*this not returned in copy assignment operator
|
RETURN_NOT_REF_TO_THIS
|
Abnormal termination of exit handler
|
EXIT_ABNORMAL_HANDLER
|
Absorption of float operand
|
FLOAT_ABSORPTION
|
Accessing object with temporary lifetime
|
TEMP_OBJECT_ACCESS
|
Alignment changed after memory reallocation | ALIGNMENT_CHANGE |
Alternating input and output from a stream without flush or positioning call | IO_INTERLEAVING |
Ambiguous declaration syntax | MOST_VEXING_PARSE |
Arithmetic operation with NULL pointer
|
NULL_PTR_ARITH
|
Array access out of bounds
|
OUT_BOUND_ARRAY
|
Array access with tainted index
|
TAINTED_ARRAY_INDEX
|
Assertion
|
ASSERT
|
Asynchronously cancellable thread | ASYNCHRONOUSLY_CANCELLABLE_THREAD |
Atomic load and store sequence not atomic | ATOMIC_VAR_SEQUENCE_NOT_ATOMIC |
Atomic variable accessed twice in an expression | ATOMIC_VAR_ACCESS_TWICE |
Automatic or thread local variable escaping from a thread | LOCAL_ADDR_ESCAPE_THREAD |
Bad file access mode or status
|
BAD_FILE_ACCESS_MODE_STATUS
|
Bad order of dropping privileges
|
BAD_PRIVILEGE_DROP_ORDER
|
Base class assignment operator not called
|
MISSING_BASE_ASSIGN_OP_CALL
|
Base class destructor not virtual
|
DTOR_NOT_VIRTUAL
|
Bitwise and arithmetic operation on the same data
|
BITWISE_ARITH_MIX
|
Bitwise operation on negative value
|
BITWISE_NEG
|
Blocking operation while holding lock | BLOCKING_WHILE_LOCKED |
Buffer overflow from incorrect string format specifier
|
STR_FORMAT_BUFFER_OVERFLOW
|
Bytewise operations on nontrivial class object | MEMOP_ON_NONTRIVIAL_OBJ |
C++ reference to const-qualified type with subsequent modification | WRITE_REFERENCE_TO_CONST_TYPE |
C++ reference type qualified with const or volatile | CV_QUALIFIED_REFERENCE_TYPE |
Call through non-prototyped function pointer | UNPROTOTYPED_FUNC_CALL |
Call to memset with unintended value
|
MEMSET_INVALID_VALUE
|
Character value absorbed into EOF
|
CHAR_EOF_CONFUSED
|
Closing a previously closed resource
|
DOUBLE_RESOURCE_CLOSE
|
Code deactivated by constant false condition
|
DEACTIVATED_CODE
|
Command executed from externally controlled path
|
TAINTED_PATH_CMD
|
Const parameter values may cause unnecessary data copies | CONST_PARAMETER_VALUE |
Const return values may cause unnecessary data copies | CONST_RETURN_VALUE |
Constant block cipher initialization vector
|
CRYPTO_CIPHER_CONSTANT_IV
|
Constant cipher key
|
CRYPTO_CIPHER_CONSTANT_KEY
|
Context initialized incorrectly for cryptographic operation
|
CRYPTO_PKEY_INCORRECT_INIT
|
Context initialized incorrectly for digest operation
|
CRYPTO_MD_BAD_FUNCTION
|
Conversion or deletion of incomplete class pointer | INCOMPLETE_CLASS_PTR |
Copy constructor not called in initialization list
|
MISSING_COPY_CTOR_CALL
|
Copy of overlapping memory
|
OVERLAPPING_COPY
|
Copy operation modifying source operand | COPY_MODIFYING_SOURCE |
Data race
|
DATA_RACE
|
Data race including atomic operations
|
DATA_RACE_ALL
|
Data race through standard library function call
|
DATA_RACE_STD_LIB
|
Dead code
|
DEAD_CODE
|
Deadlock
|
DEADLOCK
|
Deallocation of previously deallocated pointer
|
DOUBLE_DEALLOCATION
|
Declaration mismatch
|
DECL_MISMATCH
|
Delete of void pointer
|
DELETE_OF_VOID_PTR
|
Destination buffer overflow in string manipulation
|
STRLIB_BUFFER_OVERFLOW
|
Destination buffer underflow in string manipulation
