice | Assigning_instead_of_Comparing | Information | 481 |
| |
Java | Java_Best_Coding_Practice | Call_to_Thread_run | Information | 572 |
| |
Java | Java_Best_Coding_Practice | Catch_NullPointerException | Information | 395 |
| |
Java | Java_Best_Coding_Practice | clone_Method_Without_super_clone | Information | 580 |
| |
Java | Java_Best_Coding_Practice | Comparing_instead_of_Assigning | Information | 482 |
| |
Java | Java_Best_Coding_Practice | Comparison_of_Classes_By_Name | Information | 486 |
| |
Java | Java_Best_Coding_Practice | Confusing_Naming | Information | 710 |
| |
Java | Java_Best_Coding_Practice | Critical_Public_Variable_Without_Final_Modifier | Information | 493 |
| |
Java | Java_Best_Coding_Practice | Dead_Code | Information | 561 |
| |
Java | Java_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
Java | Java_Best_Coding_Practice | Declaration_of_Throws_for_Generic_Exception | Information | 397 |
| |
Java | Java_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
Java | Java_Best_Coding_Practice | Direct_Use_of_Sockets | Information | 246 |
| |
Java | Java_Best_Coding_Practice | Direct_Use_of_Threads | Information | 383 |
| |
Java | Java_Best_Coding_Practice | Dynamic_File_Inclusion | Information | 98 |
| |
Java | Java_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Java | Java_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Java | Java_Best_Coding_Practice | Empty_Synchronized_Block | Information | 585 |
| |
Java | Java_Best_Coding_Practice | ESAPI_Banned_API | Information | 676 |
| |
Java | Java_Best_Coding_Practice | Explicit_Call_to_Finalize | Information | 586 |
| |
Java | Java_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
Java | Java_Best_Coding_Practice | Expression_is_Always_False | Information | 570 |
| |
Java | Java_Best_Coding_Practice | Expression_is_Always_True | Information | 571 |
| |
Java | Java_Best_Coding_Practice | Failure_to_Catch_All_Exceptions_in_Servlet | Information | 600 |
| |
Java | Java_Best_Coding_Practice | finalize_Method_Declared_Public | Information | 583 |
| |
Java | Java_Best_Coding_Practice | finalize_Method_Without_super_finalize | Information | 568 |
| |
Java | Java_Best_Coding_Practice | GOTO_Statement | Information | 699 |
| |
Java | Java_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
Java | Java_Best_Coding_Practice | Improper_Initialization | Information | 665 |
| |
Java | Java_Best_Coding_Practice | Incorrect_Block_Delimitation | Information | 483 |
| |
Java | Java_Best_Coding_Practice | Incorrect_Conversion_between_Numeric_Types | Information | 681 |
| |
Java | Java_Best_Coding_Practice | Input_Not_Normalized | Information | 180 |
| |
Java | Java_Best_Coding_Practice | Leftover_Debug_Code | Information | 489 |
| |
Java | Java_Best_Coding_Practice | Missing_Default_Case_In_Switch_Statement | Information | 478 |
| |
Java | Java_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
Java | Java_Best_Coding_Practice | Non_serializable_Object_Stored_in_Session | Information | 579 |
| |
Java | Java_Best_Coding_Practice | Not_Static_Final_Logger | Information | 398 |
| |
Java | Java_Best_Coding_Practice | Null_Pointer_Dereference | Information | 476 |
| |
Java | Java_Best_Coding_Practice | Omitted_Break_Statement_In_Switch | Information | 484 |
| |
Java | Java_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 544 |
| |
Java | Java_Best_Coding_Practice | Potentially_Serializable_Class_With_Sensitive_Data | Information | 499 |
| |
Java | Java_Best_Coding_Practice | Public_Static_Field_Not_Marked_Final | Information | 500 |
| |
Java | Java_Best_Coding_Practice | Reachable_Assertion | Information | 617 |
| |
Java | Java_Best_Coding_Practice | Redirect_Without_Exit | Information | 698 |
| |
Java | Java_Best_Coding_Practice | Reliance_On_Untrusted_Inputs_In_Security_Decision | Information | 807 |
| |
Java | Java_Best_Coding_Practice | Return_Inside_Finally_Block | Information | 584 |
| |
Java | Java_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
Java | Java_Best_Coding_Practice | Unchecked_Return_Value | Information | 252 |
| |
Java | Java_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
Java | Java_Best_Coding_Practice | Uncontrolled_Recursion | Information | 674 |
| |
Java | Java_Best_Coding_Practice | Unused_Variable | Information | 563 |
| |
Java | Java_Best_Coding_Practice | Use_of_Inner_Class_Containing_Sensitive_Data | Information | 492 |
| |
Java | Java_Best_Coding_Practice | Use_of_Obsolete_Functions | Information | 477 |
| |
Java | Java_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 398 |
| |
Java | Java_Best_Coding_Practice | Use_Of_Uninitialized_Variables | Information | 457 |
| |
Java | Java_Best_Coding_Practice | Use_of_Wrong_Operator_in_String_Comparison | Information | 597 |
| |
Java | Java_GWT | GWT_DOM_XSS | Medium | 79 |
| |
Java | Java_GWT | GWT_Reflected_XSS | High | 79 |
| |
Java | Java_GWT | JSON_Hijacking | Low | 10598 |
| |
Java | Java_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
Java | Java_Heuristic | Heuristic_CGI_Stored_XSS | Low | 79 |
| |
Java | Java_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
Java | Java_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
Java | Java_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
Java | Java_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
Java | Java_Heuristic | Heuristic_XSRF | Low | 352 |
| |
Java | Java_High_Risk | Code_Injection | High | 94 |
| |
Java | Java_High_Risk | Command_Injection | High | 77 |
| |
Java | Java_High_Risk | Connection_String_Injection | High | 99 |
| |
Java | Java_High_Risk | LDAP_Injection | High | 90 |
| |
Java | Java_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Java | Java_High_Risk | Resource_Injection | High | 99 |
| |
Java | Java_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Java | Java_High_Risk | SQL_Injection | High | 89 |
| |
Java | Java_High_Risk | Stored_XSS | High | 79 |
| |
Java | Java_High_Risk | XPath_Injection | High | 643 |
| |
Java | Java_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | 566 |
| |
Java | Java_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
Java | Java_Low_Visibility | Channel_Accessible_by_NonEndpoint | Low | 300 |
| |
Java | Java_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
Java | Java_Low_Visibility | Collapse_of_Data_into_Unsafe_Value | Low | 182 |
| |
Java | Java_Low_Visibility | Cookie_Overly_Broad_Path | Low | 539 |
| |
Java | Java_Low_Visibility | Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions | Low | 379 |
| |
Java | Java_Low_Visibility | Creation_of_Temp_File_With_Insecure_Permissions | Low | 378 |
| |
Java | Java_Low_Visibility | Data_Leak_Between_Sessions | Low | 488 |
| |
Java | Java_Low_Visibility | DB_Control_of_System_or_Config_Setting | Low | 15 |
| |
Java | Java_Low_Visibility | Divide_By_Zero | Low | 369 |
| |
Java | Java_Low_Visibility | Empty_Password_In_Connection_String | Low | 259 |
| |
Java | Java_Low_Visibility | ESAPI_Same_Password_Repeats_Twice | Low | 521 |
| |
Java | Java_Low_Visibility | Escape_False | Low | 116 |
| |
Java | Java_Low_Visibility | Exposure_of_System_Data | Low | 497 |
| |
Java | Java_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Java | Java_Low_Visibility | Improper_Build_Of_Sql_Mapping | Low | 89 |
| |
Java | Java_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
Java | Java_Low_Visibility | Improper_Resource_Access_Authorization | Low | 285 |
| |
Java | Java_Low_Visibility | Improper_Resource_Locking | Low | 413 |
| |
Java | Java_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Java | Java_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
Java | Java_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
Java | Java_Low_Visibility | Incorrect_Permission_Assignment_For_Critical_Resources | Low | 732 |
| |
Java | Java_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Java | Java_Low_Visibility | Information_Exposure_Through_Debug_Log | Low | 534 |
| |
Java | Java_Low_Visibility | Information_Exposure_Through_Server_Log | Low | 533 |
| |
Java | Java_Low_Visibility | Information_Leak_Through_Comments | Low | 615 |
| |
Java | Java_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
Java | Java_Low_Visibility | Information_Leak_Through_Shell_Error_Message | Low | 535 |
| |
Java | Java_Low_Visibility | Insufficient_Session_Expiration | Low | 613 |
| |
Java | Java_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
Java | Java_Low_Visibility | Integer_Overflow | Low | 190 |
| |
Java | Java_Low_Visibility | Integer_Underflow | Low | 191 |
| |
Java | Java_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
Java | Java_Low_Visibility | Leaving_Temporary_File | Low | 376 |
| |
Java | Java_Low_Visibility | Log_Forging | Low | 117 |
| |
Java | Java_Low_Visibility | Logic_Time_Bomb | Low | 511 |
| |
Java | Java_Low_Visibility | Missing_Password_Field_Masking | Low | 549 |
| |
Java | Java_Low_Visibility | Missing_X_Frame_Options | Low | 829 |
| |
Java | Java_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | 329 |
| |
Java | Java_Low_Visibility | Object_Hijack | Low | 491 |
| |
Java | Java_Low_Visibility | Off_by_One_Error | Low | 193 |
| |
Java | Java_Low_Visibility | Open_Redirect | Low | 601 |
| |
Java | Java_Low_Visibility | Parse_Double_DoS | Low | 730 |
| |
Java | Java_Low_Visibility | Plaintext_Storage_in_a_Cookie | Low | 315 |
| |
Java | Java_Low_Visibility | Portability_Flaw_In_File_Separator | Low | 474 |
| |
Java | Java_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_By_Injection | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_In_Match | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_In_Replace | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_In_Static_Field | Low | 730 |
| |
Java | Java_Low_Visibility | Private_Array_Returned_From_A_Public_Method | Low | 495 |
| |
Java | Java_Low_Visibility | Public_Data_Assigned_to_Private_Array | Low | 496 |
| |
Java | Java_Low_Visibility | Public_Static_Final_References_Mutable_Object | Low | 607 |
| |
Java | Java_Low_Visibility | Race_Condition | Low | 362 |
| |
Java | Java_Low_Visibility | Race_Condition_Format_Flaw | Low | 362 |
| |
Java | Java_Low_Visibility | Relative_Path_Traversal | Low | 23 |
| |
Java | Java_Low_Visibility | Reliance_on_Cookies_in_a_Decision | Low | 784 |
| |
Java | Java_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
Java | Java_Low_Visibility | Reversible_One_Way_Hash | Low | 328 |
| |
Java | Java_Low_Visibility | Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute | Low | 614 |
| |
Java | Java_Low_Visibility | Serializable_Class_Containing_Sensitive_Data | Low | 499 |
| |
Java | Java_Low_Visibility | Spring_defaultHtmlEscape_Not_True | Low | 10711 |
| |
Java | Java_Low_Visibility | Stored_Absolute_Path_Traversal | Low | 36 |
| |
Java | Java_Low_Visibility | Stored_Command_Injection | Low | 77 |
| |
Java | Java_Low_Visibility | Stored_Relative_Path_Traversal | Low | 23 |
| |
Java | Java_Low_Visibility | Storing_Passwords_in_a_Recoverable_Format | Low | 257 |
| |
Java | Java_Low_Visibility | Suspected_XSS | Low | 79 |
| |
Java | Java_Low_Visibility | TOCTOU | Low | 367 |
| |
Java | Java_Low_Visibility | Uncaught_Exception | Low | 248 |
| |
Java | Java_Low_Visibility | Unchecked_Return_Value_to_NULL_Pointer_Dereference | Low | 690 |
| |
Java | Java_Low_Visibility | Uncontrolled_Memory_Allocation | Low | 789 |
| |
Java | Java_Low_Visibility | Unrestricted_File_Upload | Low | 434 |
| |
Java | Java_Low_Visibility | Unsynchronized_Access_To_Shared_Data | Low | 567 |
| |
Java | Java_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Java | Java_Low_Visibility | Use_of_Client_Side_Authentication | Low | 603 |
| |
Java | Java_Low_Visibility | Use_Of_getenv | Low | 589 |
| |
Java | Java_Low_Visibility | Use_of_Hard_coded_Security_Constants | Low | 547 |
| |
Java | Java_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Java | Java_Low_Visibility | Use_of_RSA_Algorithm_without_OAEP | Low | 780 |
| |
Java | Java_Low_Visibility | Using_Referer_Field_for_Authentication | Low | 293 |
| |
Java | Java_Low_Visibility | UTF7_XSS | Low | 79 |
| |
Java | Java_Medium_Threat | Absolute_Path_Traversal | Medium | 36 |
| |
Java | Java_Medium_Threat | CGI_Reflected_XSS_All_Clients | Medium | 79 |
| |
Java | Java_Medium_Threat | CGI_Stored_XSS | Medium | 79 |
| |
Java | Java_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | 319 |
| |
Java | Java_Medium_Threat | Client_State_Saving_Method_JSF | Medium | 254 |
| |
Java | Java_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Java | Java_Medium_Threat | Dangerous_File_Inclusion | Medium | 98 |
| |
Java | Java_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Java | Java_Medium_Threat | Direct_Use_of_Unsafe_JNI | Medium | 111 |
| |
Java | Java_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Java | Java_Medium_Threat | Download_of_Code_Without_Integrity_Check | Medium | 494 |
| |
Java | Java_Medium_Threat | External_Control_of_Critical_State_Data | Medium | 642 |
| |
Java | Java_Medium_Threat | External_Control_of_System_or_Config_Setting | Medium | 15 |
| |
Java | Java_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
Java | Java_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
Java | Java_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
Java | Java_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
Java | Java_Medium_Threat | HttpOnlyCookies_In_Config | Medium | 10706 |
| |
Java | Java_Medium_Threat | Improper_Locking | Medium | 667 |
| |
Java | Java_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
Java | Java_Medium_Threat | Inadequate_Encryption_Strength | Medium | 326 |
| |
Java | Java_Medium_Threat | Input_Path_Not_Canonicalized | Medium | 73 |
| |
Java | Java_Medium_Threat | Multiple_Binds_to_the_Same_Port | Medium | 605 |
| |
Java | Java_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Java | Java_Medium_Threat | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
Java | Java_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Java | Java_Medium_Threat | Process_Control | Medium | 114 |
| |
Java | Java_Medium_Threat | ReDoS_From_Regex_Injection | Medium | 730 |
| |
Java | Java_Medium_Threat | ReDoS_In_Match | Medium | 730 |
| |
Java | Java_Medium_Threat | ReDoS_In_Pattern | Medium | 730 |
| |
Java | Java_Medium_Threat | ReDoS_In_Replace | Medium | 730 |
| |
Java | Java_Medium_Threat | Reliance_on_Cookies_without_Validation | Medium | 565 |
| |
Java | Java_Medium_Threat | Same_Seed_in_PRNG | Medium | 336 |
| |
Java | Java_Medium_Threat | Session_Fixation | Medium | 384 |
| |
Java | Java_Medium_Threat | Spring_ModelView_Injection | Medium | 74 |
| |
Java | Java_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
Java | Java_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Java | Java_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Java | Java_Medium_Threat | Unchecked_Input_for_Loop_Condition | Medium | 606 |
| |
Java | Java_Medium_Threat | Uncontrolled_Format_String | Medium | 134 |
| |
Java | Java_Medium_Threat | Unnormalize_Input_String | Medium | 20 |
| |
Java | Java_Medium_Threat | Unvalidated_Forwards | Medium | 819 |
| |
Java | Java_Medium_Threat | Use_of_a_One_Way_Hash_with_a_Predictable_Salt | Medium | 760 |
| |
Java | Java_Medium_Threat | Use_of_a_One_Way_Hash_without_a_Salt | Medium | 759 |
| |
Java | Java_Medium_Threat | Use_of_Cryptographically_Weak_PRNG | Medium | 338 |
| |
Java | Java_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
Java | Java_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
Java | Java_Medium_Threat | Use_of_Native_Language | Medium | 111 |
| |
Java | Java_Medium_Threat | Use_of_System_exit | Medium | 382 |
| |
Java | Java_Medium_Threat | XQuery_Injection | Medium | 652 |
| |
Java | Java_Medium_Threat | XSRF | Medium | 352 |
| |
Java | Java_Potential | Potential_Code_Injection | Low | 94 |
| |
Java | Java_Potential | Potential_Command_Injection | Low | 77 |
| |
Java | Java_Potential | Potential_Connection_String_Injection | Low | 99 |
| |
Java | Java_Potential | Potential_GWT_Reflected_XSS | Low | 79 |
| |
Java | Java_Potential | Potential_I_Reflected_XSS_All_Clients | Low | 79 |
| |
Java | Java_Potential | Potential_IO_Reflected_XSS_All_Clients | Low | 79 |
| |
Java | Java_Potential | Potential_LDAP_Injection | Low | 90 |
| |
Java | Java_Potential | Potential_O_Reflected_XSS_All_Clients | Low | 79 |
| |
Java | Java_Potential | Potential_Parameter_Tampering | Low | 472 |
| |
Java | Java_Potential | Potential_Resource_Injection | Low | 99 |
| |
Java | Java_Potential | Potential_SQL_Injection | Low | 89 |
| |
Java | Java_Potential | Potential_Stored_XSS | Low | 79 |
| |
Java | Java_Potential | Potential_UTF7_XSS | Low | 79 |
| |
Java | Java_Potential | Potential_XPath_Injection | Low | 643 |
| |
Java | Java_Potential | Potential_XXE_Injection | Low | 776 |
| |
Java | Java_Stored | Stored_Boundary_Violation | Low | 646 |
| |
Java | Java_Stored | Stored_Code_Injection | Low | 94 |
| |
Java | Java_Stored | Stored_HTTP_Response_Splitting | Low | 113 |
| |
Java | Java_Stored | Stored_Open_Redirect | Low | 601 |
| |
Java | Java_Stored | Stored_XPath_Injection | Low | 643 |
| |
Java | Java_Struts | Struts_Duplicate_Config_Files | Low | 694 |
| |
Java | Java_Struts | Struts_Duplicate_Form_Bean | Low | 694 |
| |
Java | Java_Struts | Struts_Duplicate_Validation_Files | Low | 694 |
| |
Java | Java_Struts | Struts_Duplicate_Validation_Forms | Low | 102 |
| |
Java | Java_Struts | Struts_Form_Does_Not_Extend_Validation_Class | Medium | 104 |
| |
Java | Java_Struts | Struts_Form_Field_Without_Validator | Low | 105 |
| |
Java | Java_Struts | Struts_Incomplete_Validate_Method_Definition | Medium | 103 |
| |
Java | Java_Struts | Struts_Mapping_to_Missing_Form_Bean | Low | 457 |
| |
Java | Java_Struts | Struts_Missing_Form_Bean_Name | Information | 563 |
| |
Java | Java_Struts | Struts_Missing_Form_Bean_Type | Information | 563 |
| |
Java | Java_Struts | Struts_Missing_Forward_Name | Information | 489 |
| |
Java | Java_Struts | Struts_Non_Private_Field_In_ActionForm_Class | Low | 608 |
| |
Java | Java_Struts | Struts_Thread_Safety_Violation_In_Action_Class | Low | 856 |
| |
Java | Java_Struts | Struts_Unused_Action_Form | Information | 489 |
| |
Java | Java_Struts | Struts_Unused_Validation_Form | Low | 107 |
| |
Java | Java_Struts | Struts_Unvalidated_Action_Form | Low | 108 |
| |
Java | Java_Struts | Struts_Use_of_Relative_Path_in_Config | Information | 21 |
| |
Java | Java_Struts | Struts_Validation_Turned_Off | Medium | 109 |
| |
Java | Java_Struts | Struts_Validator_Without_Form_Field | Low | 110 |
| |
Java | Java_Struts | Struts2_Action_Field_Without_Validator | Low | 101 |
| |
Java | Java_Struts | Struts2_Duplicate_Action_Field_Validators | Low | 101 |
| |
Java | Java_Struts | Struts2_Duplicate_Validators | Low | 101 |
| |
Java | Java_Struts | Struts2_Undeclared_Validator | Information | 101 |
| |
Java | Java_Struts | Struts2_Validation_File_Without_Action | Information | 101 |
| |
Java | Java_Struts | Struts2_Validator_Without_Action_Field | Information | 101 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_Code_Injection | High | 94 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_Stored_Code_Injection | High | 94 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_Stored_XSS | High | 79 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_XSS | High | 79 |
| |
JavaScript | JavaScript_High_Risk | Client_Resource_Injection | High | 99 |
| |
JavaScript | JavaScript_High_Risk | Client_Second_Order_Sql_Injection | High |
| ||
JavaScript | JavaScript_High_Risk | Client_SQL_Injection | High | 89 |
| |
JavaScript | JavaScript_Jelly | Jelly_Injection | High | 94 | ||
JavaScript | JavaScript_Jelly | Jelly_XSS | High | 79 | ||
JavaScript | JavaScript_Low_Visibility | Client_Cookies_Inspection | Low | 315 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Cross_Session_Contamination | Low | 488 |
| |
JavaScript | JavaScript_Low_Visibility | Client_DOM_Open_Redirect | Low | 601 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Empty_Password | Low | 259 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Hardcoded_Domain | Low | 829 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Heuristic_Poor_XSS_Validation | Low | 80 |
| |
JavaScript | JavaScript_Low_Visibility | Client_HTML5_Easy_To_Guess_Database_Name | Low | 330 |
| |
JavaScript | JavaScript_Low_Visibility | Client_HTML5_Heuristic_Session_Insecure_Storage | Low | 922 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Insecure_Randomness | Low | 330 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Insufficient_ClickJacking_Protection | Low | 693 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Insufficient_Key_Size | Low | 310 |
| |
JavaScript | JavaScript_Low_Visibility | Client_JQuery_Deprecated_Symbols | Low | 477 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Located_JQuery_Outdated_Lib_File | Low | 477 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Negative_Content_Length | Low | 398 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Null_Password | Low | 259 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Overly_Permissive_Message_Posting | Low | 942 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Password_In_Comment | Low | 615 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Password_Weak_Encryption | Low | 261 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_Ad_Hoc_Ajax | Low | 352 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_DOM_Open_Redirect | Low | 601 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_ReDoS_In_Match | Low | 730 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_ReDoS_In_Replace | Low | 730 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Regex_Injection | Low | 624 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Remote_File_Inclusion | Low | 829 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Server_Empty_Password | Low | 259 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Use_Of_Deprecated_SQL_Database | Low | 937 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Use_Of_Iframe_Without_Sandbox | Low | 829 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Weak_Cryptographic_Hash | Low | 310 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Weak_Encryption | Low | 327 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Weak_Password_Authentication | Low | 10710 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Cross_Frame_Scripting_Attack | Medium | 79 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DB_Parameter_Tampering | Medium | 284 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DOM_Cookie_Poisoning | Medium | 472 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DOM_XSRF | Medium | 352 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DoS_By_Sleep | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Header_Manipulation | Medium | 113 |
