Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -11,34 +11,34 @@ Each rule includes the following information.
| ----------------------------------------------------------------- | ---------------- | ---------------------- | ----------- |
| Anti-forgery token validation disabled | CWE-352 | Sans Top 25, OWASP:A01 | Yes |
| Debug Features Enabled | CWE-215 | None | Yes |
| Usage of BinaryFormatter | CWE-502 | Sans Top 25, OWASP:A08 | No |
| Cleartext Storage of Sensitive Information in a Cookie | CWE-315 | OWASP:A05 | No |
| Code Injection | CWE-94 | Sans Top 25, OWASP:A03 | No |
| Command Injection | CWE-78 | Sans Top 25, OWASP:A03 | No |
| Usage of BinaryFormatter | CWE-502 | Sans Top 25, OWASP:A08 | Yes |
| Cleartext Storage of Sensitive Information in a Cookie | CWE-315 | OWASP:A05 | Yes |
| Code Injection | CWE-94 | Sans Top 25, OWASP:A03 | Yes |
| Command Injection | CWE-78 | Sans Top 25, OWASP:A03 | Yes |
| Deserialization of Untrusted Data | CWE-502 | Sans Top 25, OWASP:A08 | Yes |
| Hardcoded Secret | CWE-547 | OWASP:A05 | No |
| Improper Neutralization of CRLF Sequences in HTTP Headers | CWE-113 | OWASP:A03 | No |
| Use of a Broken or Risky Cryptographic Algorithm | CWE-327 | OWASP:A02 | No |
| Hardcoded Secret | CWE-547 | OWASP:A05 | Yes |
| Improper Neutralization of CRLF Sequences in HTTP Headers | CWE-113 | OWASP:A03 | Yes |
| Use of a Broken or Risky Cryptographic Algorithm | CWE-327 | OWASP:A02 | Yes |
| Use of Password Hash With Insufficient Computational Effort | CWE-916 | OWASP:A02 | Yes |
| Use of Insufficiently Random Values | CWE-330 | OWASP:A02 | No |
| Use of Insufficiently Random Values | CWE-330 | OWASP:A02 | Yes |
| Insecure Data Transmission | CWE-319 | OWASP:A02 | Yes |
| LDAP Injection | CWE-90 | OWASP:A03 | No |
| LDAP Injection | CWE-90 | OWASP:A03 | Yes |
| Log Forging | CWE-117 | OWASP:A09 | Yes |
| Use of Hardcoded Credentials | CWE-798 | Sans Top 25, OWASP:A07 | Yes |
| Open Redirect | CWE-601 | OWASP:A01 | No |
| Path Traversal | CWE-23 | OWASP:A01 | No |
| Open Redirect | CWE-601 | OWASP:A01 | Yes |
| Path Traversal | CWE-23 | OWASP:A01 | Yes |
| Exposure of Private Personal Information to an Unauthorized Actor | CWE-359 | OWASP:A01 | Yes |
| Regular expression injection | CWE-400, CWE-730 | None | No |
| Regular expression injection | CWE-400, CWE-730 | None | Yes |
| Request Validation Disabled | CWE-554 | None | Yes |
| Information Exposure | CWE-200 | OWASP:A01 | No |
| SQL Injection | CWE-89 | Sans Top 25, OWASP:A03 | No |
| Server-Side Request Forgery (SSRF) | CWE-918 | Sans Top 25, OWASP:A10 | No |
| Inadequate Encryption Strength | CWE-326 | OWASP:A02 | No |
| Information Exposure | CWE-200 | OWASP:A01 | Yes |
| SQL Injection | CWE-89 | Sans Top 25, OWASP:A03 | Yes |
| Server-Side Request Forgery (SSRF) | CWE-918 | Sans Top 25, OWASP:A10 | Yes |
| Inadequate Encryption Strength | CWE-326 | OWASP:A02 | Yes |
| Sensitive Cookie Without 'HttpOnly' Flag | CWE-1004 | OWASP:A05 | Yes |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | CWE-614 | OWASP:A05 | Yes |
| Cross-site Scripting (XSS) | CWE-79 | Sans Top 25, OWASP:A03 | No |
| XML External Entity (XXE) Injection | CWE-611 | OWASP:A05 | No |
| XAML Injection | CWE-611 | OWASP:A05 | No |
| XML Injection | CWE-91 | OWASP:A03 | No |
| XPath Injection | CWE-643 | OWASP:A03 | No |
| Arbitrary File Write via Archive Extraction (Zip Slip) | CWE-22 | Sans Top 25, OWASP:A01 | No |
| Cross-site Scripting (XSS) | CWE-79 | Sans Top 25, OWASP:A03 | Yes |
| XML External Entity (XXE) Injection | CWE-611 | OWASP:A05 | Yes |
| XAML Injection | CWE-611 | OWASP:A05 | Yes |
| XML Injection | CWE-91 | OWASP:A03 | Yes |
| XPath Injection | CWE-643 | OWASP:A03 | Yes |
| Arbitrary File Write via Archive Extraction (Zip Slip) | CWE-22 | Sans Top 25, OWASP:A01 | Yes |
Original file line number Diff line number Diff line change
Expand Up @@ -10,33 +10,33 @@ Each rule includes the following information.