|
STRLIB_BUFFER_UNDERFLOW
|
Destruction of locked mutex
|
DESTROY_LOCKED
|
Deterministic random output from constant seed
|
RAND_SEED_CONSTANT
|
Double lock
|
DOUBLE_LOCK
|
Double unlock
|
DOUBLE_UNLOCK
|
Empty destructors may cause unnecessary data copies | EMPTY_DESTRUCTOR_DEFINED |
Environment pointer invalidated by previous operation
|
INVALID_ENV_POINTER
|
Errno not checked
|
ERRNO_NOT_CHECKED
|
Errno not reset
|
MISSING_ERRNO_RESET
|
Exception caught by value
|
EXCP_CAUGHT_BY_VALUE
|
Exception handler hidden by previous handler
|
EXCP_HANDLER_HIDDEN
|
Execution of a binary from a relative path can be controlled by an external actor
|
RELATIVE_PATH_CMD
|
Execution of externally controlled command
|
TAINTED_EXTERNAL_CMD
|
File access between time of check and use (TOCTOU)
|
TOCTOU
|
File descriptor exposure to child process | FILE_EXPOSURE_TO_CHILD |
File manipulation after chroot without chdir
|
CHROOT_MISUSE
|
Float conversion overflow
|
FLOAT_CONV_OVFL
|
Float division by zero
|
FLOAT_ZERO_DIV
|
Floating point comparison with equality operators
|
BAD_FLOAT_OP
|
Float overflow
|
FLOAT_OVFL
|
Format string specifiers and arguments mismatch
|
STRING_FORMAT
|
Function called from signal handler not asynchronous-safe | SIG_HANDLER_ASYNC_UNSAFE |
Function called from signal handler not asynchronous-safe (strict) | SIG_HANDLER_ASYNC_UNSAFE_STRICT |
Function pointer assigned with absolute address
|
FUNC_PTR_ABSOLUTE_ADDR
|
Function that can spuriously fail not wrapped in loop | SPURIOUS_FAILURE_NOT_WRAPPED_IN_LOOP |
Function that can spuriously wake up not wrapped in loop | SPURIOUS_WAKEUP_NOT_WRAPPED_IN_LOOP |
Hard-coded buffer size
|
HARD_CODED_BUFFER_SIZE
|
Hard-coded loop boundary
|
HARD_CODED_LOOP_BOUNDARY
|
Hard-coded object size used to manipulate memory
|
HARD_CODED_MEM_SIZE
|
Hard-coded sensitive data | HARD_CODED_SENSITIVE_DATA |
Host change using externally controlled elements
|
TAINTED_HOSTID
|
Improper array initialization
|
IMPROPER_ARRAY_INIT
|
Inappropriate I/O operation on device files | INAPPROPRIATE_IO_ON_DEVICE |
Incompatible padding for RSA algorithm operation
|
CRYPTO_RSA_BAD_PADDING
|
Incompatible types prevent overriding
|
VIRTUAL_FUNC_HIDING
|
Inconsistent cipher operations
|
CRYPTO_CIPHER_BAD_FUNCTION
|
Incorrect data type passed to va_arg
|
VA_ARG_INCORRECT_TYPE
|
Incorrect key for cryptographic algorithm
|
CRYPTO_PKEY_INCORRECT_KEY
|
Incorrect order of network connection operations
|
BAD_NETWORK_CONNECT_ORDER
|
Incorrect pointer scaling
|
BAD_PTR_SCALING
|
Incorrect type data passed to va_start | VA_START_INCORRECT_TYPE |
Incorrect use of offsetof in C++ | OFFSETOF_MISUSE |
Incorrect use of va_start | VA_START_MISUSE |
Incorrect syntax of flexible array member size | FLEXIBLE_ARRAY_MEMBER_INCORRECT_SIZE |
Incorrectly indented statement | INCORRECT_INDENTATION |
Inefficient string length computation | INEFFICIENT_BASIC_STRING_LENGTH |
Information leak via structure padding
|
PADDING_INFO_LEAK
|
Inline constraint not respected
|
INLINE_CONSTRAINT_NOT_RESPECTED
|
Integer constant overflow | INT_CONSTANT_OVFL |
Integer conversion overflow
|
INT_CONV_OVFL
|
Integer division by zero
|
INT_ZERO_DIV
|
Integer overflow
|
INT_OVFL
|
Integer precision exceeded | INT_PRECISION_EXCEEDED |
Invalid assumptions about memory organization
|
INVALID_MEMORY_ASSUMPTION