| |
JavaScript | JavaScript_Medium_Threat | Client_HTML5_Information_Exposure | Medium | 200 |
| |
JavaScript | JavaScript_Medium_Threat | Client_HTML5_Insecure_Storage | Medium | 312 |
| |
JavaScript | JavaScript_Medium_Threat | Client_HTML5_Store_Sensitive_data_In_Web_Storage | Medium | 312 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Path_Manipulation | Medium | 73 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Potential_Code_Injection | Medium | 94 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Potential_XSS | Medium | 79 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Privacy_Violation | Medium | 359 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDoS_From_Regex_Injection | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDoS_In_Match | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDos_In_RegExp | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDoS_In_Replace | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Sandbox_Allows_Scripts_With_Same_Origin | Medium | 829 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Untrusted_Activex | Medium | 10703 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Use_Of_JQuery_Outdated_Version | Medium | 477 |
| |
JavaScript | JavaScript_Medium_Threat | Client_XPATH_Injection | Medium | 643 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_Code_Injection | Medium | 94 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_File_Disclosure | Medium | 22 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_File_Manipulation | Medium | 22 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_Open_Redirect | Medium | 601 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_Privacy_Violation | Medium | 359 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Cleartext_Storage_Of_Sensitive_Information | Medium | 312 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Code_Injection | High | 94 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Comparing_instead_of_Assigning | Information | 482 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Cookie_Poisoning | Medium | 472 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Divide_By_Zero | Low | 369 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Dynamic_File_Inclusion | Information | 98 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Expression_is_Always_False | Information | 570 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Expression_is_Always_True | Information | 571 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Hardcoded_Absolute_Path | Low | 426 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | HTTP_Response_Splitting | Medium | 113 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Information_Exposure_Through_Directory_Listing | Low | 548 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Information_Exposure_Through_Log_Files | Low | 532 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Insecure_Direct_Object_References | High | 813 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | JSON_Hijacking | Low | 352 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Log_Forging | Low | 117 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Missing_CSP_Header | Low |
| ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Missing_Default_Case_In_Switch_Statement | Information | 478 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Missing_Encryption_of_Sensitive_Data | Medium | 311 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Null_Password | Low | 259 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Omitted_Break_Statement_In_Switch | Information | 484 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Open_Redirect | Low | 601 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Parameter_Tampering | Medium | 472 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Password_Weak_Encryption | Low | 261 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Path_Traversal | Medium | 36 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Poor_Database_Access_Control | Low | 285 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Potentially_Vulnerable_To_Xsrf | Low |
| ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Privacy_Violation | Medium | 359 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | ReDOS_in_RegExp | Medium | 730 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Reflected_XSS | High | 79 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Second_Order_SQL_Injection | High | 89 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Security_Misconfiguration | High | 933 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Server_DoS_by_loop | Medium | 730 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Server_DoS_by_sleep | Medium | 730 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | SQL_Injection | High | 89 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | SSL_Verification_Bypass | Medium | 599 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Stored_Code_Injection | Medium | 94 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Stored_Path_Traversal | Low | 36 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Stored_XSS | High | 79 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Uncontrolled_Format_String | Medium | 134 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Unprotected_Cookie | Low |
| ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_of_Deprecated_or_Obsolete_Functions | Low | 477 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_Of_Hardcoded_Password | Low | 259 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_Of_HTTP_Sensitive_Data_Exposure | Low | 319 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | XSRF | Medium | 352 |
| |
JavaScript | Javascript_XS | XS_Code_Injection | High | 94 |
| |
JavaScript | Javascript_XS | XS_Log_Injection | Low | 117 |
| |
JavaScript | Javascript_XS | XS_Open_Redirect | Medium | 601 |
| |
JavaScript | Javascript_XS | XS_Overly_Permissive_CORS | Low | 749 |
| |
JavaScript | Javascript_XS | XS_Parameter_Tampering | Medium | 472 |
| |
JavaScript | Javascript_XS | XS_Potentially_Vulnerable_To_Clickjacking | Low | 693 |
| |
JavaScript | Javascript_XS | XS_Reflected_XSS | High | 79 |
| |
JavaScript | Javascript_XS | XS_Response_Splitting | Medium | 113 |
| |
JavaScript | Javascript_XS | XS_Second_Order_SQL_Injection | High | 89 |
| |
JavaScript | Javascript_XS | XS_SQL_Injection | High | 89 |
| |
JavaScript | Javascript_XS | XS_Stored_Code_Injection | High | 94 |
| |
JavaScript | Javascript_XS | XS_Stored_XSS | High | 79 |
| |
JavaScript | Javascript_XS | XS_Unencrypted_Data_Transfer | Low | 319 |
| |
JavaScript | Javascript_XS | XS_Use_Of_Hardcoded_URL | Medium | 798 |
| |
JavaScript | Javascript_XS | XS_XSRF | Medium | 352 |
| |
JavaScript | JavasScript_Visualforce_Remoting | VF_Remoting_Client_Potential_Code_Injection | Medium | 94 |
| |
JavaScript | JavasScript_Visualforce_Remoting | VF_Remoting_Client_Potential_XSRF | Medium | 352 |
| |
JavaScript | JavasScript_Visualforce_Remoting | VF_Remoting_Client_Potential_XSS | Medium | 79 |
| |
Objc | Apple_Secure_Coding_Guide | Buffer_Size_Literal | Information | 398 |
| |
Objc | Apple_Secure_Coding_Guide | Buffer_Size_Literal_Condition | Low | 398 |
| |
Objc | Apple_Secure_Coding_Guide | Buffer_Size_Literal_Overflow | High | 788 |
| |
Objc | Apple_Secure_Coding_Guide | Improper_Implementation_of_NSSecureCoding | High | 502 |
| |
Objc | Apple_Secure_Coding_Guide | Jailbrake_File_Referenced_By_Name | Low |
| ||
Objc | Apple_Secure_Coding_Guide | Jailbreak_Unchecked_File_Operation_Result_Code | Low |
| ||
Objc | Apple_Secure_Coding_Guide | NSPredicate_Injection | High |
| ||
Objc | Apple_Secure_Coding_Guide | NSPredicate_Injection_Via_Deserialization | High |
| ||
Objc | Apple_Secure_Coding_Guide | Path_Manipulation | Medium | 73 |
| |
Objc | Apple_Secure_Coding_Guide | Signed_Memory_Arithmetic | High |
| ||
Objc | Apple_Secure_Coding_Guide | UDP_Protocol_Used | Information | 398 |
| |
Objc | Apple_Secure_Coding_Guide | Unchecked_CString_Convertion | Low |
| ||
Objc | Apple_Secure_Coding_Guide | Unscrubbed_Secret | Low | 244 |
| |
Objc | Apple_Secure_Coding_Guide | Unsecure_Deserialization | High |
| ||
Objc | Apple_Secure_Coding_Guide | URL_Injection | Low | 74 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Dead_Code | Information | 561 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Expression_is_Always_False | Information | 570 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Expression_is_Always_True | Information | 571 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Missing_Colon_In_Selector | Information | 483 |
| |
Objc | ObjectiveC_High_Risk | Information_Exposure_Through_Extension | High |
| ||
Objc | ObjectiveC_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Objc | ObjectiveC_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Objc | ObjectiveC_High_Risk | SQL_Injection | High | 89 |
| |
Objc | ObjectiveC_High_Risk | Stored_XSS | High | 79 |
| |
Objc | ObjectiveC_High_Risk | Third_Party_Keyboards_On_Sensitive_Field | High |
| ||
Objc | ObjectiveC_High_Risk | Unsafe_Reflection | High | 470 |
| |
Objc | ObjectiveC_Low_Visibility | Empty_Password | Low | 521 |
| |
Objc | ObjectiveC_Low_Visibility | Functions_Apple_Recommends_To_Avoid | Low | 937 |
| |
Objc | ObjectiveC_Low_Visibility | Heap_Inspection | Low | 244 |
| |
Objc | ObjectiveC_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Objc | ObjectiveC_Low_Visibility | Incorrect_Initialization | Low | 456 |
| |
Objc | ObjectiveC_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Objc | ObjectiveC_Low_Visibility | Insufficient_Encryption_Key_Size | Low | 310 |
| |
Objc | ObjectiveC_Low_Visibility | iOS_Improper_Resource_Release_Shutdown | Low | 404 |
| |
Objc | ObjectiveC_Low_Visibility | Log_Forging | Low | 117 |
| |
Objc | ObjectiveC_Low_Visibility | Memory_Leak | Low | 401 |
| |
Objc | ObjectiveC_Low_Visibility | Null_Password | Low | 521 |
| |
Objc | ObjectiveC_Low_Visibility | Poor_Authorization_and_Authentication | Low | 287 |
| |
Objc | ObjectiveC_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
Objc | ObjectiveC_Low_Visibility | Sensitive_Data_In_Temp_Folders | Low | 249 |
| |
Objc | ObjectiveC_Low_Visibility | Third_Party_Keyboard_Enabled | Low |
| ||
Objc | ObjectiveC_Low_Visibility | Unchecked_Return_Value | Low | 252 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 328 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Hardcoded_Cryptographic_Key | Low | 321 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Hardcoded_Password | Low | 259 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Insufficiently_Random_Values | Low | 330 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Obsolete_Functions | Low | 477 |
| |
Objc | ObjectiveC_Medium_Threat | Autocorrection_Keystroke_Logging | Medium |
| ||
Objc | ObjectiveC_Medium_Threat | Cut_And_Paste_Leakage | Medium |
| ||
Objc | ObjectiveC_Medium_Threat | Format_String_Attack | Medium | 134 |
| |
Objc | ObjectiveC_Medium_Threat | Improper_Certificate_Validation | Medium | 297 |
| |
Objc | ObjectiveC_Medium_Threat | Information_Exposure_Through_Query_String | Medium | 598 |
| |
Objc | ObjectiveC_Medium_Threat | Insecure_Data_Storage | Medium | 922 |
| |
Objc | ObjectiveC_Medium_Threat | Insufficient_Transport_Layer_Input | Medium | 319 |
| |
Objc | ObjectiveC_Medium_Threat | Insufficient_Transport_Layer_Output | Medium | 319 |
| |
Objc | ObjectiveC_Medium_Threat | Missing_Encryption_of_Sensitive_Data | Medium | 311 |
| |
Objc | ObjectiveC_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Objc | ObjectiveC_Medium_Threat | Path_Traversal | Medium | 22 |
| |
Objc | ObjectiveC_Medium_Threat | ReDoS | Medium | 730 |
| |
Objc | ObjectiveC_Medium_Threat | Screen_Caching | Medium |
| ||
Objc | ObjectiveC_Medium_Threat | Side_Channel_Data_Leakage | Medium | 359 |
| |
Objc | ObjectiveC_Medium_Threat | XML_External_Entity | Medium | 611 |
| |
Perl | Perl_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Perl | Perl_Best_Coding_Practice | Prepending_Leading_Zeroes_To_Integer_Literals | Information | 665 |
| |
Perl | Perl_Best_Coding_Practice | Reusing_Variable_Names_In_Subscopes | Information | 398 |
| |
Perl | Perl_Best_Coding_Practice | Using_Perl4_Package_Names | Information | 477 |
| |
Perl | Perl_Best_Coding_Practice | Using_Subroutine_Prototypes | Information | 628 |
| |
Perl | Perl_High_Risk | Code_Injection | High | 94 |
| |
Perl | Perl_High_Risk | Command_Injection | High | 77 |
| |
Perl | Perl_High_Risk | Connection_String_Injection | High | 99 |
| |
Perl | Perl_High_Risk | LDAP_Injection | High | 90 |
| |
Perl | Perl_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Perl | Perl_High_Risk | Resource_Injection | High | 99 |
| |
Perl | Perl_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Perl | Perl_High_Risk | SQL_Injection | High | 89 |
| |
Perl | Perl_High_Risk | Stored_XSS | High | 79 |
| |
Perl | Perl_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Perl | Perl_Low_Visibility | Import_of_Deprecated_Modules | Low | 937 |
| |
Perl | Perl_Low_Visibility | Improper_Filtering_of_Special_Elements | Low | 790 |
| |
Perl | Perl_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Perl | Perl_Low_Visibility | Log_Forging | Low | 117 |
| |
Perl | Perl_Low_Visibility | Not_Checking_Regular_Expressions_Results | Low | 252 |
| |
Perl | Perl_Low_Visibility | Overloading_Reserved_Keywords_or_Subroutines | Low | 398 |
| |
Perl | Perl_Low_Visibility | Permissive_Regular_Expression | Low | 625 |
| |
Perl | Perl_Low_Visibility | Prohibit_Indirect_Object_Call_Syntax | Low | 665 |
| |
Perl | Perl_Low_Visibility | Remote_File_Inclusion | Low | 98 |
| |
Perl | Perl_Low_Visibility | Signifying_Inheritence_At_Runtime | Low | 398 |
| |
Perl | Perl_Low_Visibility | Stored_Path_Traversal | Low | 22 |
| |
Perl | Perl_Low_Visibility | Unchecked_Return_Value | Low | 252 |
| |
Perl | Perl_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Perl | Perl_Low_Visibility | Use_of_Deprecated_or_Obsolete_Functions | Low | 477 |
| |
Perl | Perl_Low_Visibility | Variables_Outside_The_Scope_of_a_Regex | Low | 824 |
| |
Perl | Perl_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Perl | Perl_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
Perl | Perl_Medium_Threat | Missing_Encryption_of_Sensitive_Data | Medium | 311 |
| |
Perl | Perl_Medium_Threat | Parameter_Tampering | Medium | 472 | ||
Perl | Perl_Medium_Threat | Path_Traversal | Medium | 22 |
| |
Perl | Perl_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Perl | Perl_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
Perl | Perl_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
Perl | Perl_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Perl | Perl_Medium_Threat | Uncontrolled_Format_String | Medium | 134 |
| |
Perl | Perl_Medium_Threat | Uncontrolled_Memory_Allocation | Medium | 789 |
| |
Perl | Perl_Medium_Threat | Unprotected_Transport_of_Credentials | Medium | 523 |
| |
Perl | Perl_Medium_Threat | Use_Of_Hardcoded_Password | Medium | 259 |
| |
Perl | Perl_Medium_Threat | Use_of_Two_Argument_Form_of_Open | Medium | 77 |
| |
Perl | Perl_Medium_Threat | XSRF | Medium | 352 |
| |
PHP | Php_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
PHP | Php_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
PHP | Php_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
PHP | Php_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
PHP | Php_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
PHP | Php_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
PHP | Php_Best_Coding_Practice | Use_Of_Namespace | Information | 398 |
| |
PHP | Php_Best_Coding_Practice | Use_Of_Private_Static_Variable | Information | 398 |
| |
PHP | Php_Best_Coding_Practice | Use_Of_Super_GLOBALS | Information | 518 |
| |
PHP | PHP_High_Risk | Code_Injection | High | 94 |
| |
PHP | PHP_High_Risk | Command_Injection | High | 77 |
| |
PHP | PHP_High_Risk | File_Disclosure | High | 552 |
| |
PHP | PHP_High_Risk | File_Inclusion | High | 98 |
| |
PHP | PHP_High_Risk | File_Manipulation | High | 552 |
| |
PHP | PHP_High_Risk | LDAP_Injection | High | 90 |
| |
PHP | PHP_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
PHP | PHP_High_Risk | Reflection_Injection | High | 470 |
| |
PHP | PHP_High_Risk | Remote_File_Inclusion | High | 98 |
| |
PHP | PHP_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
PHP | PHP_High_Risk | SQL_Injection | High | 89 |
| |
PHP | PHP_High_Risk | Stored_XSS | High | 79 |
| |
PHP | PHP_High_Risk | XPath_Injection | High | 643 |
| |
PHP | Php_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
PHP | Php_Low_Visibility | ESAPI_Same_Password_Repeats_Twice | Low | 521 |
| |
PHP | Php_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
PHP | Php_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
PHP | Php_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
PHP | Php_Low_Visibility | Incorrect_Implementation_of_Authentication_Algorithm | Low | 303 |
| |
PHP | Php_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
PHP | Php_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
PHP | Php_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
PHP | Php_Low_Visibility | Log_Forging | Low | 117 |
| |
PHP | Php_Low_Visibility | Possible_Flow_Control | Low |
| ||
PHP | Php_Low_Visibility | Reliance_on_Cookies_in_a_Decision | Low | 784 |
| |
PHP | Php_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
PHP | Php_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
PHP | Php_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
PHP | Php_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
PHP | PHP_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
PHP | PHP_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
PHP | PHP_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
PHP | PHP_Medium_Threat | Header_Injection | Medium | 113 |
| |
PHP | PHP_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
PHP | PHP_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
PHP | PHP_Medium_Threat | Improper_Control_of_Dynamically_Identified_Variables | Medium | 914 |
| |
PHP | PHP_Medium_Threat | Improper_Neutralization_of_SQL_Command | Medium | 89 |
| |
PHP | PHP_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 3652 |
| |
PHP | PHP_Medium_Threat | Inappropriate_Encoding_for_Output_Context | Medium | 838 |
| |
PHP | PHP_Medium_Threat | Insecure_Randomness | Medium | 330 |
| |
PHP | PHP_Medium_Threat | Object_Injection | Medium | 915 |
| |
PHP | PHP_Medium_Threat | Open_Redirect | Medium | 601 |
| |
PHP | PHP_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
PHP | PHP_Medium_Threat | Path_Traversal | Medium | 36 |
| |
PHP | PHP_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
PHP | PHP_Medium_Threat | Session_Fixation | Medium | 384 |
| |
PHP | PHP_Medium_Threat | SSL_Verification_Bypass | Medium | 599 |
| |
PHP | PHP_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
PHP | PHP_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
PHP | PHP_Medium_Threat | Stored_File_Inclusion | Medium | 98 |
| |
PHP | PHP_Medium_Threat | Stored_File_Manipulation | Medium | 552 |
| |
PHP | PHP_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
PHP | PHP_Medium_Threat | Stored_Reflection_Injection | Medium | 470 |
| |
PHP | PHP_Medium_Threat | Stored_Remote_File_Inclusion | Medium | 98 |
| |
PHP | PHP_Medium_Threat | Stored_XPath_Injection | Medium | 643 |
| |
PHP | PHP_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
PHP | PHP_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
PHP | PHP_Medium_Threat | XSRF | Medium | 352 |
| |
PLSQL | PLSQL_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
PLSQL | PLSQL_Best_Coding_Practice | Use_of_Potentially_Dangerous_Function | Information | 676 |
| |
PLSQL | PLSQL_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
PLSQL | PLSQL_High_Risk | Resource_Injection | High | 99 |
| |
PLSQL | PLSQL_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
PLSQL | PLSQL_High_Risk | SQL_Injection | High | 89 |
| |
PLSQL | PLSQL_High_Risk | Stored_XSS | High | 79 |
| |
PLSQL | PLSQL_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | 566 |
| |
PLSQL | PLSQL_Low_Visibility | Default_Definer_Rights_in_Method_Definition | Low | 265 |
| |
PLSQL | PLSQL_Low_Visibility | Exposure_of_System_Data | Low | 497 |
| |
PLSQL | PLSQL_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
PLSQL | PLSQL_Low_Visibility | Reversible_One_Way_Hash | Low | 328 |
| |
PLSQL | PLSQL_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
PLSQL | PLSQL_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
PLSQL | PLSQL_Medium_Threat | Dangling_Database_Cursor | Medium | 619 |
| |
PLSQL | PLSQL_Medium_Threat | Default_Definer_Rights_in_Package_or_Object_Definition | Medium | 265 |
| |
PLSQL | PLSQL_Medium_Threat | DoS_By_Sleep | Medium | 730 |
| |
PLSQL | PLSQL_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
PLSQL | PLSQL_Medium_Threat | Improper_Privilege_Management | Medium | 269 |
| |
PLSQL | PLSQL_Medium_Threat | Open_Redirect | Medium | 601 |
| |
PLSQL | PLSQL_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
PLSQL | PLSQL_Medium_Threat | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
PLSQL | PLSQL_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
PLSQL | PLSQL_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
PLSQL | PLSQL_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
Python | Python_High_Risk | Code_Injection | High | 94 |
| |
Python | Python_High_Risk | Command_Injection | High | 77 |
| |
Python | Python_High_Risk | Connection_String_Injection | High | 99 |
| |
Python | Python_High_Risk | LDAP_Injection | High | 90 |
| |
Python | Python_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Python | Python_High_Risk | Resource_Injection | High | 99 |
| |
Python | Python_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Python | Python_High_Risk | SQL_Injection | High | 89 |
| |
Python | Python_High_Risk | Stored_XSS | High | 79 |
| |
Python | Python_High_Risk | XPath_Injection | High | 643 |
| |
Python | Python_Low_Visibility | Debug_Enabled | Low | 11 |
| |
Python | Python_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Python | Python_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Python | Python_Low_Visibility | Insufficiently_Protected_Credentials | Low |
| ||
Python | Python_Low_Visibility | Log_Forging | Low | 117 |
| |
Python | Python_Low_Visibility | Password_In_Comment | Low | 615 |
| |
Python | Python_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Python | Python_Medium_Threat | Cookie_Poisoning | Medium | 472 |
| |