| Rule Name | CWE(s) | Security Categories | Autofixable |
| ------------------------------------------------------------------------ | ---------------- | ---------------------- | ----------- |
| Memory Allocation Of String Length | CWE-170 | None | Yes |
| Insecure Anonymous LDAP Binding | CWE-287 | Sans Top 25, OWASP:A07 | No |
| Insecure Anonymous LDAP Binding | CWE-287 | Sans Top 25, OWASP:A07 | Yes |
| Buffer Overflow | CWE-122 | None | Yes |
| Division By Zero | CWE-369 | None | No |
| Division By Zero | CWE-369 | None | Yes |
| Missing Release of File Descriptor or Handle after Effective Lifetime | CWE-775 | None | Yes |
| Command Injection | CWE-78 | Sans Top 25, OWASP:A03 | No |
| Dereference of a NULL Pointer | CWE-476 | Sans Top 25 | No |
| Command Injection | CWE-78 | Sans Top 25, OWASP:A03 | Yes |
| Dereference of a NULL Pointer | CWE-476 | Sans Top 25 | Yes |
| Double Free | CWE-415 | None | Yes |
| Use of Externally-Controlled Format String | CWE-134 | None | Yes |
| Use of Hardcoded Cryptographic Key | CWE-321 | OWASP:A02 | No |
| Improper Null Termination | CWE-170 | None | No |
| Use of Hardcoded Cryptographic Key | CWE-321 | OWASP:A02 | Yes |
| Improper Null Termination | CWE-170 | None | Yes |
| Use of Password Hash With Insufficient Computational Effort | CWE-916 | OWASP:A02 | Yes |
| Integer Overflow | CWE-190 | Sans Top 25 | No |
| LDAP Injection | CWE-90 | OWASP:A03 | No |
| Integer Overflow | CWE-190 | Sans Top 25 | Yes |
| LDAP Injection | CWE-90 | OWASP:A03 | Yes |
| Missing Release of Memory after Effective Lifetime | CWE-401 | None | Yes |
| An optimizing compiler may remove memset non-zero leaving data in memory | CWE-1330 | None | No |
| Potential Negative Number Used as Index | CWE-125, CWE-787 | Sans Top 25 | No |
| Path Traversal | CWE-23 | OWASP:A01 | No |
| Exposure of Private Personal Information to an Unauthorized Actor | CWE-359 | OWASP:A01 | No |
| An optimizing compiler may remove memset non-zero leaving data in memory | CWE-1330 | None | Yes |
| Potential Negative Number Used as Index | CWE-125, CWE-787 | Sans Top 25 | Yes |
| Path Traversal | CWE-23 | OWASP:A01 | Yes |
| Exposure of Private Personal Information to an Unauthorized Actor | CWE-359 | OWASP:A01 | Yes |
| Size Used as Index | CWE-125, CWE-787 | Sans Top 25 | Yes |
| SQL Injection | CWE-89 | Sans Top 25, OWASP:A03 | No |
| Server-Side Request Forgery (SSRF) | CWE-918 | Sans Top 25, OWASP:A10 | No |
| SQL Injection | CWE-89 | Sans Top 25, OWASP:A03 | Yes |
| Server-Side Request Forgery (SSRF) | CWE-918 | Sans Top 25, OWASP:A10 | Yes |
| Inadequate Encryption Strength | CWE-326 | OWASP:A02 | Yes |
| Potential buffer overflow from usage of unsafe function | CWE-122 | None | Yes |
| Use of Expired File Descriptor | CWE-910 | None | No |
| Use After Free | CWE-416 | Sans Top 25 | No |
| User Controlled Pointer | CWE-1285 | None | No |
| Authentication Bypass by Spoofing | CWE-290 | OWASP:A07 | No |
| Cross-site Scripting (XSS) | CWE-79 | Sans Top 25, OWASP:A03 | No |
| XML External Entity (XXE) Injection | CWE-611 | OWASP:A05 | No |
| XPath Injection | CWE-643 | OWASP:A03 | No |
| Use of Expired File Descriptor | CWE-910 | None | Yes |
| Use After Free | CWE-416 | Sans Top 25 | Yes |
| User Controlled Pointer | CWE-1285 | None | Yes |
| Authentication Bypass by Spoofing | CWE-290 | OWASP:A07 | Yes |
| Cross-site Scripting (XSS) | CWE-79 | Sans Top 25, OWASP:A03 | Yes |
| XML External Entity (XXE) Injection | CWE-611 | OWASP:A05 | Yes |
| XPath Injection | CWE-643 | OWASP:A03 | Yes |
Original file line number Diff line number Diff line change
Expand Up @@ -13,18 +13,18 @@ Each rule includes the following information.