|
Invalid deletion of pointer
|
BAD_DELETE
|
Invalid file position | INVALID_FILE_POS |
Invalid free of pointer
|
BAD_FREE
|
Invalid use of = (assignment) operator
|
BAD_EQUAL_USE
|
Invalid use of == (equality) operator
|
BAD_EQUAL_EQUAL_USE
|
Invalid use of standard library floating point routine
|
FLOAT_STD_LIB
|
Invalid use of standard library integer routine
|
INT_STD_LIB
|
Invalid use of standard library memory routine
|
MEM_STD_LIB
|
Invalid use of standard library routine
|
OTHER_STD_LIB
|
Invalid use of standard library string routine
|
STR_STD_LIB
|
Invalid va_list argument
|
INVALID_VA_LIST_ARG
|
Join or detach of a joined or detached thread | DOUBLE_JOIN_OR_DETACH |
Lambda used as typeid operand | LAMBDA_TYPE_MISUSE |
Large pass-by-value argument
|
PASS_BY_VALUE
|
Library loaded from externally controlled path
|
TAINTED_PATH_LIB
|
Line with more than one statement
|
MORE_THAN_ONE_STATEMENT
|
Load of library from a relative path can be controlled by an external actor
|
RELATIVE_PATH_LIB
|
Loop bounded with tainted value
|
TAINTED_LOOP_BOUNDARY
|
Macro terminated with a semicolon | SEMICOLON_TERMINATED_MACRO |
Macro with multiple statements | MULTI_STMT_MACRO |
Member not initialized in constructor
|
NON_INIT_MEMBER
|
Memory allocation with tainted size
|
TAINTED_MEMORY_ALLOC_SIZE
|
Memory comparison of float-point values
|
MEMCMP_FLOAT
|
Memory comparison of padding data
|
MEMCMP_PADDING_DATA
|
Memory comparison of strings
|
MEMCMP_STRINGS
|
Memory leak
|
MEM_LEAK
|
Mismatch between data length and size
|
DATA_LENGTH_MISMATCH
|
Mismatched alloc/dealloc functions on Windows | WIN_MISMATCH_DEALLOC |
Missing blinding for RSA algorithm
|
CRYPTO_RSA_NO_BLINDING
|
Missing block cipher initialization vector
|
CRYPTO_CIPHER_NO_IV
|
Missing break of switch case
|
MISSING_SWITCH_BREAK
|
Missing byte reordering when transferring data | MISSING_BYTESWAP |
Missing case for switch condition
|
MISSING_SWITCH_CASE
|
Missing certification authority list | CRYPTO_SSL_NO_CA |
Missing cipher algorithm
|
CRYPTO_CIPHER_NO_ALGORITHM
|
Missing cipher data to process
|
CRYPTO_CIPHER_NO_DATA
|
Missing cipher final step
|
CRYPTO_CIPHER_NO_FINAL
|
Missing cipher key
|
CRYPTO_CIPHER_NO_KEY
|
Missing data for encryption, decryption or signing operation
|
CRYPTO_PKEY_NO_DATA
|
Missing explicit keyword
|
MISSING_EXPLICIT_KEYWORD
|
Missing final step after hashing update operation | CRYPTO_MD_NO_FINAL |
Missing hash algorithm | CRYPTO_MD_NO_ALGORITHM |
Missing lock
|
BAD_UNLOCK
|
Missing null in string array
|
MISSING_NULL_CHAR
|
Missing or double initialization of thread attribute | BAD_THREAD_ATTRIBUTE |
Missing overload of allocation or deallocation function | MISSING_OVERLOAD_NEW_DELETE_PAIR |
Missing padding for RSA algorithm
|
CRYPTO_RSA_NO_PADDING
|
Missing parameters for key generation
|
CRYPTO_PKEY_NO_PARAMS
|
Missing peer key
|
CRYPTO_PKEY_NO_PEER
|
Missing private key
|
CRYPTO_PKEY_NO_PRIVATE_KEY
|
Missing private key for X.509 certificate | CRYPTO_SSL_NO_PRIVATE_KEY |
Missing public key
|
CRYPTO_PKEY_NO_PUBLIC_KEY
|
Missing reset of a freed pointer
|
MISSING_FREED_PTR_RESET
|
Missing return statement
|
MISSING_RETURN
|
Missing salt for hashing operation | CRYPTO_MD_NO_SALT |
Missing unlock
|
BAD_LOCK
|
Missing virtual inheritance
|
MISSING_VIRTUAL_INHERITANCE
|