Python | Python_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Python | Python_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Python | Python_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Python | Python_Medium_Threat | Filtering_Sensitive_Logs | Medium | 10602 |
| |
Python | Python_Medium_Threat | Hardcoded_Password_in_Connection_String | Medium | 547 |
| |
Python | Python_Medium_Threat | Header_Injection | Medium | 113 |
| |
Python | Python_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
Python | Python_Medium_Threat | Insecure_Randomness | Medium | 330 |
| |
Python | Python_Medium_Threat | Open_Redirect | Medium | 601 |
| |
Python | Python_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Python | Python_Medium_Threat | Path_Traversal | Medium | 36 |
| |
Python | Python_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Python | Python_Medium_Threat | ReDoS_In_Replace | Medium | 730 |
| |
Python | Python_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Python | Python_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Python | Python_Medium_Threat | XSRF | Medium | 352 |
| |
Ruby | Ruby_Best_Coding_Practice | Caching_False_In_Production | Information | 10713 |
| |
Ruby | Ruby_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
Ruby | Ruby_Best_Coding_Practice | Dynamic_Render_Path | Information | 10714 |
| |
Ruby | Ruby_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Ruby | Ruby_Best_Coding_Practice | Global_Variables_Without_Meaningful_Name | Information | 10715 |
| |
Ruby | Ruby_Best_Coding_Practice | Import_Relative_To_File | Information | 10716 |
| |
Ruby | Ruby_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
Ruby | Ruby_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
Ruby | Ruby_Best_Coding_Practice | Use_Of_Global_Variables | Information | 518 |
| |
Ruby | Ruby_High_Risk | Code_Injection | High | 94 |
| |
Ruby | Ruby_High_Risk | Command_Injection | High | 77 |
| |
Ruby | Ruby_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Ruby | Ruby_High_Risk | Remote_File_Inclusion | High | 829 |
| |
Ruby | Ruby_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Ruby | Ruby_High_Risk | SQL_Injection | High | 89 |
| |
Ruby | Ruby_High_Risk | Stored_XSS | High | 79 |
| |
Ruby | Ruby_Low_Visibility | Attr_accessible_Not_Set | Low | 10601 |
| |
Ruby | Ruby_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
Ruby | Ruby_Low_Visibility | Connection_String_Injection | Low | 99 |
| |
Ruby | Ruby_Low_Visibility | DB_Information_Leak | Low | 200 |
| |
Ruby | Ruby_Low_Visibility | Disabling_SAFE_Mode | Low | 10718 |
| |
Ruby | Ruby_Low_Visibility | Full_Error_Reports_In_Production | Low | 209 |
| |
Ruby | Ruby_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Ruby | Ruby_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
Ruby | Ruby_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
Ruby | Ruby_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Ruby | Ruby_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
Ruby | Ruby_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
Ruby | Ruby_Low_Visibility | Interactive_Render_Path | Low | 10719 |
| |
Ruby | Ruby_Low_Visibility | Leftover_Debug_Code | Low | 489 |
| |
Ruby | Ruby_Low_Visibility | Local_File_Inclusion | Low | 10720 |
| |
Ruby | Ruby_Low_Visibility | Log_Forging | Low | 117 |
| |
Ruby | Ruby_Low_Visibility | No_Protection_From_Forgery | Low | 352 |
| |
Ruby | Ruby_Low_Visibility | No_Session_Expiration | Low | 613 |
| |
Ruby | Ruby_Low_Visibility | Open_Redirect | Low | 601 |
| |
Ruby | Ruby_Low_Visibility | Personal_Info_In_Session | Low | 539 |
| |
Ruby | Ruby_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Ruby | Ruby_Low_Visibility | Use_of_Dangerous_Functions | Low | 242 |
| |
Ruby | Ruby_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Ruby | Ruby_Low_Visibility | Use_Of_raw | Low | 116 |
| |
Ruby | Ruby_Low_Visibility | Use_Of_Sanitize_Instead_Of_h | Low | 116 |
| |
Ruby | Ruby_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
Ruby | Ruby_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Ruby | Ruby_Medium_Threat | Dangerous_Send | Medium | 77 |
| |
Ruby | Ruby_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Ruby | Ruby_Medium_Threat | DB_Tampering | Medium | 20 |
| |
Ruby | Ruby_Medium_Threat | Default_Routes | Medium | 10603 |
| |
Ruby | Ruby_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Ruby | Ruby_Medium_Threat | DOS_To_Symbol | Medium | 730 |
| |
Ruby | Ruby_Medium_Threat | Download_Arbitrary_File | Medium | 10721 |
| |
Ruby | Ruby_Medium_Threat | Filtering_Sensitive_Logs | Medium | 10602 |
| |
Ruby | Ruby_Medium_Threat | Hardcoded_Session_Secret_Token | Medium | 798 |
| |
Ruby | Ruby_Medium_Threat | Http_Only_Set_To_False | Medium | 79 |
| |
Ruby | Ruby_Medium_Threat | Insecure_Randomness | Medium | 330 |
| |
Ruby | Ruby_Medium_Threat | Insufficient_Format_Validation | Medium | 625 |
| |
Ruby | Ruby_Medium_Threat | Nonvalidated_File_Upload | Medium | 434 |
| |
Ruby | Ruby_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Ruby | Ruby_Medium_Threat | Path_Traversal | Medium | 36 |
| |
Ruby | Ruby_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Ruby | Ruby_Medium_Threat | Privilege_Escalation | Medium | 285 |
| |
Ruby | Ruby_Medium_Threat | Remote_Code_Execution | Medium | 94 |
| |
Ruby | Ruby_Medium_Threat | Short_Session_Key | Medium | 326 |
| |
Ruby | Ruby_Medium_Threat | SSL_Verification_Bypass | Medium | 599 |
| |
Ruby | Ruby_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
Ruby | Ruby_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Ruby | Ruby_Medium_Threat | Unsafe_Mass_Assignment | Medium | 10601 |
| |
Ruby | Ruby_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
Ruby | Ruby_Medium_Threat | XSRF | Medium | 352 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_JSON_GEM_Remote_Code | Low | 20 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_JSON_Remote_Code_Execution | Low | 94 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_Bypass_Access_Control | Low | 264 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_Cross_Site_Request_Forgery | Low | 352 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_allows_DOS_via_ActiveRecord | Low | 400 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_SQL_Injection | Low | 89 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_XSS | Low | 79 |
| |
VB6 | VB6_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
VB6 | VB6_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
VB6 | VB6_High_Risk | Code_Injection | High | 94 |
| |
VB6 | VB6_High_Risk | Command_Injection | High | 77 |
| |
VB6 | VB6_High_Risk | Connection_String_Injection | High | 99 |
| |
VB6 | VB6_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
VB6 | VB6_High_Risk | SQL_Injection | High | 89 |
| |
VB6 | VB6_Low_Visibility | Bounds_Check_Disabled | Low | 118 |
| |
VB6 | VB6_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
VB6 | VB6_Low_Visibility | Improper_Error_Handling | Low | 248 |
| |
VB6 | VB6_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
VB6 | VB6_Low_Visibility | Insecure_Randomness | Low | 330 |
| |
VB6 | VB6_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
VB6 | VB6_Low_Visibility | Log_Forging | Low | 117 |
| |
VB6 | VB6_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
VB6 | VB6_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
VB6 | VB6_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
VB6 | VB6_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
VB6 | VB6_Medium_Threat | Path_Traversal | Medium | 36 |
| |
VB6 | VB6_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
VbNet | VbNet_Best_Coding_Practice | Aptca_Methods_Call_Non_Aptca_Methods | Information | 10022 |
| |
VbNet | VbNet_Best_Coding_Practice | Catch_NullPointerException | Information | 395 |
| |
VbNet | VbNet_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
VbNet | VbNet_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
VbNet | VbNet_Best_Coding_Practice | Direct_Use_of_Sockets | Information | 246 |
| |
VbNet | VbNet_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
VbNet | VbNet_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
VbNet | VbNet_Best_Coding_Practice | GetLastWin32Error_Is_Not_Called_After_Pinvoke | Information | 10018 |
| |
VbNet | VbNet_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
VbNet | VbNet_Best_Coding_Practice | Leftover_Debug_Code | Information | 489 |
| |
VbNet | VbNet_Best_Coding_Practice | Magic_Numbers | Information | 10017 |
| |
VbNet | VbNet_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
VbNet | VbNet_Best_Coding_Practice | Non_Private_Static_Constructors | Information | 10021 |
| |
VbNet | VbNet_Best_Coding_Practice | NULL_Argument_to_Equals | Information | 10019 |
| |
VbNet | VbNet_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 544 |
| |
VbNet | VbNet_Best_Coding_Practice | PersistSecurityInfo_is_True | Information | 10023 |
| |
VbNet | VbNet_Best_Coding_Practice | Threads_in_WebApp | Information | 383 |
| |
VbNet | VbNet_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
VbNet | VbNet_Best_Coding_Practice | Unchecked_Return_Value | Information | 252 |
| |
VbNet | VbNet_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
VbNet | VbNet_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
VbNet | VbNet_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 398 |
| |
VbNet | VbNet_Best_Coding_Practice | Use_Of_Uninitialized_Variables | Information | 457 |
| |
VbNet | VbNet_Best_Coding_Practice | Visible_Pointers | Information | 10002 |
| |
VbNet | VbNet_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
VbNet | VbNet_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
VbNet | VbNet_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
VbNet | VbNet_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
VbNet | VbNet_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
VbNet | VbNet_Heuristic | Heuristic_XSRF | Low | 352 |
| |
VbNet | VbNet_High_Risk | Code_Injection | High | 94 |
| |
VbNet | VbNet_High_Risk | Command_Injection | High | 77 |
| |
VbNet | VbNet_High_Risk | Connection_String_Injection | High | 10001 |
| |
VbNet | VbNet_High_Risk | LDAP_Injection | High | 90 |
| |
VbNet | VbNet_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
VbNet | VbNet_High_Risk | Resource_Injection | High | 99 |
| |
VbNet | VbNet_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
VbNet | VbNet_High_Risk | SQL_Injection | High | 89 |
| |
VbNet | VbNet_High_Risk | Stored_XSS | High | 79 |
| |
VbNet | VbNet_High_Risk | UTF7_XSS | High | 79 |
| |
VbNet | VbNet_High_Risk | XPath_Injection | High | 643 |
| |
VbNet | VbNet_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
VbNet | VbNet_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
VbNet | VbNet_Low_Visibility | Client_Side_Only_Validation | Low | 10005 |
| |
VbNet | VbNet_Low_Visibility | Dangerous_File_Upload | Low | 434 |
| |
VbNet | VbNet_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
VbNet | VbNet_Low_Visibility | Impersonation_Issue | Low | 10024 |
| |
VbNet | VbNet_Low_Visibility | Improper_Encoding_Of_Output | Low | 116 | ||
VbNet | VbNet_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
VbNet | VbNet_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
VbNet | VbNet_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
VbNet | VbNet_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
VbNet | VbNet_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
VbNet | VbNet_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
VbNet | VbNet_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
VbNet | VbNet_Low_Visibility | JavaScript_Hijacking | Low | 10598 |
| |
VbNet | VbNet_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
VbNet | VbNet_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
VbNet | VbNet_Low_Visibility | Log_Forging | Low | 117 |
| |
VbNet | VbNet_Low_Visibility | Open_Redirect | Low | 601 |
| |
VbNet | VbNet_Low_Visibility | Session_Clearing_Problems | Low | 10027 |
| |
VbNet | VbNet_Low_Visibility | Session_Poisoning | Low | 10012 |
| |
VbNet | VbNet_Low_Visibility | Thread_Safety_Issue | Low | 567 |
| |
VbNet | VbNet_Low_Visibility | URL_Canonicalization_Issue | Low | 10030 |
| |
VbNet | VbNet_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
VbNet | VbNet_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
VbNet | VbNet_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
VbNet | VbNet_Medium_Threat | Buffer_Overflow | Medium | 120 |
| |
VbNet | VbNet_Medium_Threat | CGI_XSS | Medium | 79 |
| |
VbNet | VbNet_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
VbNet | VbNet_Medium_Threat | Data_Filter_Injection | Medium | 200 |
| |
VbNet | VbNet_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
VbNet | VbNet_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
VbNet | VbNet_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
VbNet | VbNet_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
VbNet | VbNet_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
VbNet | VbNet_Medium_Threat | Improper_Locking | Medium | 667 |
| |
VbNet | VbNet_Medium_Threat | Integer_Overflow | Medium | 190 |
| |
VbNet | VbNet_Medium_Threat | No_Request_Validation | Medium | 20 |
| |
VbNet | VbNet_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
VbNet | VbNet_Medium_Threat | Path_Traversal | Medium | 36 |
| |
VbNet | VbNet_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
VbNet | VbNet_Medium_Threat | Reflected_XSS_Specific_Clients | Medium | 79 |
| |
VbNet | VbNet_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
VbNet | VbNet_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
VbNet | VbNet_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
VbNet | VbNet_Medium_Threat | Stored_XPath_Injection | Medium | 643 |
| |
VbNet | VbNet_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
VbNet | VbNet_Medium_Threat | Unclosed_Connection | Medium | 404 |
| |
VbNet | VbNet_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
VbNet | VbNet_Medium_Threat | XSRF | Medium | 352 |
| |
VbNet | VbNet_WebConfig | CookieLess_Authentication | Medium | 10704 |
| |
VbNet | VbNet_WebConfig | CookieLess_Session | Medium | 10708 |
| |
VbNet | VbNet_WebConfig | CustomError | Low | 12 |
| |
VbNet | VbNet_WebConfig | DebugEnabled | Low | 11 |
| |
VbNet | VbNet_WebConfig | HardcodedCredentials | Medium | 489 |
| |
VbNet | VbNet_WebConfig | HttpOnlyCookies_XSS | High | 10706 |
| |
VbNet | VbNet_WebConfig | Missing_X_Frame_Options | Low | 829 |
| |
VbNet | VbNet_WebConfig | NonUniqueFormName | Low | 10707 |
| |
VbNet | VbNet_WebConfig | Password_In_Configuration_File | Low | 260 |
| |
VbNet | VbNet_WebConfig | RequireSSL | Medium | 614 |
| |
VbNet | VbNet_WebConfig | SlidingExpiration | Low | 613 |
| |
VbNet | VbNet_WebConfig | TraceEnabled | Low | 10708 |
| |
VbScript | VbScript_High_Risk | DOM_Code_Injection | High | 94 |
| |
VbScript | VbScript_High_Risk | DOM_XSS | High | 79 |
| |
VbScript | VbScript_Low_Visibility | Cookies_Inspection | Low | 315 |
| |
VbScript | VbScript_Low_Visibility | DOM_Open_Redirect | Low | 601 |
| |
VbScript | VbScript_Low_Visibility | Weak_Password_Authentication | Low | 10710 |
| |
VbScript | VbScript_Medium_Threat | Client_DoS_By_Sleep | Medium | 730 |
| |
VbScript | VbScript_Medium_Threat | Client_Untrusted_Activex | Medium | 10703 |
| |
VbScript | VbScript_Medium_Threat | DOM_Cookie_Poisoning | Medium | 472 |
| |
VbScript | VbScript_Medium_Threat | DOM_XSRF | Medium | 352 |
|
See also:
8.1.0 Release Updates
8.1.0 Supported Code Languages and Frameworks
8.1.0 Supported Environments
The queries are executed in version 8.1.0. The list is also available for download - PDF, CSV
Additionally, queries are listed with the query presets they belong to, in this download - PDF, CSV
Language | Package | Query | Severity | CWEID | New | Updated |
Apex | Apex_Force_com_Code_Quality | Async_Future_Method_Inside_Loops | Low | 10530 |
| |
Apex | Apex_Force_com_Code_Quality | Bulkify_Apex_Methods_Using_Collections_In_Methods | Low | 10536 |
| |
Apex | Apex_Force_com_Code_Quality | DML_Statements_Inside_Loops | Low | 10531 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_Ids | Low | 10532 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_Of_Trigger_New | Low | 10533 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_Of_Trigger_Old | Low | 10534 |
| |
Apex | Apex_Force_com_Code_Quality | Hardcoding_References_To_Static_Resources | Low | 10541 |
| |
Apex | Apex_Force_com_Code_Quality | HTTP_Callouts | Information | 10535 |
| |
Apex | Apex_Force_com_Code_Quality | Multiple_Forms_In_Visualforce_Page | Low | 10537 |
| |
Apex | Apex_Force_com_Code_Quality | Multiple_Trigger_On_same_sObject | Low | 10538 |
| |
Apex | Apex_Force_com_Code_Quality | Queries_With_No_Where_Or_Limit_Clause | Low | 10539 |
| |
Apex | Apex_Force_com_Code_Quality | SOSL_SOQL_Statments_Inside_Loops | Low | 10540 |
| |
Apex | Apex_Force_com_Code_Quality | Test_Methods_With_No_Assert | Information | 10542 |
| |
Apex | Apex_Force_com_Code_Quality | Use_Of_Ajax_Toolkit | Information | 10543 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | Reflected_XSS | High | 10501 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | Resource_Injection | High | 99 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | SOQL_SOSL_Injection | High | 10502 |
| |
Apex | Apex_Force_com_Critical_Security_Risk | Stored_XSS | High | 10501 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Cookies_Scoping | Medium | 10549 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | CRUD_Delete | Medium | 10544 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Dereferenced_Field | Medium | 10545 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Create | Medium | 10520 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Create_Partial | Medium | 10520 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Update | Medium | 10546 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | FLS_Update_Partial | Medium | 10546 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Frame_Spoofing | Medium | 10504 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | HttpSplitting | Medium | 113 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | inputText_Ignoring_FLS | Medium | 10547 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Sharing | Medium | 10505 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | Sharing_With_Controller | Medium | 10505 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | URL_Redirection_Attack | Medium | 10506 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | XSRF | Medium | 10503 |
| |
Apex | Apex_Force_com_Serious_Security_Risk | XSRF_With_VF_Call | Medium | 10503 |
| |
Apex | Apex_ISV_Quality_Rules | ActionPoller_Frequency_Check | Information | 11200 |
| |
Apex | Apex_ISV_Quality_Rules | Ajax_Toolkit_From_VF | Information | 11201 |
| |
Apex | Apex_ISV_Quality_Rules | Batch_Apex_exists | Information | 11216 |
| |
Apex | Apex_ISV_Quality_Rules | Batch_Apex_makes_outbound_call | Information | 11202 |
| |
Apex | Apex_ISV_Quality_Rules | DmlOptions_Set_To_False | Information | 11217 |
| |
Apex | Apex_ISV_Quality_Rules | Empty_Catch_Blocks | Information | 11203 |
| |
Apex | Apex_ISV_Quality_Rules | Find_Exposed_Test_Data | Information | 11210 |
| |
Apex | Apex_ISV_Quality_Rules | Future_exists | Information | 11214 |
| |
Apex | Apex_ISV_Quality_Rules | Old_API_Version | Information | 11215 |
| |
Apex | Apex_ISV_Quality_Rules | Outbound_Email_Send | Information | 11218 |
| |
Apex | Apex_ISV_Quality_Rules | Report_with_no_Filter | Information | 11205 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Dynamic_null_in_Where | Information | 11206 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Formula_in_Where | Information | 11213 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Hardcoded_null_in_Where | Information | 11207 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_Relationship_in_Where | Information | 11204 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_With_All_Fields | Information | 11208 |
| |
Apex | Apex_ISV_Quality_Rules | SOQL_with_All_Fields_in_loop | Information | 11209 |
| |
Apex | Apex_ISV_Quality_Rules | SOSL_With_Where_Clause | Information | 11212 |
| |
Apex | Apex_ISV_Quality_Rules | Warn_About_Viewstate_Size_Limit | Information | 11211 |
| |
Apex | Apex_ISV_Quality_Rules | Workflow_sends_Emails | Information | 11219 |
| |
Apex | Apex_Low_Visibility | Escape_False_Warning | Low | 10507 |
| |
Apex | Apex_Low_Visibility | Hardcoded_Password | Low | 259 |
| |
Apex | Apex_Low_Visibility | Parameter_Tampering | Low | 472 |
| |
Apex | Apex_Low_Visibility | Password_misuse | Low | 10011 |
| |
Apex | Apex_Low_Visibility | Potential_Frame_Injection | Low | 10548 |
| |
Apex | Apex_Low_Visibility | Potential_URL_Redirection_Attack | Low | 10506 |
| |
Apex | Apex_Low_Visibility | Privacy_Violation | Low | 359 |
| |
Apex | Apex_Low_Visibility | Second_Order_SOQL_SOSL_Injection | Low | 10502 |
| |
Apex | Apex_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Apex | Apex_Low_Visibility | Verbose_Error_Reporting | Low | 209 |
| |
ASP | ASP_Best_Coding_Practice | Aptca_Methods_Call_Non_Aptca_Methods | Information | 10022 |
| |
ASP | ASP_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 10008 |
| |
ASP | ASP_Best_Coding_Practice | Empty_Catch | Information | 390 |
| |
ASP | ASP_Best_Coding_Practice | Hardcoded_Connection_String | Information | 10014 |
| |
ASP | ASP_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
ASP | ASP_Best_Coding_Practice | NULL_Argument_to_Equals | Information | 10019 |
| |
ASP | ASP_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 10026 |
| |
ASP | ASP_Best_Coding_Practice | PersistSecurityInfo_is_True | Information | 10023 |
| |
ASP | ASP_Best_Coding_Practice | Sockets_in_WebApp | Information | 246 |
| |
ASP | ASP_Best_Coding_Practice | Threads_in_WebApp | Information | 383 |
| |
ASP | ASP_Best_Coding_Practice | Unclosed_Objects | Information | 10031 |
| |
ASP | ASP_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
ASP | ASP_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 10033 |
| |
ASP | ASP_Best_Coding_Practice | Visible_Fields | Information | 10003 |
| |
ASP | ASP_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
ASP | ASP_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
ASP | ASP_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
ASP | ASP_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
ASP | ASP_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
ASP | ASP_Heuristic | Heuristic_XSRF | Low | 352 |
| |
ASP | ASP_High_Risk | Code_Injection | High | 94 |
| |
ASP | ASP_High_Risk | Command_Injection | High | 77 |
| |
ASP | ASP_High_Risk | Connection_String_Injection | High | 99 |
| |
ASP | ASP_High_Risk | LDAP_Injection | High | 90 |
| |
ASP | ASP_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