| Rule Name | CWE(s) | Security Categories | Autofixable |
| --------------------------------------------------- | ---------------- | --------------------------- | ----------- |
| Use of Hardcoded Cryptographic Key | CWE-321 | OWASP:A02:2021 | No |
| Use of Hardcoded Cryptographic Initialization Value | CWE-321 | OWASP:A02:2021 | No |
| No Dynamic SQL Clauses | CWE-89 | Sans Top 25, OWASP:A03:2021 | No |
| Inadequate Encryption Strength - Small Key Size | CWE-326 | OWASP:A02:2021 | No |
| Weak Cryptographic Primitive | CWE-327 | OWASP:A02:2021 | No |
| Clear Text Logging | CWE-321 | OWASP:A02:2021 | No |
| Hardcoded Secret | CWE-547 | OWASP:A02:2021 | No |
| Injection on Accept | CWE-20 | SANS Top 25 | No |
| Insecure Debug Features Enabled | CWE-489, CWE-215 | OWASP:A05:2021 | No |
| Insecure Data Transmission | CWE-319 | OWASP:A02:2021 | No |
| SQL SELECT statement without WHERE clause | CWE-668 | OWASP:A01:2021 | No |
| Multiple CICS HANDLE ABEND Declarations | CWE-755 | OWASP:A05:2021 | No |
| Missing SQL Communication Area (SQLCA) | CWE-391 | OWASP:A05:2021 | No |
| Ignored Error Condition | CWE-391 | OWASP:A05:2021 | No |
| Use of a Broken or Risky Cryptographic Algorithm | CWE-327 | OWASP:A02:2021 | No |
| Use of Hardcoded Cryptographic Key | CWE-321 | OWASP:A02:2021 | Yes |
| Use of Hardcoded Cryptographic Initialization Value | CWE-321 | OWASP:A02:2021 | Yes |
| No Dynamic SQL Clauses | CWE-89 | Sans Top 25, OWASP:A03:2021 | Yes |
| Inadequate Encryption Strength - Small Key Size | CWE-326 | OWASP:A02:2021 | Yes |
| Weak Cryptographic Primitive | CWE-327 | OWASP:A02:2021 | Yes |
| Clear Text Logging | CWE-321 | OWASP:A02:2021 | Yes |
| Hardcoded Secret | CWE-547 | OWASP:A02:2021 | Yes |
| Injection on Accept | CWE-20 | SANS Top 25 | Yes |
| Insecure Debug Features Enabled | CWE-489, CWE-215 | OWASP:A05:2021 | Yes |
| Insecure Data Transmission | CWE-319 | OWASP:A02:2021 | Yes |
| SQL SELECT statement without WHERE clause | CWE-668 | OWASP:A01:2021 | Yes |
| Multiple CICS HANDLE ABEND Declarations | CWE-755 | OWASP:A05:2021 | Yes |
| Missing SQL Communication Area (SQLCA) | CWE-391 | OWASP:A05:2021 | Yes |
| Ignored Error Condition | CWE-391 | OWASP:A05:2021 | Yes |
| Use of a Broken or Risky Cryptographic Algorithm | CWE-327 | OWASP:A02:2021 | Yes |
Loading
Loading