ASP | ASP_High_Risk | Resource_Injection | High | 99 |
| |
ASP | ASP_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
ASP | ASP_High_Risk | SQL_Injection | High | 89 |
| |
ASP | ASP_High_Risk | Stored_XSS | High | 79 |
| |
ASP | ASP_High_Risk | UTF7_XSS | High | 79 |
| |
ASP | ASP_High_Risk | XPath_Injection | High | 643 |
| |
ASP | ASP_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
ASP | ASP_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
ASP | ASP_Low_Visibility | Client_Side_Only_Validation | Low | 10005 |
| |
ASP | ASP_Low_Visibility | Dangerous_File_Upload | Low | 434 |
| |
ASP | ASP_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
ASP | ASP_Low_Visibility | Hardcoded_password_in_Connection_String | Low | 547 |
| |
ASP | ASP_Low_Visibility | Impersonation_Issue | Low | 10024 |
| |
ASP | ASP_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
ASP | ASP_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
ASP | ASP_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
ASP | ASP_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
ASP | ASP_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
ASP | ASP_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
ASP | ASP_Low_Visibility | Insecure_Randomness | Low | 330 |
| |
ASP | ASP_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
ASP | ASP_Low_Visibility | JavaScript_Hijacking | Low | 10598 |
| |
ASP | ASP_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
ASP | ASP_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
ASP | ASP_Low_Visibility | Log_Forging | Low | 117 |
| |
ASP | ASP_Low_Visibility | Open_Redirect | Low | 601 |
| |
ASP | ASP_Low_Visibility | Script_Poinsoning | Low | 10701 |
| |
ASP | ASP_Low_Visibility | Server_Code_In_Client_Comment | Low | 10702 |
| |
ASP | ASP_Low_Visibility | Session_Clearing_Problems | Low | 10027 |
| |
ASP | ASP_Low_Visibility | Session_Poisoning | Low | 10012 |
| |
ASP | ASP_Low_Visibility | Thread_Safety_Issue | Low | 567 |
| |
ASP | ASP_Low_Visibility | URL_Canonicalization_Issue | Low | 10030 |
| |
ASP | ASP_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
ASP | ASP_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
ASP | ASP_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
ASP | ASP_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
ASP | ASP_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
ASP | ASP_Medium_Threat | Improper_Locking | Medium | 667 |
| |
ASP | ASP_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
ASP | ASP_Medium_Threat | Path_Traversal | Medium | 36 |
| |
ASP | ASP_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
ASP | ASP_Medium_Threat | Reflected_XSS_Specific_Clients | Medium | 79 |
| |
ASP | ASP_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
ASP | ASP_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
ASP | ASP_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
ASP | ASP_Medium_Threat | Unclosed_Connection | Medium | 404 |
| |
ASP | ASP_Medium_Threat | Untrusted_Activex | Medium | 10703 |
| |
ASP | ASP_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
ASP | ASP_Medium_Threat | XSRF | Medium | 352 |
| |
CPP | CPP_Best_Coding_Practice | Buffer_Size_Literal | Information | 665 |
| |
CPP | CPP_Best_Coding_Practice | Buffer_Size_Literal_Condition | Information | 665 |
| |
CPP | CPP_Best_Coding_Practice | Buffer_Size_Literal_Overflow | Information | 118 |
| |
CPP | CPP_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
CPP | CPP_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
CPP | CPP_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
CPP | CPP_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
CPP | CPP_Best_Coding_Practice | GOTO_Statement | Information | 699 |
| |
CPP | CPP_Best_Coding_Practice | Methods_Without_ReturnType | Information | 10712 |
| |
CPP | CPP_Best_Coding_Practice | Non_Private_Static_Constructors | Information | 10021 |
| |
CPP | CPP_Best_Coding_Practice | Reliance_On_Untrusted_Inputs_In_Security_Decision | Information | 807 |
| |
CPP | CPP_Best_Coding_Practice | Unused_Variable | Information | 563 |
| |
CPP | CPP_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_AddressOfLocalVarReturned | Medium | 562 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_boundcpy_WrongSizeParam | Medium | 121 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_boundedcpy | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_boundedcpy2 | Medium | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_cin | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_cpycat | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_fgets | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_Indexes | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_IndexFromInput | High | |||
CPP | CPP_Buffer_Overflow | Buffer_Overflow_LongString | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_Loops | Medium | 193 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_LowBound | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_OutOfBound | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_scanf | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_StrcpyStrcat | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Buffer_Overflow_unbounded | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Format_String_Attack | High | 134 |
| |
CPP | CPP_Buffer_Overflow | Missing_Precision | Medium | 120 |
| |
CPP | CPP_Buffer_Overflow | MultiByte_String_Length | Medium | 135 |
| |
CPP | CPP_Buffer_Overflow | Off_by_One_Error_in_Arrays | High | 193 |
| |
CPP | CPP_Buffer_Overflow | Off_by_One_Error_in_Loops | Medium | 193 |
| |
CPP | CPP_Buffer_Overflow | Off_by_One_Error_in_Methods | Medium | 193 |
| |
CPP | CPP_Buffer_Overflow | Open_SSL_HeartBleed | High | 120 |
| |
CPP | CPP_Buffer_Overflow | Potential_Precision_Problem | Low | 120 |
| |
CPP | CPP_Buffer_Overflow | String_Termination_Error | High | 170 |
| |
CPP | CPP_Heuristic | Heuristic_2nd_Order_Buffer_Overflow_malloc | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_2nd_Order_Buffer_Overflow_read | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
CPP | CPP_Heuristic | Heuristic_Buffer_Overflow_malloc | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_Buffer_Overflow_read | Low | 120 |
| |
CPP | CPP_Heuristic | Heuristic_CGI_Stored_XSS | Low | 79 |
| |
CPP | CPP_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
CPP | CPP_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
CPP | CPP_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
CPP | CPP_Heuristic | Potential_Off_by_One_Error_in_Loops | Low | 193 |
| |
CPP | CPP_High_Risk | CGI_Reflected_XSS | High | 79 |
| |
CPP | CPP_High_Risk | CGI_Stored_XSS | High | 79 |
| |
CPP | CPP_High_Risk | Command_Injection | High | 77 |
| |
CPP | CPP_High_Risk | Connection_String_Injection | High | 99 |
| |
CPP | CPP_High_Risk | LDAP_Injection | High | 90 |
| |
CPP | CPP_High_Risk | Process_Control | High | 114 |
| |
CPP | CPP_High_Risk | Resource_Injection | High | 99 |
| |
CPP | CPP_High_Risk | SQL_Injection | High | 89 |
| |
CPP | CPP_Integer_Overflow | Boolean_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Char_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Float_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Integer_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Long_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Short_Overflow | Medium | 190 |
| |
CPP | CPP_Integer_Overflow | Wrong_Size_t_Allocation | Medium | 789 |
| |
CPP | CPP_Low_Visibility | Arithmenic_Operation_On_Boolean | Low | 398 |
| |
CPP | CPP_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
CPP | CPP_Low_Visibility | Creation_of_chroot_Jail_without_Changing_Working_Directory | Low | 243 |
| |
CPP | CPP_Low_Visibility | Exposure_of_System_Data_to_Unauthorized_Control_Sphere | Low | 497 |
| |
CPP | CPP_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
CPP | CPP_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
CPP | CPP_Low_Visibility | Improper_Resource_Access_Authorization | Low | 285 |
| |
CPP | CPP_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
CPP | CPP_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
CPP | CPP_Low_Visibility | Inconsistent_Implementations | Low | 474 |
| |
CPP | CPP_Low_Visibility | Incorrect_Permission_Assignment_For_Critical_Resources | Low | 732 |
| |
CPP | CPP_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
CPP | CPP_Low_Visibility | Information_Exposure_Through_Comments | Low | 615 |
| |
CPP | CPP_Low_Visibility | Insecure_Temporary_File | Low | 377 |
| |
CPP | CPP_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
CPP | CPP_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
CPP | CPP_Low_Visibility | Log_Forging | Low | 117 |
| |
CPP | CPP_Low_Visibility | NULL_Pointer_Dereference | Low | 476 |
| |
CPP | CPP_Low_Visibility | Potential_Path_Traversal | Low | 36 |
| |
CPP | CPP_Low_Visibility | Privacy_Violation | Low | 359 |
| |
CPP | CPP_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
CPP | CPP_Low_Visibility | Sizeof_Pointer_Argument | Low | 467 |
| |
CPP | CPP_Low_Visibility | Stored_Blind_SQL_Injections | Low | 89 |
| |
CPP | CPP_Low_Visibility | TOCTOU | Low | 367 |
| |
CPP | CPP_Low_Visibility | Unchecked_Array_Index | Low | 129 |
| |
CPP | CPP_Low_Visibility | Unchecked_Return_Value | Low | 252 |
| |
CPP | CPP_Low_Visibility | Undefined_Behavior | Low | 475 |
| |
CPP | CPP_Low_Visibility | Unreleased_Resource_Leak | Low | 411 |
| |
CPP | CPP_Low_Visibility | Use_Of_Deprecated_Class | Low | 477 |
| |
CPP | CPP_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
CPP | CPP_Low_Visibility | Use_of_Insufficiently_Random_Values | Low | 330 |
| |
CPP | CPP_Low_Visibility | Use_of_Obsolete_Functions | Low | 477 |
| |
CPP | CPP_Low_Visibility | Use_of_Sizeof_On_a_Pointer_Type | Low | 467 |
| |
CPP | CPP_Medium_Threat | Cleartext_Transmission_Of_Sensitive_Information | Medium | 319 |
| |
CPP | CPP_Medium_Threat | Dangerous_Functions | Medium | 242 |
| |
CPP | CPP_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
CPP | CPP_Medium_Threat | Divide_By_Zero | Medium | 369 |
| |
CPP | CPP_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
CPP | CPP_Medium_Threat | Double_Free | Medium | 415 |
| |
CPP | CPP_Medium_Threat | Download_of_Code_Without_Integrity_Check | Medium | 494 |
| |
CPP | CPP_Medium_Threat | Environment_Injection | Medium | 77 |
| |
CPP | CPP_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
CPP | CPP_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
CPP | CPP_Medium_Threat | Improperly_Locked_Memory | Medium | 591 |
| |
CPP | CPP_Medium_Threat | Inadequate_Encryption_Strength | Medium | 326 |
| |
CPP | CPP_Medium_Threat | Inadequate_Pointer_Validation | Medium | 633 |
| |
CPP | CPP_Medium_Threat | Memory_Leak | Medium | 401 |
| |
CPP | CPP_Medium_Threat | MemoryFree_on_StackVariable | Medium | 633 |
| |
CPP | CPP_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
CPP | CPP_Medium_Threat | Path_Traversal | Medium | 36 |
| |
CPP | CPP_Medium_Threat | Plaintext_Storage_Of_A_Password | Medium | 256 |
| |
CPP | CPP_Medium_Threat | Setting_Manipulation | Medium | 15 |
| |
CPP | CPP_Medium_Threat | Uncontrolled_Recursion | Medium | 674 |
| |
CPP | CPP_Medium_Threat | Use_After_Free | Medium | 416 |
| |
CPP | CPP_Medium_Threat | Use_of_a_One_Way_Hash_without_a_Salt | Medium | 759 |
| |
CPP | CPP_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
CPP | CPP_Medium_Threat | Use_of_Uninitialized_Pointer | Medium | 457 |
| |
CPP | CPP_Medium_Threat | Use_of_Uninitialized_Variable | Medium | 457 |
| |
CPP | CPP_Medium_Threat | Use_of_Zero_Initialized_Pointer | Medium | 457 |
| |
CPP | CPP_Medium_Threat | Wrong_Memory_Allocation | Medium | 131 |
| |
CPP | CPP_MISRA_C | R02_02_CPP_Comment_Style | Information | 11000 |
| |
CPP | CPP_MISRA_C | R02_03_Nested_Comments | Information | 11001 |
| |
CPP | CPP_MISRA_C | R02_04_Code_Commented_Out | Information | 11002 |
| |
CPP | CPP_MISRA_C | R03_04_Not_Explained_Pragma_Usage | Information | 11003 |
| |
CPP | CPP_MISRA_C | R04_01_Non_ISO_Escape_Sequences | Information | 11004 |
| |
CPP | CPP_MISRA_C | R04_02_Trigraphs | Information | 11005 |
| |
CPP | CPP_MISRA_C | R05_01_Identifiers_Length_Violation | Information | 11006 |
| |
CPP | CPP_MISRA_C | R05_02_Identifiers_Hiding_Outer_Scope_Identifiers | Information | 11007 |
| |
CPP | CPP_MISRA_C | R05_03_Typedef_Name_Reused | Information | 11008 |
| |
CPP | CPP_MISRA_C | R05_04_Tag_Name_Reused | Information | 11009 |
| |
CPP | CPP_MISRA_C | R05_05_Identifier_With_Static_Storage_Reused | Information | 11010 |
| |
CPP | CPP_MISRA_C | R05_07_Identifier_Name_Reused | Information | 11011 |
| |
CPP | CPP_MISRA_C | R06_01_Plain_Char_Type_Usage | Information | 11012 |
| |
CPP | CPP_MISRA_C | R06_02_Not_Plain_Char_Type_Usage | Information | 11013 |
| |
CPP | CPP_MISRA_C | R06_03_Non_Typedefd_Basic_Types | Information | 11014 |
| |
CPP | CPP_MISRA_C | R06_04_Bit_Fields_Type | Information | 11015 |
| |
CPP | CPP_MISRA_C | R06_05_Bit_Fields_Length | Information | 11016 |
| |
CPP | CPP_MISRA_C | R07_01_Non_Zero_Octal_Constant | Information | 11017 |
| |
CPP | CPP_MISRA_C | R08_03_Identical_Function_Decl_Def | Information | 11018 |
| |
CPP | CPP_MISRA_C | R08_05_Object_Function_In_Header_File | Information | 11019 |
| |
CPP | CPP_MISRA_C | R08_07_Block_Scope_Obj_If_Used_By_Single_Function | Information | 11020 |
| |
CPP | CPP_MISRA_C | R08_08_External_Objects_Declared_Once | Information | 11021 |
| |
CPP | CPP_MISRA_C | R09_03_Initializing_Non_First_And_Not_All_Members_In_Enum | Information | 11022 |
| |
CPP | CPP_MISRA_C | R10_06_U_Suffix_Not_Applied_To_Unsigned_Const | Information | 11023 |
| |
CPP | CPP_MISRA_C | R12_05_AND_OR_Operands_Not_As_Primary_Expressions | Information | 11024 |
| |
CPP | CPP_MISRA_C | R12_07_Bitwise_Operator_On_Signed_Type | Information | 11025 |
| |
CPP | CPP_MISRA_C | R12_09_Unary_Minus_Operator_On_Unsigned_Type | Information | 11026 |
| |
CPP | CPP_MISRA_C | R12_10_Comma_Operator_Used | Information | 11027 |
| |
CPP | CPP_MISRA_C | R12_12_Floating_Point_Bit_Underlying_Representation_Used | Information | 11028 |
| |
CPP | CPP_MISRA_C | R12_13_Using_Of_Incremental_And_Decrimental_Operators | Information | 11029 |
| |
CPP | CPP_MISRA_C | R13_01_Assignment_Operators_In_Boolean_Expressions | Information | 11030 |
| |
CPP | CPP_MISRA_C | R13_03_Floating_Point_Equality_Or_Inequality | Information | 11031 |
| |
CPP | CPP_MISRA_C | R13_04_Floating_Points_Objects_In_For_Control | Information | 11032 |
| |
CPP | CPP_MISRA_C | R13_06_Loop_Iterator_Modified_In_Loop_Body | Information | 11033 |
| |
CPP | CPP_MISRA_C | R14_04_Use_Of_Goto | Information | 11034 |
| |
CPP | CPP_MISRA_C | R14_05_Use_Of_Continue | Information | 11035 |
| |
CPP | CPP_MISRA_C | R14_06_Multiple_Breaks_In_Iteration_Statement | Information | 11036 |
| |
CPP | CPP_MISRA_C | R14_07_Single_Point_Exit_At_Function_End | Information | 11037 |
| |
CPP | CPP_MISRA_C | R14_08_Not_Compound_Switch_Or_Iteration_Statement | Information | 11038 |
| |
CPP | CPP_MISRA_C | R14_09_Not_Compound_If_Or_Else | Information | 11039 |
| |
CPP | CPP_MISRA_C | R14_10_If_Else_If_Not_Ending_With_Else | Information | 11040 |
| |
CPP | CPP_MISRA_C | R15_01_Case_Not_Enclosed_By_Compound_Switch | Information | 11041 |
| |
CPP | CPP_MISRA_C | R15_02_Non_Empty_Switch_Clause_Without_Break | Information | 11042 |
| |
CPP | CPP_MISRA_C | R15_03_Non_Default_Final_Clause_In_Switch_Statement | Information | 11043 |
| |
CPP | CPP_MISRA_C | R15_05_No_Cases_in_Switch_Statement | Information | 11044 |
| |
CPP | CPP_MISRA_C | R16_01_Function_With_Variable_Number_Of_Arguments | Information | 11045 |
| |
CPP | CPP_MISRA_C | R16_02_Recursion_Exists | Information | 11046 |
| |
CPP | CPP_MISRA_C | R16_03_Function_Prototype_Without_Identifiers | Information | 11047 |
| |
CPP | CPP_MISRA_C | R16_04_Different_Identifiers_In_Function_Definition_And_Prototype | Information | 11048 |
| |
CPP | CPP_MISRA_C | R16_05_Function_Prototype_Declaration_Without_Parameters | Information | 11049 |
| |
CPP | CPP_MISRA_C | R16_06_Function_Invoke_Arg_Number_Not_Match_Function_Def_Number | Information | 11050 |
| |
CPP | CPP_MISRA_C | R16_07_Parameter_Pointer_To_Const_Where_Not_Modified | Information | 11051 |
| |
CPP | CPP_MISRA_C | R16_08_Non_Explicit_Return_Statement_In_Non_Void_Function | Information | 11052 |
| |
CPP | CPP_MISRA_C | R16_09_Using_Function_Identifier_Not_Call_Or_Pointer | Information | 11053 |
| |
CPP | CPP_MISRA_C | R18_04_Use_Of_Union | Information | 11054 |
| |
CPP | CPP_MISRA_C | R19_01_Non_Prepocessor_Command_Before_Include_In_File | Information | 11055 |
| |
CPP | CPP_MISRA_C | R19_02_Non_Standard_Chars_In_Header_File_Name | Information | 11056 |
| |
CPP | CPP_MISRA_C | R19_03_Include_Directive_In_Wrong_Format | Information | 11057 |
| |
CPP | CPP_MISRA_C | R19_05_Using_Define_Or_Undef_Directive_In_Block | Information | 11058 |
| |
CPP | CPP_MISRA_C | R19_06_Use_Of_Undef_Derective | Information | 11059 |
| |
CPP | CPP_MISRA_C | R19_12_Multiple_Pound_Or_Double_Pound_In_Same_Macro | Information | 11060 |
| |
CPP | CPP_MISRA_C | R19_13_Pound_Preprocessor_Operator_Is_Used | Information | 11061 |
| |
CPP | CPP_MISRA_C | R19_17_Preprocessor_If_And_Else_Operators_Reside_In_Different_Files | Information | 11062 |
| |
CPP | CPP_MISRA_C | R20_05_Using_Errno_Indicator_From_Errno_H | Information | 11063 |
| |
CPP | CPP_MISRA_C | R20_06_Using_Offsetof_Macro_From_Stddef_H | Information | 11064 |
| |
CPP | CPP_MISRA_C | R20_07_Using_Setjmp_Longjmp_Macros_From_Setjmp_H | Information | 11065 |
| |
CPP | CPP_MISRA_C | R20_08_Using_Signal_Handling_From_Signal_H | Information | 11066 |
| |
CPP | CPP_MISRA_C | R20_09_Using_Input_Output_From_Stdio_H | Information | 11067 |
| |
CPP | CPP_MISRA_C | R20_10_Using_Atof_Atoi_Atol_Functions_From_Stdlib_H | Information | 11068 |
| |
CPP | CPP_MISRA_C | R20_11_Using_Abort_Exit_Getenv_System_Functions_From_Stdlib_H | Information | 11069 |
| |
CPP | CPP_MISRA_C | R20_12_Using_Time_Handling_From_Time_H | Information | 11070 |
| |
CPP | CPP_MISRA_CPP | R00_01_03_Find_Unused_Variables | Information | 10775 |
| |
CPP | CPP_MISRA_CPP | R00_01_05_Find_Unused_Typedefs | Information | 10776 |
| |
CPP | CPP_MISRA_CPP | R00_01_10_Find_Unused_Defined_Functions | Information | 10777 |
| |
CPP | CPP_MISRA_CPP | R00_01_11_Find_Unused_Parameters | Information | 10778 |
| |
CPP | CPP_MISRA_CPP | R00_01_12_Find_Virtual_Unused_Parameters | Information | 10779 |
| |
CPP | CPP_MISRA_CPP | R02_03_01_Trigraphs | Information | 11109 |
| |
CPP | CPP_MISRA_CPP | R02_05_01_Digraphs | Information | 10750 |
| |
CPP | CPP_MISRA_CPP | R02_07_02_Code_Commented_Out | Information | 11110 |
| |
CPP | CPP_MISRA_CPP | R02_07_03_Code_CPP_Commented_Out | Information | 11111 |
| |
CPP | CPP_MISRA_CPP | R02_10_02_Identifiers_Hide_Outer_Scope_Identifiers | Information | 11104 |
| |
CPP | CPP_MISRA_CPP | R02_10_03_Typedef_Name_Reused | Information | 11105 |
| |
CPP | CPP_MISRA_CPP | R02_10_04_Class_Enum_Union_Names_Reused | Information | 11106 |
| |
CPP | CPP_MISRA_CPP | R02_10_05_Non_Member_Static_Name_Reuse | Information | 10751 |
| |
CPP | CPP_MISRA_CPP | R02_13_01_Non_ISO_Escapes | Information | 10813 |
| |
CPP | CPP_MISRA_CPP | R02_13_02_Non_Zero_Octal_Constant | Information | 11107 |
| |
CPP | CPP_MISRA_CPP | R02_13_03_U_Suffix_Not_Applied_To_Unsigned_Hex_Oct | Information | 11108 |
| |
CPP | CPP_MISRA_CPP | R02_13_04_Literal_Suffix_Uppercase | Information | 10780 |
| |
CPP | CPP_MISRA_CPP | R03_01_03_Find_Arrays_Without_Size | Information | 10781 |
| |
CPP | CPP_MISRA_CPP | R03_02_01_Identical_Function_and_Object_Decl_Def | Information | 10814 |
| |
CPP | CPP_MISRA_CPP | R03_04_01_Obj_Defined_Outside_Minimal_Scope | Information | 10815 |
| |
CPP | CPP_MISRA_CPP | R03_09_02_Non_Typedef_Basic_Types | Information | 11112 |
| |
CPP | CPP_MISRA_CPP | R04_10_01_NULL_As_An_Integer_Value | Information | 10800 |
| |
CPP | CPP_MISRA_CPP | R04_10_02_Literal_Zero_As_Null_Pointer_Constant | Information | 10801 |
| |
CPP | CPP_MISRA_CPP | R05_00_07_Improper_Explicit_Floating_Integral_Conversion_Of_Expression | Information | 11117 |
| |
CPP | CPP_MISRA_CPP | R05_00_10_Bitwise_Operator_On_Unsigned_Char_Short_Types | Information | 11113 |
| |
CPP | CPP_MISRA_CPP | R05_00_11_Plain_Char_Type_Usage | Information | 11114 |
| |
CPP | CPP_MISRA_CPP | R05_00_12_Not_Plain_Char_Type_Usage | Information | 11115 |
| |
CPP | CPP_MISRA_CPP | R05_00_21_Bitwise_Operator_On_Signed_Type | Information | 11116 |
| |
CPP | CPP_MISRA_CPP | R05_02_01_AND_OR_Operands_Not_As_Postfix_Expressions | Information | 11119 |
| |
CPP | CPP_MISRA_CPP | R05_02_10_Using_Of_Incremental_And_Decrimental_Operators | Information | 11120 |
| |
CPP | CPP_MISRA_CPP | R05_02_11_Find_Special_Operator_Overloads | Information | 10782 |
| |
CPP | CPP_MISRA_CPP | R05_03_02_Unary_Minus_Operator_On_Unsigned_Type | Information | 11121 |
| |
CPP | CPP_MISRA_CPP | R05_03_03_Overloading_Reference_Oper | Information | 10753 |
| |
CPP | CPP_MISRA_CPP | R05_18_01_Comma_Operator_Used | Information | 11118 |
| |
CPP | CPP_MISRA_CPP | R06_02_01_Assignment_in_Sub_Expr | Information | 10754 |
| |
CPP | CPP_MISRA_CPP | R06_02_02_FloatingPt_Equality_Inequality_Testing | Information | 10752 |
| |
CPP | CPP_MISRA_CPP | R06_03_01_Not_Compound_Switch_Or_Iteration_Statement | Information | 11122 |
| |
CPP | CPP_MISRA_CPP | R06_04_01_Not_Compound_If_Or_Else | Information | 11123 |
| |
CPP | CPP_MISRA_CPP | R06_04_02_If_Else_If_Not_Ending_With_Else | Information | 11124 |
| |
CPP | CPP_MISRA_CPP | R06_04_04_Case_Not_Enclosed_By_Compound_Switch | Information | 11125 |
| |
CPP | CPP_MISRA_CPP | R06_04_05_Non_Empty_Switch_Clause_Without_Break_or_Throw | Information | 10816 |
| |
CPP | CPP_MISRA_CPP | R06_04_06_Non_Default_Final_Clause_In_Switch_Statement | Information | 10817 |
| |
CPP | CPP_MISRA_CPP | R06_04_07_Find_Switch_Condition_Bool | Information | 10783 |
| |
CPP | CPP_MISRA_CPP | R06_05_01_Single_Non_Float_LC | Information | 10819 |
| |
CPP | CPP_MISRA_CPP | R06_05_02_Loop_Counter_Modify | Information | 10755 |
| |
CPP | CPP_MISRA_CPP | R06_05_03_Change_Lc_In_St_And_Cond | Information | 10756 |
| |
CPP | CPP_MISRA_CPP | R06_05_04_Incremental_Modified | Information | 10757 |
| |
CPP | CPP_MISRA_CPP | R06_05_05_Lcv_Change_In_For_Stmt | Information | 10758 |
| |
CPP | CPP_MISRA_CPP | R06_05_06_Bool_Lcv_Change | Information | 10759 |
| |
CPP | CPP_MISRA_CPP | R06_06_02_Backward_Use_Of_Goto | Information | 10818 |
| |
CPP | CPP_MISRA_CPP | R06_06_03_Continue_In_Legal_For | Information | 10760 |
| |
CPP | CPP_MISRA_CPP | R06_06_04_One_GoTo_Break_In_Iteration | Information | 10807 |
| |
CPP | CPP_MISRA_CPP | R06_06_05_Single_Point_Exit_At_Function_End | Information | 11126 |
| |
CPP | CPP_MISRA_CPP | R07_01_01_Declare_Const_if_not_Modified | Information | 10784 |
| |
CPP | CPP_MISRA_CPP | R07_01_02_Declare_Ref_Const_if_not_Modified | Information | 10785 |
| |
CPP | CPP_MISRA_CPP | R07_03_01_Definitions_in_Global_Namespace | Information | 10786 |
| |
CPP | CPP_MISRA_CPP | R07_03_02_Find_non_Global_Mains | Information | 10787 |
| |
CPP | CPP_MISRA_CPP | R07_03_03_Unnamed_NS_in_Headers | Information | 10788 |
| |
CPP | CPP_MISRA_CPP | R07_03_04_Find_Using_Directives | Information | 10789 |
| |
CPP | CPP_MISRA_CPP | R07_03_05_Multiple_Declarations_After_Using | Information | 10790 |
| |
CPP | CPP_MISRA_CPP | R07_03_06_Find_Using_in_Headers | Information | 10791 |
| |
CPP | CPP_MISRA_CPP | R07_05_02_Address_Assignment_out_of_Scope | Information | 10792 |
| |
CPP | CPP_MISRA_CPP | R07_05_03_Return_Parameter_Passed_by_Ref | Information | 10793 |
| |
CPP | CPP_MISRA_CPP | R07_05_04_Recursion_Exists | Information | 11127 |
| |
CPP | CPP_MISRA_CPP | R08_00_01_Find_Multiple_Declarators | Information | 10794 |
| |
CPP | CPP_MISRA_CPP | R08_04_01_Function_With_Variable_Number_Of_Arguments | Information | 11128 |
| |
CPP | CPP_MISRA_CPP | R08_04_03_Explicit_Return_Throw | Information | 10808 |
| |
CPP | CPP_MISRA_CPP | R08_05_01_Uninitialized_Variable_Use | Information | 10761 |
| |
CPP | CPP_MISRA_CPP | R09_05_01_Use_Of_Union | Information | 11129 |
| |
CPP | CPP_MISRA_CPP | R09_06_02_bool_Unsigned_Signed_Bit_Field | Information | 10809 |
| |
CPP | CPP_MISRA_CPP | R09_06_03_Enum_Bit_Fields | Information | 10810 |
| |
CPP | CPP_MISRA_CPP | R09_06_04_Bit_Fields_Length | Information | 11130 |
| |
CPP | CPP_MISRA_CPP | R10_01_01_Find_Virtual_Base_Classes | Information | 10795 |
| |
CPP | CPP_MISRA_CPP | R10_03_02_Find_Override_Without_Virtual | Information | 10796 |
| |
CPP | CPP_MISRA_CPP | R10_03_03_Redeclare_Function_as_Pure | Information | 10797 |
| |
CPP | CPP_MISRA_CPP | R12_01_03_Find_non_Explicit_Constructor | Information | 10798 |
| |
CPP | CPP_MISRA_CPP | R15_00_02_Throw_Pointers | Information | 10762 |
| |
CPP | CPP_MISRA_CPP | R15_00_03_Goto_Label_Inside_TryCatch | Information | 10763 |
| |
CPP | CPP_MISRA_CPP | R15_01_02_No_Explicit_Null_Throw | Information | 10764 |
| |
CPP | CPP_MISRA_CPP | R15_01_03_Empty_Throw_Outside_Catch | Information | 10765 |
| |
CPP | CPP_MISRA_CPP | R15_03_02_Catch_All_In_Main | Information | 10766 |
| |
CPP | CPP_MISRA_CPP | R15_03_03_Accessing_Non_Static_Mem_In_Ctr_Dtr | Information | 10767 |
| |
CPP | CPP_MISRA_CPP | R15_03_07_Catch_All_Final | Information | 10768 |
| |
CPP | CPP_MISRA_CPP | R15_05_01_Statements_Outside_TryCatch_Dtr | Information | 10769 |
| |
CPP | CPP_MISRA_CPP | R16_00_02_Define_Only_in_Global_Namespace | Information | 10770 |
| |
CPP | CPP_MISRA_CPP | R16_00_03_Use_Of_Undef_Directive | Information | 11100 |
| |
CPP | CPP_MISRA_CPP | R16_00_04_Function_Like_Macros_Shall_Not_Be_Defined | Information | 10771 |
| |
CPP | CPP_MISRA_CPP | R16_00_05_No_Tokens_In_Func_Like_Macro | Information | 10772 |
| |
CPP | CPP_MISRA_CPP | R16_00_07_Undefined_Macro_Identifiers | Information | 10799 |
| |
CPP | CPP_MISRA_CPP | R16_00_08_Sharp_Before_Preprocessing_Token | Information | 10773 |
| |
CPP | CPP_MISRA_CPP | R16_01_01_Defined_Standart_Forms | Information | 10774 |
| |
CPP | CPP_MISRA_CPP | R16_01_02_Preprocessor_If_And_Else_Operators_Reside_In_Different_Files | Information | 11101 |
| |
CPP | CPP_MISRA_CPP | R16_02_06_Include_Directive_In_Wrong_Format | Information | 11102 |
| |
CPP | CPP_MISRA_CPP | R16_03_02_Pound_Preprocessor_Operator_Is_Used | Information | 11103 |
| |
CPP | CPP_MISRA_CPP | R17_00_01_Standard_Library_Redefined_Or_Undefined | Information | 10802 |
| |
CPP | CPP_MISRA_CPP | R17_00_02_Standard_Library_Macros_Reuse | Information | 10803 |
| |
CPP | CPP_MISRA_CPP | R17_00_03_Standard_Library_Functions_Override | Information | 10804 |
| |
CPP | CPP_MISRA_CPP | R18_00_04_Ctime | Information | 10811 |
| |
CPP | CPP_MISRA_CPP | R18_00_05_Unbounded_Functions_Of_Library_CString | Information | 10805 |
| |
CPP | CPP_MISRA_CPP | R18_04_01_Dynamic_Heap_Memory_Allocation | Information | 10806 |
| |
CPP | CPP_MISRA_CPP | R18_07_01_Csignal | Information | 10812 |
| |
CPP | CPP_Stored_Vulnerabilities | Second_Order_SQL_Injection | Medium | 89 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_boundcpy | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_cpycat | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_fgets | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Buffer_Overflow_fscanf | Medium | 120 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Command_Injection | Medium | 77 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Connection_String_Injection | Medium | 99 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_DB_Parameter_Tampering | Low | 284 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_DoS_by_Sleep | Low | 730 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Environment_Injection | Low | 77 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Format_String_Attack | Medium | 134 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Log_Forging | Low | 117 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Parameter_Tampering | Low | 472 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Path_Traversal | Low | 36 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Process_Control | Medium | 114 |
| |
CPP | CPP_Stored_Vulnerabilities | Stored_Resource_Injection | Medium | 99 |
| |
CSharp | CSharp_Best_Coding_Practice | Aptca_Methods_Call_Non_Aptca_Methods | Information | 10022 |
| |
CSharp | CSharp_Best_Coding_Practice | Catch_NullPointerException | Information | 395 |
| |
CSharp | CSharp_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
CSharp | CSharp_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
CSharp | CSharp_Best_Coding_Practice | Direct_Use_of_Sockets | Information | 246 |
| |
CSharp | CSharp_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
CSharp | CSharp_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
CSharp | CSharp_Best_Coding_Practice | GetLastWin32Error_Is_Not_Called_After_Pinvoke | Information | 10018 |
| |
CSharp | CSharp_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
CSharp | CSharp_Best_Coding_Practice | Leftover_Debug_Code | Information | 489 |
| |
CSharp | CSharp_Best_Coding_Practice | Magic_Numbers | Information | 10017 |
| |
CSharp | CSharp_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
CSharp | CSharp_Best_Coding_Practice | Non_Private_Static_Constructors | Information | 10021 |
| |
CSharp | CSharp_Best_Coding_Practice | NULL_Argument_to_Equals | Information | 10019 |
| |
CSharp | CSharp_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 544 |
| |
CSharp | CSharp_Best_Coding_Practice | PersistSecurityInfo_is_True | Information | 10023 |
| |
CSharp | CSharp_Best_Coding_Practice | Threads_in_WebApp | Information | 383 |
| |
CSharp | CSharp_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
CSharp | CSharp_Best_Coding_Practice | Unchecked_Return_Value | Information | 252 |
| |
CSharp | CSharp_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
CSharp | CSharp_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
CSharp | CSharp_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 398 |
| |
CSharp | CSharp_Best_Coding_Practice | Use_Of_Uninitialized_Variables | Information | 457 |
| |
CSharp | CSharp_Best_Coding_Practice | Using_Of_Index_Instead_Of_Key | Information | 398 |
| |
CSharp | CSharp_Best_Coding_Practice | Visible_Pointers | Information | 10002 |
| |
CSharp | CSharp_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
CSharp | CSharp_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
CSharp | CSharp_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
CSharp | CSharp_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
CSharp | CSharp_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
CSharp | CSharp_Heuristic | Heuristic_XSRF | Low | 352 |
| |
CSharp | CSharp_High_Risk | Code_Injection | High | 94 |
| |
CSharp | CSharp_High_Risk | Command_Injection | High | 77 |
| |
CSharp | CSharp_High_Risk | Connection_String_Injection | High | 99 |
| |
CSharp | CSharp_High_Risk | LDAP_Injection | High | 90 |
| |
CSharp | CSharp_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
CSharp | CSharp_High_Risk | Resource_Injection | High | 99 |
| |
CSharp | CSharp_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
CSharp | CSharp_High_Risk | SQL_Injection | High | 89 |
| |
CSharp | CSharp_High_Risk | Stored_XSS | High | 79 |
| |
CSharp | CSharp_High_Risk | UTF7_XSS | High | 79 |
| |
CSharp | CSharp_High_Risk | XPath_Injection | High | 643 |
| |
CSharp | CSharp_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
CSharp | CSharp_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
CSharp | CSharp_Low_Visibility | Client_Side_Only_Validation | Low | 10005 |
| |
CSharp | CSharp_Low_Visibility | Dangerous_File_Upload | Low | 434 |
| |
CSharp | CSharp_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
CSharp | CSharp_Low_Visibility | Impersonation_Issue | Low | 10024 |
| |
CSharp | CSharp_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
CSharp | CSharp_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
CSharp | CSharp_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
CSharp | CSharp_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
CSharp | CSharp_Low_Visibility | Inappropriate_Encoding_for_Output_Context | Low | 838 |
| |
CSharp | CSharp_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
CSharp | CSharp_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
CSharp | CSharp_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
CSharp | CSharp_Low_Visibility | JavaScript_Hijacking | Low | 10598 |
| |
CSharp | CSharp_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
CSharp | CSharp_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
CSharp | CSharp_Low_Visibility | Log_Forging | Low | 117 |
| |
CSharp | CSharp_Low_Visibility | Off_By_One_Error | Low | 193 |
| |
CSharp | CSharp_Low_Visibility | Open_Redirect | Low | 601 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS_By_Injection | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS_In_Code | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Potential_ReDoS_In_Static_Field | Low | 730 |
| |
CSharp | CSharp_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
CSharp | CSharp_Low_Visibility | Session_Clearing_Problems | Low | 10027 |
| |
CSharp | CSharp_Low_Visibility | Session_Poisoning | Low | 10012 |
| |
CSharp | CSharp_Low_Visibility | Thread_Safety_Issue | Low | 567 |
| |
CSharp | CSharp_Low_Visibility | URL_Canonicalization_Issue | Low | 10030 |
| |
CSharp | CSharp_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
CSharp | CSharp_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
CSharp | CSharp_Low_Visibility | Use_of_RSA_Algorithm_without_OAEP | Low | 780 |
| |
CSharp | CSharp_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
CSharp | CSharp_Medium_Threat | Buffer_Overflow | Medium | 120 |
| |
CSharp | CSharp_Medium_Threat | CGI_XSS | Medium | 79 |
| |
CSharp | CSharp_Medium_Threat | Cookie_Injection | Medium | 20 |
| |
CSharp | CSharp_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
CSharp | CSharp_Medium_Threat | Data_Filter_Injection | Medium | 200 |
| |
CSharp | CSharp_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
CSharp | CSharp_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
CSharp | CSharp_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
CSharp | CSharp_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
CSharp | CSharp_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
CSharp | CSharp_Medium_Threat | Improper_Encoding_Of_Output | Medium | 116 |
| |
CSharp | CSharp_Medium_Threat | Improper_Locking | Medium | 667 |
| |
CSharp | CSharp_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
CSharp | CSharp_Medium_Threat | Insecure_Cookie | Medium | 614 |
| |
CSharp | CSharp_Medium_Threat | Integer_Overflow | Medium | 190 |
| |
CSharp | CSharp_Medium_Threat | MVC_View_Injection | Medium | 74 |
| |
CSharp | CSharp_Medium_Threat | No_Request_Validation | Medium | 20 |
| |
CSharp | CSharp_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
CSharp | CSharp_Medium_Threat | Path_Traversal | Medium | 36 |
| |
CSharp | CSharp_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
CSharp | CSharp_Medium_Threat | Race_Condition_within_a_Thread | Medium | 366 |
| |
CSharp | CSharp_Medium_Threat | ReDoS_By_Regex_Injection | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | ReDoS_In_Code | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | ReDoS_In_Validation | Medium | 730 |
| |
CSharp | CSharp_Medium_Threat | Reflected_XSS_Specific_Clients | Medium | 79 |
| |
CSharp | CSharp_Medium_Threat | Session_Fixation | Medium | 384 |
| |
CSharp | CSharp_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
CSharp | CSharp_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
CSharp | CSharp_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
CSharp | CSharp_Medium_Threat | Stored_XPath_Injection | Medium | 643 |
| |
CSharp | CSharp_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
CSharp | CSharp_Medium_Threat | Unclosed_Connection | Medium | 404 |
| |
CSharp | CSharp_Medium_Threat | Use_of_Cryptographically_Weak_PRNG | Medium | 338 |
| |
CSharp | CSharp_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
CSharp | CSharp_Medium_Threat | Value_Shadowing | Medium | 233 |
| |
CSharp | CSharp_Medium_Threat | XSRF | Medium | 352 |
| |
CSharp | CSharp_WebConfig | CookieLess_Authentication | Medium | 10704 |
| |
CSharp | CSharp_WebConfig | CookieLess_Session_State | Medium | 10705 |
| |
CSharp | CSharp_WebConfig | CustomError | Low | 12 |
| |
CSharp | CSharp_WebConfig | DebugEnabled | Low | 11 |
| |
CSharp | CSharp_WebConfig | Directory_Browse | Low | 548 |
| |
CSharp | CSharp_WebConfig | HardcodedCredentials | Medium | 489 |
| |
CSharp | CSharp_WebConfig | HttpOnlyCookies_In_Config | Medium | 10706 |
| |
CSharp | CSharp_WebConfig | Missing_X_Frame_Options | Low | 829 |
| |
CSharp | CSharp_WebConfig | NonUniqueFormName | Low | 10707 |
| |
CSharp | CSharp_WebConfig | Password_in_Configuration_File | Low | 260 |
| |
CSharp | CSharp_WebConfig | RequireSSL | Medium | 614 |
| |
CSharp | CSharp_WebConfig | SlidingExpiration | Low | 613 |
| |
CSharp | CSharp_WebConfig | TraceEnabled | Low | 10708 |
| |
CSharp | CSharp_Windows_Phone | Client_Side_Injection | High | 89 |
| |
CSharp | CSharp_Windows_Phone | Failure_to_Implement_Least_Privilege | Low | 807 |
| |
CSharp | CSharp_Windows_Phone | Hard_Coded_Cryptography_Key | Medium | 327 |
| |
CSharp | CSharp_Windows_Phone | Insecure_Data_Storage | High | 311 |
| |
CSharp | CSharp_Windows_Phone | Insufficient_Transport_Layer_Protect | High | 311 |
| |
CSharp | CSharp_Windows_Phone | Poor_Authorization_and_Authentication | Medium | 285 |
| |
CSharp | CSharp_Windows_Phone | Side_Channel_Data_Leakage | Low | 200 |
| |
Groovy | Groovy_Best_Coding_Practice | Assign_Collection | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Assigning_instead_of_Comparing | Information | 481 |
| |
Groovy | Groovy_Best_Coding_Practice | Comparing_instead_of_Assigning | Information | 482 |
| |
Groovy | Groovy_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
Groovy | Groovy_Best_Coding_Practice | Declaration_of_Throws_for_Generic_Exception | Information | 397 |
| |
Groovy | Groovy_Best_Coding_Practice | Deprecated_Groovy_Code | Information | 477 |
| |
Groovy | Groovy_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Groovy | Groovy_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Explicit_Calls_To_Methods | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Explicit_Instantiation | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
Groovy | Groovy_Best_Coding_Practice | Getter_Method_Could_Be_Property | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | GOTO_Statement | Information | 699 |
| |
Groovy | Groovy_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
Groovy | Groovy_Best_Coding_Practice | Incorrect_Block_Delimitation | Information | 483 |
| |
Groovy | Groovy_Best_Coding_Practice | Missing_Default_Case_In_Switch_Statement | Information | 478 |
| |
Groovy | Groovy_Best_Coding_Practice | Omitted_Break_Statement_In_Switch | Information | 484 |
| |
Groovy | Groovy_Best_Coding_Practice | Public_Static_Field_Not_Marked_Final | Information | 500 |
| |
Groovy | Groovy_Best_Coding_Practice | Return_Inside_Finally_Block | Information | 584 |
| |
Groovy | Groovy_Best_Coding_Practice | Use_Collect_Many | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Use_Collect_Nested | Information | 398 |
| |
Groovy | Groovy_Best_Coding_Practice | Use_of_Wrong_Operator_in_String_Comparison | Information | 597 |
| |
Groovy | Groovy_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
Groovy | Groovy_Heuristic | Heuristic_CGI_Stored_XSS | Low | 79 |
| |
Groovy | Groovy_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
Groovy | Groovy_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
Groovy | Groovy_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
Groovy | Groovy_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
Groovy | Groovy_Heuristic | Heuristic_XSRF | Low | 352 |
| |
Groovy | Groovy_High_Risk | Code_Injection | High | 94 |
| |
Groovy | Groovy_High_Risk | Command_Injection | High | 77 |
| |
Groovy | Groovy_High_Risk | Connection_String_Injection | High | 99 |
| |
Groovy | Groovy_High_Risk | LDAP_Injection | High | 90 |
| |
Groovy | Groovy_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Groovy | Groovy_High_Risk | Resource_Injection | High | 99 |
| |
Groovy | Groovy_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Groovy | Groovy_High_Risk | SQL_Injection | High | 89 |
| |
Groovy | Groovy_High_Risk | Stored_XSS | High | 79 |
| |
Groovy | Groovy_High_Risk | UTF7_XSS | High | 79 |
| |
Groovy | Groovy_High_Risk | XPath_Injection | High | 643 |
| |
Groovy | Groovy_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | 566 |
| |
Groovy | Groovy_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
Groovy | Groovy_Low_Visibility | Channel_Accessible_by_NonEndpoint | Low | 300 |
| |
Groovy | Groovy_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
Groovy | Groovy_Low_Visibility | Collapse_of_Data_into_Unsafe_Value | Low | 182 |
| |
Groovy | Groovy_Low_Visibility | Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions | Low | 379 |
| |
Groovy | Groovy_Low_Visibility | Creation_of_Temp_File_With_Insecure_Permissions | Low | 378 |
| |
Groovy | Groovy_Low_Visibility | Data_Leak_Between_Sessions | Low | 488 |
| |
Groovy | Groovy_Low_Visibility | DB_Control_of_System_or_Config_Setting | Low | 15 |
| |
Groovy | Groovy_Low_Visibility | Divide_By_Zero | Low | 369 |
| |
Groovy | Groovy_Low_Visibility | Empty_Password_In_Connection_String | Low | 259 |
| |
Groovy | Groovy_Low_Visibility | ESAPI_Same_Password_Repeats_Twice | Low | 521 |
| |
Groovy | Groovy_Low_Visibility | Escape_False | Low | 116 |
| |
Groovy | Groovy_Low_Visibility | Exposure_of_System_Data | Low | 497 |
| |
Groovy | Groovy_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Groovy | Groovy_Low_Visibility | Improper_Build_Of_Sql_Mapping | Low | 89 |
| |
Groovy | Groovy_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
Groovy | Groovy_Low_Visibility | Improper_Resource_Locking | Low | 413 |
| |
Groovy | Groovy_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Groovy | Groovy_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
Groovy | Groovy_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
Groovy | Groovy_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Groovy | Groovy_Low_Visibility | Information_Exposure_Through_Debug_Log | Low | 534 |
| |
Groovy | Groovy_Low_Visibility | Information_Exposure_Through_Server_Log | Low | 533 |
| |
Groovy | Groovy_Low_Visibility | Information_Leak_Through_Comments | Low | 615 |
| |
Groovy | Groovy_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
Groovy | Groovy_Low_Visibility | Information_Leak_Through_Shell_Error_Message | Low | 535 |
| |
Groovy | Groovy_Low_Visibility | Insufficient_Session_Expiration | Low | 613 |
| |
Groovy | Groovy_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
Groovy | Groovy_Low_Visibility | Integer_Overflow | Low | 190 |
| |
Groovy | Groovy_Low_Visibility | Integer_Underflow | Low | 191 |
| |
Groovy | Groovy_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
Groovy | Groovy_Low_Visibility | Leaving_Temporary_File | Low | 376 |
| |
Groovy | Groovy_Low_Visibility | Log_Forging | Low | 117 |
| |
Groovy | Groovy_Low_Visibility | Logic_Time_Bomb | Low | 511 |
| |
Groovy | Groovy_Low_Visibility | Missing_Password_Field_Masking | Low | 549 |
| |
Groovy | Groovy_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | 329 |
| |
Groovy | Groovy_Low_Visibility | Object_Hijack | Low | 491 |
| |
Groovy | Groovy_Low_Visibility | Off_by_One_Error | Low | 193 |
| |
Groovy | Groovy_Low_Visibility | Open_Redirect | Low | 601 |
| |
Groovy | Groovy_Low_Visibility | Parse_Double_DoS | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Plaintext_Storage_in_a_Cookie | Low | 315 |
| |
Groovy | Groovy_Low_Visibility | Potenial_UTF7_XSS | Low | 79 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_By_Injection | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_In_Match | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_In_Replace | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Potential_ReDoS_In_Static_Field | Low | 730 |
| |
Groovy | Groovy_Low_Visibility | Public_Static_Final_References_Mutable_Object | Low | 607 |
| |
Groovy | Groovy_Low_Visibility | Race_Condition | Low | 362 |
| |
Groovy | Groovy_Low_Visibility | Race_Condition_Format_Flaw | Low | 362 |
| |
Groovy | Groovy_Low_Visibility | Relative_Path_Traversal | Low | 23 |
| |
Groovy | Groovy_Low_Visibility | Reliance_on_Cookies_in_a_Decision | Low | 784 |
| |
Groovy | Groovy_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
Groovy | Groovy_Low_Visibility | Reversible_One_Way_Hash | Low | 328 |
| |
Groovy | Groovy_Low_Visibility | Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute | Low | 614 |
| |
Groovy | Groovy_Low_Visibility | Serializable_Class_Containing_Sensitive_Data | Low | 499 |
| |
Groovy | Groovy_Low_Visibility | Spring_defaultHtmlEscape_Not_True | Low | 10711 |
| |
Groovy | Groovy_Low_Visibility | Stored_Absolute_Path_Traversal | Low | 36 |
| |
Groovy | Groovy_Low_Visibility | Stored_Command_Injection | Low | 77 |
| |
Groovy | Groovy_Low_Visibility | Stored_Relative_Path_Traversal | Low | 23 |
| |
Groovy | Groovy_Low_Visibility | Storing_Passwords_in_a_Recoverable_Format | Low | 257 |
| |
Groovy | Groovy_Low_Visibility | TOCTOU | Low | 367 |
| |
Groovy | Groovy_Low_Visibility | Uncaught_Exception | Low | 248 |
| |
Groovy | Groovy_Low_Visibility | Unchecked_Return_Value_to_NULL_Pointer_Dereference | Low | 690 |
| |
Groovy | Groovy_Low_Visibility | Uncontrolled_Memory_Allocation | Low | 789 |
| |
Groovy | Groovy_Low_Visibility | Unsynchronized_Access_To_Shared_Data | Low | 567 |
| |
Groovy | Groovy_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Groovy | Groovy_Low_Visibility | Use_of_Client_Side_Authentication | Low | 603 |
| |
Groovy | Groovy_Low_Visibility | Use_Of_getenv | Low | 589 |
| |
Groovy | Groovy_Low_Visibility | Use_of_Hard_coded_Security_Constants | Low | 547 |
| |
Groovy | Groovy_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Groovy | Groovy_Low_Visibility | Use_of_RSA_Algorithm_without_OAEP | Low | 780 |
| |
Groovy | Groovy_Low_Visibility | Using_Referer_Field_for_Authentication | Low | 293 |
| |
Groovy | Groovy_Medium_Threat | Absolute_Path_Traversal | Medium | 36 |
| |
Groovy | Groovy_Medium_Threat | CGI_Reflected_XSS_All_Clients | Medium | 79 |
| |
Groovy | Groovy_Medium_Threat | CGI_Stored_XSS | Medium | 79 |
| |
Groovy | Groovy_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | 319 |
| |
Groovy | Groovy_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Groovy | Groovy_Medium_Threat | Dangerous_File_Inclusion | Medium | 98 |
| |
Groovy | Groovy_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Groovy | Groovy_Medium_Threat | Direct_Use_of_Unsafe_JNI | Medium | 111 |
| |
Groovy | Groovy_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | External_Control_of_Critical_State_Data | Medium | 642 |
| |
Groovy | Groovy_Medium_Threat | External_Control_of_System_or_Config_Setting | Medium | 15 |
| |
Groovy | Groovy_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
Groovy | Groovy_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
Groovy | Groovy_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
Groovy | Groovy_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
Groovy | Groovy_Medium_Threat | HttpOnlyCookies_In_Config | Medium | 10706 |
| |
Groovy | Groovy_Medium_Threat | Improper_Locking | Medium | 667 |
| |
Groovy | Groovy_Medium_Threat | Multiple_Binds_to_the_Same_Port | Medium | 605 |
| |
Groovy | Groovy_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Groovy | Groovy_Medium_Threat | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
Groovy | Groovy_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Groovy | Groovy_Medium_Threat | Process_Control | Medium | 114 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_From_Regex_Injection | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_In_Match | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_In_Pattern | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | ReDoS_In_Replace | Medium | 730 |
| |
Groovy | Groovy_Medium_Threat | Reliance_on_Cookies_without_Validation | Medium | 565 |
| |
Groovy | Groovy_Medium_Threat | Same_Seed_in_PRNG | Medium | 336 |
| |
Groovy | Groovy_Medium_Threat | Session_Fixation | Medium | 384 |
| |
Groovy | Groovy_Medium_Threat | Spring_ModelView_Injection | Medium | 74 |
| |
Groovy | Groovy_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
Groovy | Groovy_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Groovy | Groovy_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Groovy | Groovy_Medium_Threat | Unchecked_Input_for_Loop_Condition | Medium | 606 |
| |
Groovy | Groovy_Medium_Threat | Uncontrolled_Format_String | Medium | 134 |
| |
Groovy | Groovy_Medium_Threat | Unnormalize_Input_String | Medium | 20 |
| |
Groovy | Groovy_Medium_Threat | Unvalidated_Forwards | Medium | 819 |
| |
Groovy | Groovy_Medium_Threat | Use_of_a_One_Way_Hash_with_a_Predictable_Salt | Medium | 760 |
| |
Groovy | Groovy_Medium_Threat | Use_of_a_One_Way_Hash_without_a_Salt | Medium | 759 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Cryptographically_Weak_PRNG | Medium | 338 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
Groovy | Groovy_Medium_Threat | Use_of_Native_Language | Medium | 111 |
| |
Groovy | Groovy_Medium_Threat | Use_of_System_exit | Medium | 382 |
| |
Groovy | Groovy_Medium_Threat | XSRF | Medium | 352 |
| |
Groovy | Groovy_Stored | Stored_Boundary_Violation | Low | 646 |
| |
Groovy | Groovy_Stored | Stored_Code_Injection | Low | 94 |
| |
Groovy | Groovy_Stored | Stored_HTTP_Response_Splitting | Low | 113 |
| |
Groovy | Groovy_Stored | Stored_Open_Redirect | Low | 601 |
| |
Groovy | Groovy_Stored | Stored_XPath_Injection | Low | 643 |
| |
Java | Java_Android | Accessible_Content_Provider | Low | 668 |
| |
Java | Java_Android | Android_Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Java | Java_Android | Client_Side_Injection | High | 89 |
| |
Java | Java_Android | Client_Side_ReDoS | Low | 10035 |
| |
Java | Java_Android | Debuggable_App | Low | 668 |
| |
Java | Java_Android | Exported_Service_Without_Permissions | Medium | 668 |
| |
Java | Java_Android | Exposure_Of_Resource_To_Other_Applications | Information | 668 |
| |
Java | Java_Android | Failure_To_Implement_Least_Privilege | Medium | 265 |
| |
Java | Java_Android | General_Android_Find_Request_Permissions | Information |
| ||
Java | Java_Android | Implicit_Intent_With_Read_Write_Permissions | Low | 668 |
| |
Java | Java_Android | Improper_Verification_Of_Intent_By_Broadcast_Receiver | Medium | 925 |
| |
Java | Java_Android | Insecure_Data_Storage | Low | 285 |
| |
Java | Java_Android | Insecure_WebView_Usage | High | 829 |
| |
Java | Java_Android | Insufficient_Sensitive_Transport_Layer | High | 359 |
| |
Java | Java_Android | Insufficient_Transport_Layer_Protect | Low | 359 |
| |
Java | Java_Android | Malicious_Program | High | 265 |
| |
Java | Java_Android | Non_Encrypted_Data_Storage | Low | 311 |
| |
Java | Java_Android | Passing_Non_Encrypted_Data_Between_Activities | Low | 311 |
| |
Java | Java_Android | Poor_Authorization_and_Authentication | Medium | 259 |
| |
Java | Java_Android | Side_Channel_Data_Leakage | High | 359 |
| |
Java | Java_Android | Use_Of_Implicit_Intent_For_Sensitive_Communication | Medium | 927 |
| |
Java | Java_Android | Use_of_Native_Language | Low | 111 |
| |
Java | Java_Android | Use_of_WebView_AddJavascriptInterface | High | |||
Java | Java_Android | Weak_Encryption | Medium | 326 |
| |
Java | Java_Best_Coding_Practice | Access_Specifier_Manipulation | Information | 749 |
| |
Java | Java_Best_Coding_Practice | Array_Declared_Public_Final_and_Static | Information | 582 |
| |
Java | Java_Best_Coding_Practice | Assigning_instead_of_Comparing | Information | 481 |
| |
Java | Java_Best_Coding_Practice | Call_to_Thread_run | Information | 572 |
| |
Java | Java_Best_Coding_Practice | Catch_NullPointerException | Information | 395 |
| |
Java | Java_Best_Coding_Practice | clone_Method_Without_super_clone | Information | 580 |
| |
Java | Java_Best_Coding_Practice | Comparing_instead_of_Assigning | Information | 482 |
| |
Java | Java_Best_Coding_Practice | Comparison_of_Classes_By_Name | Information | 486 |
| |
Java | Java_Best_Coding_Practice | Confusing_Naming | Information | 710 |
| |
Java | Java_Best_Coding_Practice | Critical_Public_Variable_Without_Final_Modifier | Information | 493 |
| |
Java | Java_Best_Coding_Practice | Dead_Code | Information | 561 |
| |
Java | Java_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
Java | Java_Best_Coding_Practice | Declaration_of_Throws_for_Generic_Exception | Information | 397 |
| |
Java | Java_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
Java | Java_Best_Coding_Practice | Direct_Use_of_Sockets | Information | 246 |
| |
Java | Java_Best_Coding_Practice | Direct_Use_of_Threads | Information | 383 |
| |
Java | Java_Best_Coding_Practice | Dynamic_File_Inclusion | Information | 98 |
| |
Java | Java_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Java | Java_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Java | Java_Best_Coding_Practice | Empty_Synchronized_Block | Information | 585 |
| |
Java | Java_Best_Coding_Practice | ESAPI_Banned_API | Information | 676 |
| |
Java | Java_Best_Coding_Practice | Explicit_Call_to_Finalize | Information | 586 |
| |
Java | Java_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
Java | Java_Best_Coding_Practice | Expression_is_Always_False | Information | 570 |
| |
Java | Java_Best_Coding_Practice | Expression_is_Always_True | Information | 571 |
| |
Java | Java_Best_Coding_Practice | Failure_to_Catch_All_Exceptions_in_Servlet | Information | 600 |
| |
Java | Java_Best_Coding_Practice | finalize_Method_Declared_Public | Information | 583 |
| |
Java | Java_Best_Coding_Practice | finalize_Method_Without_super_finalize | Information | 568 |
| |
Java | Java_Best_Coding_Practice | GOTO_Statement | Information | 699 |
| |
Java | Java_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
Java | Java_Best_Coding_Practice | Improper_Initialization | Information | 665 |
| |
Java | Java_Best_Coding_Practice | Incorrect_Block_Delimitation | Information | 483 |
| |
Java | Java_Best_Coding_Practice | Incorrect_Conversion_between_Numeric_Types | Information | 681 |
| |
Java | Java_Best_Coding_Practice | Input_Not_Normalized | Information | 180 |
| |
Java | Java_Best_Coding_Practice | Leftover_Debug_Code | Information | 489 |
| |
Java | Java_Best_Coding_Practice | Missing_Default_Case_In_Switch_Statement | Information | 478 |
| |
Java | Java_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
Java | Java_Best_Coding_Practice | Non_serializable_Object_Stored_in_Session | Information | 579 |
| |
Java | Java_Best_Coding_Practice | Not_Static_Final_Logger | Information | 398 |
| |
Java | Java_Best_Coding_Practice | Null_Pointer_Dereference | Information | 476 |
| |
Java | Java_Best_Coding_Practice | Omitted_Break_Statement_In_Switch | Information | 484 |
| |
Java | Java_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 544 |
| |
Java | Java_Best_Coding_Practice | Potentially_Serializable_Class_With_Sensitive_Data | Information | 499 |
| |
Java | Java_Best_Coding_Practice | Public_Static_Field_Not_Marked_Final | Information | 500 |
| |
Java | Java_Best_Coding_Practice | Reachable_Assertion | Information | 617 |
| |
Java | Java_Best_Coding_Practice | Redirect_Without_Exit | Information | 698 |
| |
Java | Java_Best_Coding_Practice | Reliance_On_Untrusted_Inputs_In_Security_Decision | Information | 807 |
| |
Java | Java_Best_Coding_Practice | Return_Inside_Finally_Block | Information | 584 |
| |
Java | Java_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
Java | Java_Best_Coding_Practice | Unchecked_Return_Value | Information | 252 |
| |
Java | Java_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
Java | Java_Best_Coding_Practice | Uncontrolled_Recursion | Information | 674 |
| |
Java | Java_Best_Coding_Practice | Unused_Variable | Information | 563 |
| |
Java | Java_Best_Coding_Practice | Use_of_Inner_Class_Containing_Sensitive_Data | Information | 492 |
| |
Java | Java_Best_Coding_Practice | Use_of_Obsolete_Functions | Information | 477 |
| |
Java | Java_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 398 |
| |
Java | Java_Best_Coding_Practice | Use_Of_Uninitialized_Variables | Information | 457 |
| |
Java | Java_Best_Coding_Practice | Use_of_Wrong_Operator_in_String_Comparison | Information | 597 |
| |
Java | Java_GWT | GWT_DOM_XSS | Medium | 79 |
| |
Java | Java_GWT | GWT_Reflected_XSS | High | 79 |
| |
Java | Java_GWT | JSON_Hijacking | Low | 10598 |
| |
Java | Java_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
Java | Java_Heuristic | Heuristic_CGI_Stored_XSS | Low | 79 |
| |
Java | Java_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
Java | Java_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
Java | Java_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
Java | Java_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
Java | Java_Heuristic | Heuristic_XSRF | Low | 352 |
| |
Java | Java_High_Risk | Code_Injection | High | 94 |
| |
Java | Java_High_Risk | Command_Injection | High | 77 |
| |
Java | Java_High_Risk | Connection_String_Injection | High | 99 |
| |
Java | Java_High_Risk | LDAP_Injection | High | 90 |
| |
Java | Java_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Java | Java_High_Risk | Resource_Injection | High | 99 |
| |
Java | Java_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Java | Java_High_Risk | SQL_Injection | High | 89 |
| |
Java | Java_High_Risk | Stored_XSS | High | 79 |
| |
Java | Java_High_Risk | XPath_Injection | High | 643 |
| |
Java | Java_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | 566 |
| |
Java | Java_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
Java | Java_Low_Visibility | Channel_Accessible_by_NonEndpoint | Low | 300 |
| |
Java | Java_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
Java | Java_Low_Visibility | Collapse_of_Data_into_Unsafe_Value | Low | 182 |
| |
Java | Java_Low_Visibility | Cookie_Overly_Broad_Path | Low | 539 |
| |
Java | Java_Low_Visibility | Creation_of_Temp_File_in_Dir_with_Incorrect_Permissions | Low | 379 |
| |
Java | Java_Low_Visibility | Creation_of_Temp_File_With_Insecure_Permissions | Low | 378 |
| |
Java | Java_Low_Visibility | Data_Leak_Between_Sessions | Low | 488 |
| |
Java | Java_Low_Visibility | DB_Control_of_System_or_Config_Setting | Low | 15 |
| |
Java | Java_Low_Visibility | Divide_By_Zero | Low | 369 |
| |
Java | Java_Low_Visibility | Empty_Password_In_Connection_String | Low | 259 |
| |
Java | Java_Low_Visibility | ESAPI_Same_Password_Repeats_Twice | Low | 521 |
| |
Java | Java_Low_Visibility | Escape_False | Low | 116 |
| |
Java | Java_Low_Visibility | Exposure_of_System_Data | Low | 497 |
| |
Java | Java_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Java | Java_Low_Visibility | Improper_Build_Of_Sql_Mapping | Low | 89 |
| |
Java | Java_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
Java | Java_Low_Visibility | Improper_Resource_Access_Authorization | Low | 285 |
| |
Java | Java_Low_Visibility | Improper_Resource_Locking | Low | 413 |
| |
Java | Java_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Java | Java_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
Java | Java_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
Java | Java_Low_Visibility | Incorrect_Permission_Assignment_For_Critical_Resources | Low | 732 |
| |
Java | Java_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Java | Java_Low_Visibility | Information_Exposure_Through_Debug_Log | Low | 534 |
| |
Java | Java_Low_Visibility | Information_Exposure_Through_Server_Log | Low | 533 |
| |
Java | Java_Low_Visibility | Information_Leak_Through_Comments | Low | 615 |
| |
Java | Java_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
Java | Java_Low_Visibility | Information_Leak_Through_Shell_Error_Message | Low | 535 |
| |
Java | Java_Low_Visibility | Insufficient_Session_Expiration | Low | 613 |
| |
Java | Java_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
Java | Java_Low_Visibility | Integer_Overflow | Low | 190 |
| |
Java | Java_Low_Visibility | Integer_Underflow | Low | 191 |
| |
Java | Java_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
Java | Java_Low_Visibility | Leaving_Temporary_File | Low | 376 |
| |
Java | Java_Low_Visibility | Log_Forging | Low | 117 |
| |
Java | Java_Low_Visibility | Logic_Time_Bomb | Low | 511 |
| |
Java | Java_Low_Visibility | Missing_Password_Field_Masking | Low | 549 |
| |
Java | Java_Low_Visibility | Missing_X_Frame_Options | Low | 829 |
| |
Java | Java_Low_Visibility | Not_Using_a_Random_IV_with_CBC_Mode | Low | 329 |
| |
Java | Java_Low_Visibility | Object_Hijack | Low | 491 |
| |
Java | Java_Low_Visibility | Off_by_One_Error | Low | 193 |
| |
Java | Java_Low_Visibility | Open_Redirect | Low | 601 |
| |
Java | Java_Low_Visibility | Parse_Double_DoS | Low | 730 |
| |
Java | Java_Low_Visibility | Plaintext_Storage_in_a_Cookie | Low | 315 |
| |
Java | Java_Low_Visibility | Portability_Flaw_In_File_Separator | Low | 474 |
| |
Java | Java_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_By_Injection | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_In_Match | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_In_Replace | Low | 730 |
| |
Java | Java_Low_Visibility | Potential_ReDoS_In_Static_Field | Low | 730 |
| |
Java | Java_Low_Visibility | Private_Array_Returned_From_A_Public_Method | Low | 495 |
| |
Java | Java_Low_Visibility | Public_Data_Assigned_to_Private_Array | Low | 496 |
| |
Java | Java_Low_Visibility | Public_Static_Final_References_Mutable_Object | Low | 607 |
| |
Java | Java_Low_Visibility | Race_Condition | Low | 362 |
| |
Java | Java_Low_Visibility | Race_Condition_Format_Flaw | Low | 362 |
| |
Java | Java_Low_Visibility | Relative_Path_Traversal | Low | 23 |
| |
Java | Java_Low_Visibility | Reliance_on_Cookies_in_a_Decision | Low | 784 |
| |
Java | Java_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
Java | Java_Low_Visibility | Reversible_One_Way_Hash | Low | 328 |
| |
Java | Java_Low_Visibility | Sensitive_Cookie_in_HTTPS_Session_Without_Secure_Attribute | Low | 614 |
| |
Java | Java_Low_Visibility | Serializable_Class_Containing_Sensitive_Data | Low | 499 |
| |
Java | Java_Low_Visibility | Spring_defaultHtmlEscape_Not_True | Low | 10711 |
| |
Java | Java_Low_Visibility | Stored_Absolute_Path_Traversal | Low | 36 |
| |
Java | Java_Low_Visibility | Stored_Command_Injection | Low | 77 |
| |
Java | Java_Low_Visibility | Stored_Relative_Path_Traversal | Low | 23 |
| |
Java | Java_Low_Visibility | Storing_Passwords_in_a_Recoverable_Format | Low | 257 |
| |
Java | Java_Low_Visibility | Suspected_XSS | Low | 79 |
| |
Java | Java_Low_Visibility | TOCTOU | Low | 367 |
| |
Java | Java_Low_Visibility | Uncaught_Exception | Low | 248 |
| |
Java | Java_Low_Visibility | Unchecked_Return_Value_to_NULL_Pointer_Dereference | Low | 690 |
| |
Java | Java_Low_Visibility | Uncontrolled_Memory_Allocation | Low | 789 |
| |
Java | Java_Low_Visibility | Unrestricted_File_Upload | Low | 434 |
| |
Java | Java_Low_Visibility | Unsynchronized_Access_To_Shared_Data | Low | 567 |
| |
Java | Java_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Java | Java_Low_Visibility | Use_of_Client_Side_Authentication | Low | 603 |
| |
Java | Java_Low_Visibility | Use_Of_getenv | Low | 589 |
| |
Java | Java_Low_Visibility | Use_of_Hard_coded_Security_Constants | Low | 547 |
| |
Java | Java_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Java | Java_Low_Visibility | Use_of_RSA_Algorithm_without_OAEP | Low | 780 |
| |
Java | Java_Low_Visibility | Using_Referer_Field_for_Authentication | Low | 293 |
| |
Java | Java_Low_Visibility | UTF7_XSS | Low | 79 |
| |
Java | Java_Medium_Threat | Absolute_Path_Traversal | Medium | 36 |
| |
Java | Java_Medium_Threat | CGI_Reflected_XSS_All_Clients | Medium | 79 |
| |
Java | Java_Medium_Threat | CGI_Stored_XSS | Medium | 79 |
| |
Java | Java_Medium_Threat | Cleartext_Submission_of_Sensitive_Information | Medium | 319 |
| |
Java | Java_Medium_Threat | Client_State_Saving_Method_JSF | Medium | 254 |
| |
Java | Java_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Java | Java_Medium_Threat | Dangerous_File_Inclusion | Medium | 98 |
| |
Java | Java_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Java | Java_Medium_Threat | Direct_Use_of_Unsafe_JNI | Medium | 111 |
| |
Java | Java_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Java | Java_Medium_Threat | Download_of_Code_Without_Integrity_Check | Medium | 494 |
| |
Java | Java_Medium_Threat | External_Control_of_Critical_State_Data | Medium | 642 |
| |
Java | Java_Medium_Threat | External_Control_of_System_or_Config_Setting | Medium | 15 |
| |
Java | Java_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
Java | Java_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
Java | Java_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
Java | Java_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
Java | Java_Medium_Threat | HttpOnlyCookies_In_Config | Medium | 10706 |
| |
Java | Java_Medium_Threat | Improper_Locking | Medium | 667 |
| |
Java | Java_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
Java | Java_Medium_Threat | Inadequate_Encryption_Strength | Medium | 326 |
| |
Java | Java_Medium_Threat | Input_Path_Not_Canonicalized | Medium | 73 |
| |
Java | Java_Medium_Threat | Multiple_Binds_to_the_Same_Port | Medium | 605 |
| |
Java | Java_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Java | Java_Medium_Threat | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
Java | Java_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Java | Java_Medium_Threat | Process_Control | Medium | 114 |
| |
Java | Java_Medium_Threat | ReDoS_From_Regex_Injection | Medium | 730 |
| |
Java | Java_Medium_Threat | ReDoS_In_Match | Medium | 730 |
| |
Java | Java_Medium_Threat | ReDoS_In_Pattern | Medium | 730 |
| |
Java | Java_Medium_Threat | ReDoS_In_Replace | Medium | 730 |
| |
Java | Java_Medium_Threat | Reliance_on_Cookies_without_Validation | Medium | 565 |
| |
Java | Java_Medium_Threat | Same_Seed_in_PRNG | Medium | 336 |
| |
Java | Java_Medium_Threat | Session_Fixation | Medium | 384 |
| |
Java | Java_Medium_Threat | Spring_ModelView_Injection | Medium | 74 |
| |
Java | Java_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
Java | Java_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Java | Java_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Java | Java_Medium_Threat | Unchecked_Input_for_Loop_Condition | Medium | 606 |
| |
Java | Java_Medium_Threat | Uncontrolled_Format_String | Medium | 134 |
| |
Java | Java_Medium_Threat | Unnormalize_Input_String | Medium | 20 |
| |
Java | Java_Medium_Threat | Unvalidated_Forwards | Medium | 819 |
| |
Java | Java_Medium_Threat | Use_of_a_One_Way_Hash_with_a_Predictable_Salt | Medium | 760 |
| |
Java | Java_Medium_Threat | Use_of_a_One_Way_Hash_without_a_Salt | Medium | 759 |
| |
Java | Java_Medium_Threat | Use_of_Cryptographically_Weak_PRNG | Medium | 338 |
| |
Java | Java_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
Java | Java_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
Java | Java_Medium_Threat | Use_of_Native_Language | Medium | 111 |
| |
Java | Java_Medium_Threat | Use_of_System_exit | Medium | 382 |
| |
Java | Java_Medium_Threat | XQuery_Injection | Medium | 652 |
| |
Java | Java_Medium_Threat | XSRF | Medium | 352 |
| |
Java | Java_Potential | Potential_Code_Injection | Low | 94 |
| |
Java | Java_Potential | Potential_Command_Injection | Low | 77 |
| |
Java | Java_Potential | Potential_Connection_String_Injection | Low | 99 |
| |
Java | Java_Potential | Potential_GWT_Reflected_XSS | Low | 79 |
| |
Java | Java_Potential | Potential_I_Reflected_XSS_All_Clients | Low | 79 |
| |
Java | Java_Potential | Potential_IO_Reflected_XSS_All_Clients | Low | 79 |
| |
Java | Java_Potential | Potential_LDAP_Injection | Low | 90 |
| |
Java | Java_Potential | Potential_O_Reflected_XSS_All_Clients | Low | 79 |
| |
Java | Java_Potential | Potential_Parameter_Tampering | Low | 472 |
| |
Java | Java_Potential | Potential_Resource_Injection | Low | 99 |
| |
Java | Java_Potential | Potential_SQL_Injection | Low | 89 |
| |
Java | Java_Potential | Potential_Stored_XSS | Low | 79 |
| |
Java | Java_Potential | Potential_UTF7_XSS | Low | 79 |
| |
Java | Java_Potential | Potential_XPath_Injection | Low | 643 |
| |
Java | Java_Potential | Potential_XXE_Injection | Low | 776 |
| |
Java | Java_Stored | Stored_Boundary_Violation | Low | 646 |
| |
Java | Java_Stored | Stored_Code_Injection | Low | 94 |
| |
Java | Java_Stored | Stored_HTTP_Response_Splitting | Low | 113 |
| |
Java | Java_Stored | Stored_Open_Redirect | Low | 601 |
| |
Java | Java_Stored | Stored_XPath_Injection | Low | 643 |
| |
Java | Java_Struts | Struts_Duplicate_Config_Files | Low | 694 |
| |
Java | Java_Struts | Struts_Duplicate_Form_Bean | Low | 694 |
| |
Java | Java_Struts | Struts_Duplicate_Validation_Files | Low | 694 |
| |
Java | Java_Struts | Struts_Duplicate_Validation_Forms | Low | 102 |
| |
Java | Java_Struts | Struts_Form_Does_Not_Extend_Validation_Class | Medium | 104 |
| |
Java | Java_Struts | Struts_Form_Field_Without_Validator | Low | 105 |
| |
Java | Java_Struts | Struts_Incomplete_Validate_Method_Definition | Medium | 103 |
| |
Java | Java_Struts | Struts_Mapping_to_Missing_Form_Bean | Low | 457 |
| |
Java | Java_Struts | Struts_Missing_Form_Bean_Name | Information | 563 |
| |
Java | Java_Struts | Struts_Missing_Form_Bean_Type | Information | 563 |
| |
Java | Java_Struts | Struts_Missing_Forward_Name | Information | 489 |
| |
Java | Java_Struts | Struts_Non_Private_Field_In_ActionForm_Class | Low | 608 |
| |
Java | Java_Struts | Struts_Thread_Safety_Violation_In_Action_Class | Low | 856 |
| |
Java | Java_Struts | Struts_Unused_Action_Form | Information | 489 |
| |
Java | Java_Struts | Struts_Unused_Validation_Form | Low | 107 |
| |
Java | Java_Struts | Struts_Unvalidated_Action_Form | Low | 108 |
| |
Java | Java_Struts | Struts_Use_of_Relative_Path_in_Config | Information | 21 |
| |
Java | Java_Struts | Struts_Validation_Turned_Off | Medium | 109 |
| |
Java | Java_Struts | Struts_Validator_Without_Form_Field | Low | 110 |
| |
Java | Java_Struts | Struts2_Action_Field_Without_Validator | Low | 101 |
| |
Java | Java_Struts | Struts2_Duplicate_Action_Field_Validators | Low | 101 |
| |
Java | Java_Struts | Struts2_Duplicate_Validators | Low | 101 |
| |
Java | Java_Struts | Struts2_Undeclared_Validator | Information | 101 |
| |
Java | Java_Struts | Struts2_Validation_File_Without_Action | Information | 101 |
| |
Java | Java_Struts | Struts2_Validator_Without_Action_Field | Information | 101 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_Code_Injection | High | 94 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_Stored_Code_Injection | High | 94 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_Stored_XSS | High | 79 |
| |
JavaScript | JavaScript_High_Risk | Client_DOM_XSS | High | 79 |
| |
JavaScript | JavaScript_High_Risk | Client_Resource_Injection | High | 99 |
| |
JavaScript | JavaScript_High_Risk | Client_Second_Order_Sql_Injection | High |
| ||
JavaScript | JavaScript_High_Risk | Client_SQL_Injection | High | 89 |
| |
JavaScript | JavaScript_Jelly | Jelly_Injection | High | 94 | ||
JavaScript | JavaScript_Jelly | Jelly_XSS | High | 79 | ||
JavaScript | JavaScript_Low_Visibility | Client_Cookies_Inspection | Low | 315 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Cross_Session_Contamination | Low | 488 |
| |
JavaScript | JavaScript_Low_Visibility | Client_DOM_Open_Redirect | Low | 601 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Empty_Password | Low | 259 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Hardcoded_Domain | Low | 829 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Heuristic_Poor_XSS_Validation | Low | 80 |
| |
JavaScript | JavaScript_Low_Visibility | Client_HTML5_Easy_To_Guess_Database_Name | Low | 330 |
| |
JavaScript | JavaScript_Low_Visibility | Client_HTML5_Heuristic_Session_Insecure_Storage | Low | 922 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Insecure_Randomness | Low | 330 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Insufficient_ClickJacking_Protection | Low | 693 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Insufficient_Key_Size | Low | 310 |
| |
JavaScript | JavaScript_Low_Visibility | Client_JQuery_Deprecated_Symbols | Low | 477 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Located_JQuery_Outdated_Lib_File | Low | 477 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Negative_Content_Length | Low | 398 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Null_Password | Low | 259 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Overly_Permissive_Message_Posting | Low | 942 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Password_In_Comment | Low | 615 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Password_Weak_Encryption | Low | 261 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_Ad_Hoc_Ajax | Low | 352 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_DOM_Open_Redirect | Low | 601 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_ReDoS_In_Match | Low | 730 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Potential_ReDoS_In_Replace | Low | 730 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Regex_Injection | Low | 624 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Remote_File_Inclusion | Low | 829 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Server_Empty_Password | Low | 259 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Use_Of_Deprecated_SQL_Database | Low | 937 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Use_Of_Iframe_Without_Sandbox | Low | 829 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Weak_Cryptographic_Hash | Low | 310 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Weak_Encryption | Low | 327 |
| |
JavaScript | JavaScript_Low_Visibility | Client_Weak_Password_Authentication | Low | 10710 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Cross_Frame_Scripting_Attack | Medium | 79 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DB_Parameter_Tampering | Medium | 284 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DOM_Cookie_Poisoning | Medium | 472 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DOM_XSRF | Medium | 352 |
| |
JavaScript | JavaScript_Medium_Threat | Client_DoS_By_Sleep | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Header_Manipulation | Medium | 113 |
| |
JavaScript | JavaScript_Medium_Threat | Client_HTML5_Information_Exposure | Medium | 200 |
| |
JavaScript | JavaScript_Medium_Threat | Client_HTML5_Insecure_Storage | Medium | 312 |
| |
JavaScript | JavaScript_Medium_Threat | Client_HTML5_Store_Sensitive_data_In_Web_Storage | Medium | 312 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Path_Manipulation | Medium | 73 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Potential_Code_Injection | Medium | 94 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Potential_XSS | Medium | 79 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Privacy_Violation | Medium | 359 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDoS_From_Regex_Injection | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDoS_In_Match | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDos_In_RegExp | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_ReDoS_In_Replace | Medium | 730 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Sandbox_Allows_Scripts_With_Same_Origin | Medium | 829 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Untrusted_Activex | Medium | 10703 |
| |
JavaScript | JavaScript_Medium_Threat | Client_Use_Of_JQuery_Outdated_Version | Medium | 477 |
| |
JavaScript | JavaScript_Medium_Threat | Client_XPATH_Injection | Medium | 643 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_Code_Injection | Medium | 94 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_File_Disclosure | Medium | 22 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_File_Manipulation | Medium | 22 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_Open_Redirect | Medium | 601 |
| |
JavaScript | Javascript_PhoneGap | PhoneGap_Privacy_Violation | Medium | 359 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Cleartext_Storage_Of_Sensitive_Information | Medium | 312 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Code_Injection | High | 94 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Comparing_instead_of_Assigning | Information | 482 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Cookie_Poisoning | Medium | 472 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Divide_By_Zero | Low | 369 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Dynamic_File_Inclusion | Information | 98 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Expression_is_Always_False | Information | 570 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Expression_is_Always_True | Information | 571 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Hardcoded_Absolute_Path | Low | 426 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | HTTP_Response_Splitting | Medium | 113 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Information_Exposure_Through_Directory_Listing | Low | 548 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Information_Exposure_Through_Log_Files | Low | 532 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Insecure_Direct_Object_References | High | 813 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | JSON_Hijacking | Low | 352 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Log_Forging | Low | 117 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Missing_CSP_Header | Low |
| ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Missing_Default_Case_In_Switch_Statement | Information | 478 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Missing_Encryption_of_Sensitive_Data | Medium | 311 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Null_Password | Low | 259 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Omitted_Break_Statement_In_Switch | Information | 484 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Open_Redirect | Low | 601 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Parameter_Tampering | Medium | 472 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Password_Weak_Encryption | Low | 261 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Path_Traversal | Medium | 36 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Poor_Database_Access_Control | Low | 285 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Potentially_Vulnerable_To_Xsrf | Low |
| ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Privacy_Violation | Medium | 359 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | ReDOS_in_RegExp | Medium | 730 | ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Reflected_XSS | High | 79 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Second_Order_SQL_Injection | High | 89 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Security_Misconfiguration | High | 933 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Server_DoS_by_loop | Medium | 730 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Server_DoS_by_sleep | Medium | 730 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | SQL_Injection | High | 89 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | SSL_Verification_Bypass | Medium | 599 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Stored_Code_Injection | Medium | 94 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Stored_Path_Traversal | Low | 36 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Stored_XSS | High | 79 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Uncontrolled_Format_String | Medium | 134 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Unprotected_Cookie | Low |
| ||
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_of_Deprecated_or_Obsolete_Functions | Low | 477 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_Of_Hardcoded_Password | Low | 259 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_Of_HTTP_Sensitive_Data_Exposure | Low | 319 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
JavaScript | JavaScript_Server_Side_Vulnerabilities | XSRF | Medium | 352 |
| |
JavaScript | Javascript_XS | XS_Code_Injection | High | 94 |
| |
JavaScript | Javascript_XS | XS_Log_Injection | Low | 117 |
| |
JavaScript | Javascript_XS | XS_Open_Redirect | Medium | 601 |
| |
JavaScript | Javascript_XS | XS_Overly_Permissive_CORS | Low | 749 |
| |
JavaScript | Javascript_XS | XS_Parameter_Tampering | Medium | 472 |
| |
JavaScript | Javascript_XS | XS_Potentially_Vulnerable_To_Clickjacking | Low | 693 |
| |
JavaScript | Javascript_XS | XS_Reflected_XSS | High | 79 |
| |
JavaScript | Javascript_XS | XS_Response_Splitting | Medium | 113 |
| |
JavaScript | Javascript_XS | XS_Second_Order_SQL_Injection | High | 89 |
| |
JavaScript | Javascript_XS | XS_SQL_Injection | High | 89 |
| |
JavaScript | Javascript_XS | XS_Stored_Code_Injection | High | 94 |
| |
JavaScript | Javascript_XS | XS_Stored_XSS | High | 79 |
| |
JavaScript | Javascript_XS | XS_Unencrypted_Data_Transfer | Low | 319 |
| |
JavaScript | Javascript_XS | XS_Use_Of_Hardcoded_URL | Medium | 798 |
| |
JavaScript | Javascript_XS | XS_XSRF | Medium | 352 |
| |
JavaScript | JavasScript_Visualforce_Remoting | VF_Remoting_Client_Potential_Code_Injection | Medium | 94 |
| |
JavaScript | JavasScript_Visualforce_Remoting | VF_Remoting_Client_Potential_XSRF | Medium | 352 |
| |
JavaScript | JavasScript_Visualforce_Remoting | VF_Remoting_Client_Potential_XSS | Medium | 79 |
| |
Objc | Apple_Secure_Coding_Guide | Buffer_Size_Literal | Information | 398 |
| |
Objc | Apple_Secure_Coding_Guide | Buffer_Size_Literal_Condition | Low | 398 |
| |
Objc | Apple_Secure_Coding_Guide | Buffer_Size_Literal_Overflow | High | 788 |
| |
Objc | Apple_Secure_Coding_Guide | Improper_Implementation_of_NSSecureCoding | High | 502 |
| |
Objc | Apple_Secure_Coding_Guide | Jailbrake_File_Referenced_By_Name | Low |
| ||
Objc | Apple_Secure_Coding_Guide | Jailbreak_Unchecked_File_Operation_Result_Code | Low |
| ||
Objc | Apple_Secure_Coding_Guide | NSPredicate_Injection | High |
| ||
Objc | Apple_Secure_Coding_Guide | NSPredicate_Injection_Via_Deserialization | High |
| ||
Objc | Apple_Secure_Coding_Guide | Path_Manipulation | Medium | 73 |
| |
Objc | Apple_Secure_Coding_Guide | Signed_Memory_Arithmetic | High |
| ||
Objc | Apple_Secure_Coding_Guide | UDP_Protocol_Used | Information | 398 |
| |
Objc | Apple_Secure_Coding_Guide | Unchecked_CString_Convertion | Low |
| ||
Objc | Apple_Secure_Coding_Guide | Unscrubbed_Secret | Low | 244 |
| |
Objc | Apple_Secure_Coding_Guide | Unsecure_Deserialization | High |
| ||
Objc | Apple_Secure_Coding_Guide | URL_Injection | Low | 74 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Dead_Code | Information | 561 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Expression_is_Always_False | Information | 570 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Expression_is_Always_True | Information | 571 |
| |
Objc | ObjectiveC_Best_Coding_Practice | Missing_Colon_In_Selector | Information | 483 |
| |
Objc | ObjectiveC_High_Risk | Information_Exposure_Through_Extension | High |
| ||
Objc | ObjectiveC_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Objc | ObjectiveC_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Objc | ObjectiveC_High_Risk | SQL_Injection | High | 89 |
| |
Objc | ObjectiveC_High_Risk | Stored_XSS | High | 79 |
| |
Objc | ObjectiveC_High_Risk | Third_Party_Keyboards_On_Sensitive_Field | High |
| ||
Objc | ObjectiveC_High_Risk | Unsafe_Reflection | High | 470 |
| |
Objc | ObjectiveC_Low_Visibility | Empty_Password | Low | 521 |
| |
Objc | ObjectiveC_Low_Visibility | Functions_Apple_Recommends_To_Avoid | Low | 937 |
| |
Objc | ObjectiveC_Low_Visibility | Heap_Inspection | Low | 244 |
| |
Objc | ObjectiveC_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
Objc | ObjectiveC_Low_Visibility | Incorrect_Initialization | Low | 456 |
| |
Objc | ObjectiveC_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Objc | ObjectiveC_Low_Visibility | Insufficient_Encryption_Key_Size | Low | 310 |
| |
Objc | ObjectiveC_Low_Visibility | iOS_Improper_Resource_Release_Shutdown | Low | 404 |
| |
Objc | ObjectiveC_Low_Visibility | Log_Forging | Low | 117 |
| |
Objc | ObjectiveC_Low_Visibility | Memory_Leak | Low | 401 |
| |
Objc | ObjectiveC_Low_Visibility | Null_Password | Low | 521 |
| |
Objc | ObjectiveC_Low_Visibility | Poor_Authorization_and_Authentication | Low | 287 |
| |
Objc | ObjectiveC_Low_Visibility | Potential_ReDoS | Low | 730 |
| |
Objc | ObjectiveC_Low_Visibility | Sensitive_Data_In_Temp_Folders | Low | 249 |
| |
Objc | ObjectiveC_Low_Visibility | Third_Party_Keyboard_Enabled | Low |
| ||
Objc | ObjectiveC_Low_Visibility | Unchecked_Return_Value | Low | 252 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 328 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Hardcoded_Cryptographic_Key | Low | 321 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Hardcoded_Password | Low | 259 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Insufficiently_Random_Values | Low | 330 |
| |
Objc | ObjectiveC_Low_Visibility | Use_of_Obsolete_Functions | Low | 477 |
| |
Objc | ObjectiveC_Medium_Threat | Autocorrection_Keystroke_Logging | Medium |
| ||
Objc | ObjectiveC_Medium_Threat | Cut_And_Paste_Leakage | Medium |
| ||
Objc | ObjectiveC_Medium_Threat | Format_String_Attack | Medium | 134 |
| |
Objc | ObjectiveC_Medium_Threat | Improper_Certificate_Validation | Medium | 297 |
| |
Objc | ObjectiveC_Medium_Threat | Information_Exposure_Through_Query_String | Medium | 598 |
| |
Objc | ObjectiveC_Medium_Threat | Insecure_Data_Storage | Medium | 922 |
| |
Objc | ObjectiveC_Medium_Threat | Insufficient_Transport_Layer_Input | Medium | 319 |
| |
Objc | ObjectiveC_Medium_Threat | Insufficient_Transport_Layer_Output | Medium | 319 |
| |
Objc | ObjectiveC_Medium_Threat | Missing_Encryption_of_Sensitive_Data | Medium | 311 |
| |
Objc | ObjectiveC_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Objc | ObjectiveC_Medium_Threat | Path_Traversal | Medium | 22 |
| |
Objc | ObjectiveC_Medium_Threat | ReDoS | Medium | 730 |
| |
Objc | ObjectiveC_Medium_Threat | Screen_Caching | Medium |
| ||
Objc | ObjectiveC_Medium_Threat | Side_Channel_Data_Leakage | Medium | 359 |
| |
Objc | ObjectiveC_Medium_Threat | XML_External_Entity | Medium | 611 |
| |
Perl | Perl_Best_Coding_Practice | Empty_Methods | Information | 398 |
| |
Perl | Perl_Best_Coding_Practice | Prepending_Leading_Zeroes_To_Integer_Literals | Information | 665 |
| |
Perl | Perl_Best_Coding_Practice | Reusing_Variable_Names_In_Subscopes | Information | 398 |
| |
Perl | Perl_Best_Coding_Practice | Using_Perl4_Package_Names | Information | 477 |
| |
Perl | Perl_Best_Coding_Practice | Using_Subroutine_Prototypes | Information | 628 |
| |
Perl | Perl_High_Risk | Code_Injection | High | 94 |
| |
Perl | Perl_High_Risk | Command_Injection | High | 77 |
| |
Perl | Perl_High_Risk | Connection_String_Injection | High | 99 |
| |
Perl | Perl_High_Risk | LDAP_Injection | High | 90 |
| |
Perl | Perl_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Perl | Perl_High_Risk | Resource_Injection | High | 99 |
| |
Perl | Perl_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Perl | Perl_High_Risk | SQL_Injection | High | 89 |
| |
Perl | Perl_High_Risk | Stored_XSS | High | 79 |
| |
Perl | Perl_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Perl | Perl_Low_Visibility | Import_of_Deprecated_Modules | Low | 937 |
| |
Perl | Perl_Low_Visibility | Improper_Filtering_of_Special_Elements | Low | 790 |
| |
Perl | Perl_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Perl | Perl_Low_Visibility | Log_Forging | Low | 117 |
| |
Perl | Perl_Low_Visibility | Not_Checking_Regular_Expressions_Results | Low | 252 |
| |
Perl | Perl_Low_Visibility | Overloading_Reserved_Keywords_or_Subroutines | Low | 398 |
| |
Perl | Perl_Low_Visibility | Permissive_Regular_Expression | Low | 625 |
| |
Perl | Perl_Low_Visibility | Prohibit_Indirect_Object_Call_Syntax | Low | 665 |
| |
Perl | Perl_Low_Visibility | Remote_File_Inclusion | Low | 98 |
| |
Perl | Perl_Low_Visibility | Signifying_Inheritence_At_Runtime | Low | 398 |
| |
Perl | Perl_Low_Visibility | Stored_Path_Traversal | Low | 22 |
| |
Perl | Perl_Low_Visibility | Unchecked_Return_Value | Low | 252 |
| |
Perl | Perl_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Perl | Perl_Low_Visibility | Use_of_Deprecated_or_Obsolete_Functions | Low | 477 |
| |
Perl | Perl_Low_Visibility | Variables_Outside_The_Scope_of_a_Regex | Low | 824 |
| |
Perl | Perl_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Perl | Perl_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
Perl | Perl_Medium_Threat | Missing_Encryption_of_Sensitive_Data | Medium | 311 |
| |
Perl | Perl_Medium_Threat | Parameter_Tampering | Medium | 472 | ||
Perl | Perl_Medium_Threat | Path_Traversal | Medium | 22 |
| |
Perl | Perl_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Perl | Perl_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
Perl | Perl_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
Perl | Perl_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Perl | Perl_Medium_Threat | Uncontrolled_Format_String | Medium | 134 |
| |
Perl | Perl_Medium_Threat | Uncontrolled_Memory_Allocation | Medium | 789 |
| |
Perl | Perl_Medium_Threat | Unprotected_Transport_of_Credentials | Medium | 523 |
| |
Perl | Perl_Medium_Threat | Use_Of_Hardcoded_Password | Medium | 259 |
| |
Perl | Perl_Medium_Threat | Use_of_Two_Argument_Form_of_Open | Medium | 77 |
| |
Perl | Perl_Medium_Threat | XSRF | Medium | 352 |
| |
PHP | Php_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
PHP | Php_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
PHP | Php_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
PHP | Php_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
PHP | Php_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
PHP | Php_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
PHP | Php_Best_Coding_Practice | Use_Of_Namespace | Information | 398 |
| |
PHP | Php_Best_Coding_Practice | Use_Of_Private_Static_Variable | Information | 398 |
| |
PHP | Php_Best_Coding_Practice | Use_Of_Super_GLOBALS | Information | 518 |
| |
PHP | PHP_High_Risk | Code_Injection | High | 94 |
| |
PHP | PHP_High_Risk | Command_Injection | High | 77 |
| |
PHP | PHP_High_Risk | File_Disclosure | High | 552 |
| |
PHP | PHP_High_Risk | File_Inclusion | High | 98 |
| |
PHP | PHP_High_Risk | File_Manipulation | High | 552 |
| |
PHP | PHP_High_Risk | LDAP_Injection | High | 90 |
| |
PHP | PHP_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
PHP | PHP_High_Risk | Reflection_Injection | High | 470 |
| |
PHP | PHP_High_Risk | Remote_File_Inclusion | High | 98 |
| |
PHP | PHP_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
PHP | PHP_High_Risk | SQL_Injection | High | 89 |
| |
PHP | PHP_High_Risk | Stored_XSS | High | 79 |
| |
PHP | PHP_High_Risk | XPath_Injection | High | 643 |
| |
PHP | Php_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
PHP | Php_Low_Visibility | ESAPI_Same_Password_Repeats_Twice | Low | 521 |
| |
PHP | Php_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
PHP | Php_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
PHP | Php_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
PHP | Php_Low_Visibility | Incorrect_Implementation_of_Authentication_Algorithm | Low | 303 |
| |
PHP | Php_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
PHP | Php_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
PHP | Php_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
PHP | Php_Low_Visibility | Log_Forging | Low | 117 |
| |
PHP | Php_Low_Visibility | Possible_Flow_Control | Low |
| ||
PHP | Php_Low_Visibility | Reliance_on_Cookies_in_a_Decision | Low | 784 |
| |
PHP | Php_Low_Visibility | Reliance_on_DNS_Lookups_in_a_Decision | Low | 247 |
| |
PHP | Php_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
PHP | Php_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
PHP | Php_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
PHP | PHP_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
PHP | PHP_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
PHP | PHP_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
PHP | PHP_Medium_Threat | Header_Injection | Medium | 113 |
| |
PHP | PHP_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
PHP | PHP_Medium_Threat | HttpOnlyCookies | Medium | 10706 |
| |
PHP | PHP_Medium_Threat | Improper_Control_of_Dynamically_Identified_Variables | Medium | 914 |
| |
PHP | PHP_Medium_Threat | Improper_Neutralization_of_SQL_Command | Medium | 89 |
| |
PHP | PHP_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 3652 |
| |
PHP | PHP_Medium_Threat | Inappropriate_Encoding_for_Output_Context | Medium | 838 |
| |
PHP | PHP_Medium_Threat | Insecure_Randomness | Medium | 330 |
| |
PHP | PHP_Medium_Threat | Object_Injection | Medium | 915 |
| |
PHP | PHP_Medium_Threat | Open_Redirect | Medium | 601 |
| |
PHP | PHP_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
PHP | PHP_Medium_Threat | Path_Traversal | Medium | 36 |
| |
PHP | PHP_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
PHP | PHP_Medium_Threat | Session_Fixation | Medium | 384 |
| |
PHP | PHP_Medium_Threat | SSL_Verification_Bypass | Medium | 599 |
| |
PHP | PHP_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
PHP | PHP_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
PHP | PHP_Medium_Threat | Stored_File_Inclusion | Medium | 98 |
| |
PHP | PHP_Medium_Threat | Stored_File_Manipulation | Medium | 552 |
| |
PHP | PHP_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
PHP | PHP_Medium_Threat | Stored_Reflection_Injection | Medium | 470 |
| |
PHP | PHP_Medium_Threat | Stored_Remote_File_Inclusion | Medium | 98 |
| |
PHP | PHP_Medium_Threat | Stored_XPath_Injection | Medium | 643 |
| |
PHP | PHP_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
PHP | PHP_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
PHP | PHP_Medium_Threat | XSRF | Medium | 352 |
| |
PLSQL | PLSQL_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
PLSQL | PLSQL_Best_Coding_Practice | Use_of_Potentially_Dangerous_Function | Information | 676 |
| |
PLSQL | PLSQL_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
PLSQL | PLSQL_High_Risk | Resource_Injection | High | 99 |
| |
PLSQL | PLSQL_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
PLSQL | PLSQL_High_Risk | SQL_Injection | High | 89 |
| |
PLSQL | PLSQL_High_Risk | Stored_XSS | High | 79 |
| |
PLSQL | PLSQL_Low_Visibility | Authorization_Bypass_Through_User_Controlled_SQL_PrimaryKey | Low | 566 |
| |
PLSQL | PLSQL_Low_Visibility | Default_Definer_Rights_in_Method_Definition | Low | 265 |
| |
PLSQL | PLSQL_Low_Visibility | Exposure_of_System_Data | Low | 497 |
| |
PLSQL | PLSQL_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
PLSQL | PLSQL_Low_Visibility | Reversible_One_Way_Hash | Low | 328 |
| |
PLSQL | PLSQL_Low_Visibility | Use_Of_Broken_Or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
PLSQL | PLSQL_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
PLSQL | PLSQL_Medium_Threat | Dangling_Database_Cursor | Medium | 619 |
| |
PLSQL | PLSQL_Medium_Threat | Default_Definer_Rights_in_Package_or_Object_Definition | Medium | 265 |
| |
PLSQL | PLSQL_Medium_Threat | DoS_By_Sleep | Medium | 730 |
| |
PLSQL | PLSQL_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
PLSQL | PLSQL_Medium_Threat | Improper_Privilege_Management | Medium | 269 |
| |
PLSQL | PLSQL_Medium_Threat | Open_Redirect | Medium | 601 |
| |
PLSQL | PLSQL_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
PLSQL | PLSQL_Medium_Threat | Plaintext_Storage_of_a_Password | Medium | 256 |
| |
PLSQL | PLSQL_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
PLSQL | PLSQL_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
PLSQL | PLSQL_Medium_Threat | Use_of_Insufficiently_Random_Values | Medium | 330 |
| |
Python | Python_High_Risk | Code_Injection | High | 94 |
| |
Python | Python_High_Risk | Command_Injection | High | 77 |
| |
Python | Python_High_Risk | Connection_String_Injection | High | 99 |
| |
Python | Python_High_Risk | LDAP_Injection | High | 90 |
| |
Python | Python_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Python | Python_High_Risk | Resource_Injection | High | 99 |
| |
Python | Python_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Python | Python_High_Risk | SQL_Injection | High | 89 |
| |
Python | Python_High_Risk | Stored_XSS | High | 79 |
| |
Python | Python_High_Risk | XPath_Injection | High | 643 |
| |
Python | Python_Low_Visibility | Debug_Enabled | Low | 11 |
| |
Python | Python_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Python | Python_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Python | Python_Low_Visibility | Insufficiently_Protected_Credentials | Low |
| ||
Python | Python_Low_Visibility | Log_Forging | Low | 117 |
| |
Python | Python_Low_Visibility | Password_In_Comment | Low | 615 |
| |
Python | Python_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Python | Python_Medium_Threat | Cookie_Poisoning | Medium | 472 |
| |
Python | Python_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Python | Python_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Python | Python_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Python | Python_Medium_Threat | Filtering_Sensitive_Logs | Medium | 10602 |
| |
Python | Python_Medium_Threat | Hardcoded_Password_in_Connection_String | Medium | 547 |
| |
Python | Python_Medium_Threat | Header_Injection | Medium | 113 |
| |
Python | Python_Medium_Threat | Improper_Restriction_of_XXE_Ref | Medium | 611 |
| |
Python | Python_Medium_Threat | Insecure_Randomness | Medium | 330 |
| |
Python | Python_Medium_Threat | Open_Redirect | Medium | 601 |
| |
Python | Python_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Python | Python_Medium_Threat | Path_Traversal | Medium | 36 |
| |
Python | Python_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Python | Python_Medium_Threat | ReDoS_In_Replace | Medium | 730 |
| |
Python | Python_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
Python | Python_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Python | Python_Medium_Threat | XSRF | Medium | 352 |
| |
Ruby | Ruby_Best_Coding_Practice | Caching_False_In_Production | Information | 10713 |
| |
Ruby | Ruby_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
Ruby | Ruby_Best_Coding_Practice | Dynamic_Render_Path | Information | 10714 |
| |
Ruby | Ruby_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
Ruby | Ruby_Best_Coding_Practice | Global_Variables_Without_Meaningful_Name | Information | 10715 |
| |
Ruby | Ruby_Best_Coding_Practice | Import_Relative_To_File | Information | 10716 |
| |
Ruby | Ruby_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
Ruby | Ruby_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
Ruby | Ruby_Best_Coding_Practice | Use_Of_Global_Variables | Information | 518 |
| |
Ruby | Ruby_High_Risk | Code_Injection | High | 94 |
| |
Ruby | Ruby_High_Risk | Command_Injection | High | 77 |
| |
Ruby | Ruby_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
Ruby | Ruby_High_Risk | Remote_File_Inclusion | High | 829 |
| |
Ruby | Ruby_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
Ruby | Ruby_High_Risk | SQL_Injection | High | 89 |
| |
Ruby | Ruby_High_Risk | Stored_XSS | High | 79 |
| |
Ruby | Ruby_Low_Visibility | Attr_accessible_Not_Set | Low | 10601 |
| |
Ruby | Ruby_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
Ruby | Ruby_Low_Visibility | Connection_String_Injection | Low | 99 |
| |
Ruby | Ruby_Low_Visibility | DB_Information_Leak | Low | 200 |
| |
Ruby | Ruby_Low_Visibility | Disabling_SAFE_Mode | Low | 10718 |
| |
Ruby | Ruby_Low_Visibility | Full_Error_Reports_In_Production | Low | 209 |
| |
Ruby | Ruby_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
Ruby | Ruby_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
Ruby | Ruby_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
Ruby | Ruby_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
Ruby | Ruby_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
Ruby | Ruby_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
Ruby | Ruby_Low_Visibility | Interactive_Render_Path | Low | 10719 |
| |
Ruby | Ruby_Low_Visibility | Leftover_Debug_Code | Low | 489 |
| |
Ruby | Ruby_Low_Visibility | Local_File_Inclusion | Low | 10720 |
| |
Ruby | Ruby_Low_Visibility | Log_Forging | Low | 117 |
| |
Ruby | Ruby_Low_Visibility | No_Protection_From_Forgery | Low | 352 |
| |
Ruby | Ruby_Low_Visibility | No_Session_Expiration | Low | 613 |
| |
Ruby | Ruby_Low_Visibility | Open_Redirect | Low | 601 |
| |
Ruby | Ruby_Low_Visibility | Personal_Info_In_Session | Low | 539 |
| |
Ruby | Ruby_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
Ruby | Ruby_Low_Visibility | Use_of_Dangerous_Functions | Low | 242 |
| |
Ruby | Ruby_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
Ruby | Ruby_Low_Visibility | Use_Of_raw | Low | 116 |
| |
Ruby | Ruby_Low_Visibility | Use_Of_Sanitize_Instead_Of_h | Low | 116 |
| |
Ruby | Ruby_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
Ruby | Ruby_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
Ruby | Ruby_Medium_Threat | Dangerous_Send | Medium | 77 |
| |
Ruby | Ruby_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
Ruby | Ruby_Medium_Threat | DB_Tampering | Medium | 20 |
| |
Ruby | Ruby_Medium_Threat | Default_Routes | Medium | 10603 |
| |
Ruby | Ruby_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
Ruby | Ruby_Medium_Threat | DOS_To_Symbol | Medium | 730 |
| |
Ruby | Ruby_Medium_Threat | Download_Arbitrary_File | Medium | 10721 |
| |
Ruby | Ruby_Medium_Threat | Filtering_Sensitive_Logs | Medium | 10602 |
| |
Ruby | Ruby_Medium_Threat | Hardcoded_Session_Secret_Token | Medium | 798 |
| |
Ruby | Ruby_Medium_Threat | Http_Only_Set_To_False | Medium | 79 |
| |
Ruby | Ruby_Medium_Threat | Insecure_Randomness | Medium | 330 |
| |
Ruby | Ruby_Medium_Threat | Insufficient_Format_Validation | Medium | 625 |
| |
Ruby | Ruby_Medium_Threat | Nonvalidated_File_Upload | Medium | 434 |
| |
Ruby | Ruby_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
Ruby | Ruby_Medium_Threat | Path_Traversal | Medium | 36 |
| |
Ruby | Ruby_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
Ruby | Ruby_Medium_Threat | Privilege_Escalation | Medium | 285 |
| |
Ruby | Ruby_Medium_Threat | Remote_Code_Execution | Medium | 94 |
| |
Ruby | Ruby_Medium_Threat | Short_Session_Key | Medium | 326 |
| |
Ruby | Ruby_Medium_Threat | SSL_Verification_Bypass | Medium | 599 |
| |
Ruby | Ruby_Medium_Threat | Stored_Code_Injection | Medium | 94 |
| |
Ruby | Ruby_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
Ruby | Ruby_Medium_Threat | Unsafe_Mass_Assignment | Medium | 10601 |
| |
Ruby | Ruby_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
Ruby | Ruby_Medium_Threat | XSRF | Medium | 352 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_JSON_GEM_Remote_Code | Low | 20 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_JSON_Remote_Code_Execution | Low | 94 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_Bypass_Access_Control | Low | 264 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_Cross_Site_Request_Forgery | Low | 352 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_allows_DOS_via_ActiveRecord | Low | 400 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_SQL_Injection | Low | 89 |
| |
Ruby | Ruby_Vulnerable_Outdated_Versions | Outdated_Rails_Allows_XSS | Low | 79 |
| |
VB6 | VB6_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
VB6 | VB6_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
VB6 | VB6_High_Risk | Code_Injection | High | 94 |
| |
VB6 | VB6_High_Risk | Command_Injection | High | 77 |
| |
VB6 | VB6_High_Risk | Connection_String_Injection | High | 99 |
| |
VB6 | VB6_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
VB6 | VB6_High_Risk | SQL_Injection | High | 89 |
| |
VB6 | VB6_Low_Visibility | Bounds_Check_Disabled | Low | 118 |
| |
VB6 | VB6_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
VB6 | VB6_Low_Visibility | Improper_Error_Handling | Low | 248 |
| |
VB6 | VB6_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
VB6 | VB6_Low_Visibility | Insecure_Randomness | Low | 330 |
| |
VB6 | VB6_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
VB6 | VB6_Low_Visibility | Log_Forging | Low | 117 |
| |
VB6 | VB6_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
VB6 | VB6_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
VB6 | VB6_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
VB6 | VB6_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
VB6 | VB6_Medium_Threat | Path_Traversal | Medium | 36 |
| |
VB6 | VB6_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
VbNet | VbNet_Best_Coding_Practice | Aptca_Methods_Call_Non_Aptca_Methods | Information | 10022 |
| |
VbNet | VbNet_Best_Coding_Practice | Catch_NullPointerException | Information | 395 |
| |
VbNet | VbNet_Best_Coding_Practice | Declaration_Of_Catch_For_Generic_Exception | Information | 396 |
| |
VbNet | VbNet_Best_Coding_Practice | Detection_of_Error_Condition_Without_Action | Information | 390 |
| |
VbNet | VbNet_Best_Coding_Practice | Direct_Use_of_Sockets | Information | 246 |
| |
VbNet | VbNet_Best_Coding_Practice | Dynamic_SQL_Queries | Information | 89 |
| |
VbNet | VbNet_Best_Coding_Practice | Exposure_of_Resource_to_Wrong_Sphere | Information | 668 |
| |
VbNet | VbNet_Best_Coding_Practice | GetLastWin32Error_Is_Not_Called_After_Pinvoke | Information | 10018 |
| |
VbNet | VbNet_Best_Coding_Practice | Hardcoded_Connection_String | Information | 798 |
| |
VbNet | VbNet_Best_Coding_Practice | Leftover_Debug_Code | Information | 489 |
| |
VbNet | VbNet_Best_Coding_Practice | Magic_Numbers | Information | 10017 |
| |
VbNet | VbNet_Best_Coding_Practice | Missing_XML_Validation | Information | 112 |
| |
VbNet | VbNet_Best_Coding_Practice | Non_Private_Static_Constructors | Information | 10021 |
| |
VbNet | VbNet_Best_Coding_Practice | NULL_Argument_to_Equals | Information | 10019 |
| |
VbNet | VbNet_Best_Coding_Practice | Pages_Without_Global_Error_Handler | Information | 544 |
| |
VbNet | VbNet_Best_Coding_Practice | PersistSecurityInfo_is_True | Information | 10023 |
| |
VbNet | VbNet_Best_Coding_Practice | Threads_in_WebApp | Information | 383 |
| |
VbNet | VbNet_Best_Coding_Practice | Unchecked_Error_Condition | Information | 391 |
| |
VbNet | VbNet_Best_Coding_Practice | Unchecked_Return_Value | Information | 252 |
| |
VbNet | VbNet_Best_Coding_Practice | Unclosed_Objects | Information | 459 |
| |
VbNet | VbNet_Best_Coding_Practice | Unvalidated_Arguments_Of_Public_Methods | Information | 10004 |
| |
VbNet | VbNet_Best_Coding_Practice | Use_of_System_Output_Stream | Information | 398 |
| |
VbNet | VbNet_Best_Coding_Practice | Use_Of_Uninitialized_Variables | Information | 457 |
| |
VbNet | VbNet_Best_Coding_Practice | Visible_Pointers | Information | 10002 |
| |
VbNet | VbNet_Heuristic | Heuristic_2nd_Order_SQL_Injection | Low | 89 |
| |
VbNet | VbNet_Heuristic | Heuristic_DB_Parameter_Tampering | Low | 284 |
| |
VbNet | VbNet_Heuristic | Heuristic_Parameter_Tampering | Low | 472 |
| |
VbNet | VbNet_Heuristic | Heuristic_SQL_Injection | Low | 89 |
| |
VbNet | VbNet_Heuristic | Heuristic_Stored_XSS | Low | 79 |
| |
VbNet | VbNet_Heuristic | Heuristic_XSRF | Low | 352 |
| |
VbNet | VbNet_High_Risk | Code_Injection | High | 94 |
| |
VbNet | VbNet_High_Risk | Command_Injection | High | 77 |
| |
VbNet | VbNet_High_Risk | Connection_String_Injection | High | 10001 |
| |
VbNet | VbNet_High_Risk | LDAP_Injection | High | 90 |
| |
VbNet | VbNet_High_Risk | Reflected_XSS_All_Clients | High | 79 |
| |
VbNet | VbNet_High_Risk | Resource_Injection | High | 99 |
| |
VbNet | VbNet_High_Risk | Second_Order_SQL_Injection | High | 89 |
| |
VbNet | VbNet_High_Risk | SQL_Injection | High | 89 |
| |
VbNet | VbNet_High_Risk | Stored_XSS | High | 79 |
| |
VbNet | VbNet_High_Risk | UTF7_XSS | High | 79 |
| |
VbNet | VbNet_High_Risk | XPath_Injection | High | 643 |
| |
VbNet | VbNet_Low_Visibility | Blind_SQL_Injections | Low | 89 |
| |
VbNet | VbNet_Low_Visibility | Cleansing_Canonicalization_and_Comparison_Errors | Low | 171 |
| |
VbNet | VbNet_Low_Visibility | Client_Side_Only_Validation | Low | 10005 |
| |
VbNet | VbNet_Low_Visibility | Dangerous_File_Upload | Low | 434 |
| |
VbNet | VbNet_Low_Visibility | Hardcoded_Absolute_Path | Low | 426 |
| |
VbNet | VbNet_Low_Visibility | Impersonation_Issue | Low | 10024 |
| |
VbNet | VbNet_Low_Visibility | Improper_Encoding_Of_Output | Low | 116 | ||
VbNet | VbNet_Low_Visibility | Improper_Exception_Handling | Low | 248 |
| |
VbNet | VbNet_Low_Visibility | Improper_Resource_Shutdown_or_Release | Low | 404 |
| |
VbNet | VbNet_Low_Visibility | Improper_Session_Management | Low | 201 |
| |
VbNet | VbNet_Low_Visibility | Improper_Transaction_Handling | Low | 460 |
| |
VbNet | VbNet_Low_Visibility | Information_Exposure_Through_an_Error_Message | Low | 209 |
| |
VbNet | VbNet_Low_Visibility | Information_Leak_Through_Persistent_Cookies | Low | 539 |
| |
VbNet | VbNet_Low_Visibility | Insufficiently_Protected_Credentials | Low | 522 |
| |
VbNet | VbNet_Low_Visibility | JavaScript_Hijacking | Low | 10598 |
| |
VbNet | VbNet_Low_Visibility | Just_One_of_Equals_and_Hash_code_Defined | Low | 581 |
| |
VbNet | VbNet_Low_Visibility | Leaving_Temporary_Files | Low | 376 |
| |
VbNet | VbNet_Low_Visibility | Log_Forging | Low | 117 |
| |
VbNet | VbNet_Low_Visibility | Open_Redirect | Low | 601 |
| |
VbNet | VbNet_Low_Visibility | Session_Clearing_Problems | Low | 10027 |
| |
VbNet | VbNet_Low_Visibility | Session_Poisoning | Low | 10012 |
| |
VbNet | VbNet_Low_Visibility | Thread_Safety_Issue | Low | 567 |
| |
VbNet | VbNet_Low_Visibility | URL_Canonicalization_Issue | Low | 10030 |
| |
VbNet | VbNet_Low_Visibility | Use_of_Broken_or_Risky_Cryptographic_Algorithm | Low | 327 |
| |
VbNet | VbNet_Low_Visibility | Use_Of_Hardcoded_Password | Low | 259 |
| |
VbNet | VbNet_Low_Visibility | XSS_Evasion_Attack | Low | 79 |
| |
VbNet | VbNet_Medium_Threat | Buffer_Overflow | Medium | 120 |
| |
VbNet | VbNet_Medium_Threat | CGI_XSS | Medium | 79 |
| |
VbNet | VbNet_Medium_Threat | Cross_Site_History_Manipulation | Medium | 203 |
| |
VbNet | VbNet_Medium_Threat | Data_Filter_Injection | Medium | 200 |
| |
VbNet | VbNet_Medium_Threat | DB_Parameter_Tampering | Medium | 284 |
| |
VbNet | VbNet_Medium_Threat | DoS_by_Sleep | Medium | 730 |
| |
VbNet | VbNet_Medium_Threat | Hardcoded_password_in_Connection_String | Medium | 547 |
| |
VbNet | VbNet_Medium_Threat | Heap_Inspection | Medium | 244 |
| |
VbNet | VbNet_Medium_Threat | HTTP_Response_Splitting | Medium | 113 |
| |
VbNet | VbNet_Medium_Threat | Improper_Locking | Medium | 667 |
| |
VbNet | VbNet_Medium_Threat | Integer_Overflow | Medium | 190 |
| |
VbNet | VbNet_Medium_Threat | No_Request_Validation | Medium | 20 |
| |
VbNet | VbNet_Medium_Threat | Parameter_Tampering | Medium | 472 |
| |
VbNet | VbNet_Medium_Threat | Path_Traversal | Medium | 36 |
| |
VbNet | VbNet_Medium_Threat | Privacy_Violation | Medium | 359 |
| |
VbNet | VbNet_Medium_Threat | Reflected_XSS_Specific_Clients | Medium | 79 |
| |
VbNet | VbNet_Medium_Threat | SQL_Injection_Evasion_Attack | Medium | 89 |
| |
VbNet | VbNet_Medium_Threat | Stored_Command_Injection | Medium | 77 |
| |
VbNet | VbNet_Medium_Threat | Stored_LDAP_Injection | Medium | 90 |
| |
VbNet | VbNet_Medium_Threat | Stored_XPath_Injection | Medium | 643 |
| |
VbNet | VbNet_Medium_Threat | Trust_Boundary_Violation | Medium | 501 |
| |
VbNet | VbNet_Medium_Threat | Unclosed_Connection | Medium | 404 |
| |
VbNet | VbNet_Medium_Threat | Use_of_Hard_coded_Cryptographic_Key | Medium | 321 |
| |
VbNet | VbNet_Medium_Threat | XSRF | Medium | 352 |
| |
VbNet | VbNet_WebConfig | CookieLess_Authentication | Medium | 10704 |
| |
VbNet | VbNet_WebConfig | CookieLess_Session | Medium | 10708 |
| |
VbNet | VbNet_WebConfig | CustomError | Low | 12 |
| |
VbNet | VbNet_WebConfig | DebugEnabled | Low | 11 |
| |
VbNet | VbNet_WebConfig | HardcodedCredentials | Medium | 489 |
| |
VbNet | VbNet_WebConfig | HttpOnlyCookies_XSS | High | 10706 |
| |
VbNet | VbNet_WebConfig | Missing_X_Frame_Options | Low | 829 |
| |
VbNet | VbNet_WebConfig | NonUniqueFormName | Low | 10707 |
| |
VbNet | VbNet_WebConfig | Password_In_Configuration_File | Low | 260 |
| |
VbNet | VbNet_WebConfig | RequireSSL | Medium | 614 |
| |
VbNet | VbNet_WebConfig | SlidingExpiration | Low | 613 |
| |
VbNet | VbNet_WebConfig | TraceEnabled | Low | 10708 |
| |
VbScript | VbScript_High_Risk | DOM_Code_Injection | High | 94 |
| |
VbScript | VbScript_High_Risk | DOM_XSS | High | 79 |
| |
VbScript | VbScript_Low_Visibility | Cookies_Inspection | Low | 315 |
| |
VbScript | VbScript_Low_Visibility | DOM_Open_Redirect | Low | 601 |
| |
VbScript | VbScript_Low_Visibility | Weak_Password_Authentication | Low | 10710 |
| |
VbScript | VbScript_Medium_Threat | Client_DoS_By_Sleep | Medium | 730 |
| |
VbScript | VbScript_Medium_Threat | Client_Untrusted_Activex | Medium | 10703 |
| |
VbScript | VbScript_Medium_Threat | DOM_Cookie_Poisoning | Medium | 472 |
| |
VbScript | VbScript_Medium_Threat | DOM_XSRF | Medium | 352 |
|
See also:
- 8.1.0 Release Updates
- 8.1.0 Supported Environments
- 8.1.0 Supported Code Languages and Frameworks
- 8.1.0 Vulnerability Queries