Missing X.509 certificate | CRYPTO_SSL_NO_CERTIFICATE |
Misuse of a FILE object | FILE_OBJECT_MISUSE |
Misuse of errno
|
ERRNO_MISUSE
|
Misuse of errno in a signal handler
|
SIG_HANDLER_ERRNO_MISUSE
|
Misuse of narrow or wide character string | NARROW_WIDE_STR_MISUSE |
Misuse of readlink()
|
READLINK_MISUSE
|
Misuse of return value from nonreentrant standard function
|
NON_REENTRANT_STD_RETURN
|
Misuse of sign-extended character value
|
CHARACTER_MISUSE
|
Misuse of structure with flexible array member | FLEXIBLE_ARRAY_MEMBER_STRUCT_MISUSE |
Modification of internal buffer returned from nonreentrant standard function
|
WRITE_INTERNAL_BUFFER_RETURNED_FROM_STD_FUNC
|
Move operation on const object | MOVE_CONST_OBJECT |
Multiple mutexes used with same conditional variable | MULTI_MUTEX_WITH_ONE_COND_VAR |
Multiple threads waiting on same condition variable | SIGNALED_COND_VAR_NOT_UNIQUE |
No data added into context | CRYPTO_MD_NO_DATA |
Non-initialized pointer
|
NON_INIT_PTR
|
Non-initialized variable
|
NON_INIT_VAR
|
Nonsecure hash algorithm
|
CRYPTO_MD_WEAK_HASH
|
Nonsecure parameters for key generation
|
CRYPTO_PKEY_WEAK_PARAMS
|
Nonsecure RSA public exponent
|
CRYPTO_RSA_LOW_EXPONENT
|
Nonsecure SSL/TLS protocol
|
CRYPTO_SSL_WEAK_PROTOCOL
|
Null pointer
|
NULL_PTR
|
Object slicing
|
OBJECT_SLICING
|
Opening previously opened resource
|
DOUBLE_RESOURCE_OPEN
|
Operator new not overloaded for possibly overaligned class | MISSING_OVERLOAD_NEW_FOR_ALIGNED_OBJ |
Overlapping assignment
|
OVERLAPPING_ASSIGN
|
Partially accessed array
|
PARTIALLY_ACCESSED_ARRAY
|
Partial override of overloaded virtual functions
|
PARTIAL_OVERRIDE
|
Pointer access out of bounds
|
OUT_BOUND_PTR
|
Pointer dereference with tainted offset
|
TAINTED_PTR_OFFSET
|
Pointer or reference to stack variable leaving scope
|
LOCAL_ADDR_ESCAPE
|
Pointer to non-initialized value converted to const pointer
|
NON_INIT_PTR_CONV
|
Possible invalid operation on boolean operand | INVALID_OPERATION_ON_BOOLEAN |
Possible misuse of sizeof
|
SIZEOF_MISUSE
|
Possibly inappropriate data type for switch expression | INAPPROPRIATE_TYPE_IN_SWITCH |
Possibly unintended evaluation of expression because of operator precedence rules
|
OPERATOR_PRECEDENCE
|
Precision loss in integer to float conversion | INT_TO_FLOAT_PRECISION_LOSS |
Predefined macro used as an object
|
MACRO_USED_AS_OBJECT
|
Predictable block cipher initialization vector
|
CRYPTO_CIPHER_PREDICTABLE_IV
|
Predictable cipher key
|
CRYPTO_CIPHER_PREDICTABLE_KEY
|
Predictable random output from predictable seed
|
RAND_SEED_PREDICTABLE
|
Preprocessor directive in macro argument
|
PRE_DIRECTIVE_MACRO_ARG
|
Privilege drop not verified
|
MISSING_PRIVILEGE_DROP_CHECK
|
Qualifier removed in conversion
|
QUALIFIER_MISMATCH
|
Redundant expression in sizeof operand | SIZEOF_USELESS_OP |
Resource leak
|
RESOURCE_LEAK
|
Returned value of a sensitive function not checked
|
RETURN_NOT_CHECKED
|
Return from computational exception signal handler | SIG_HANDLER_COMP_EXCP_RETURN |
Return of non const handle to encapsulated data member
|
BREAKING_DATA_ENCAPSULATION
|
Self assignment not tested in operator
|
MISSING_SELF_ASSIGN_TEST
|
Semicolon on same line as if, for or while statement | SEMICOLON_CTRL_STMT_SAME_LINE |
Sensitive data printed out
|
SENSITIVE_DATA_PRINT
|
Sensitive heap memory not cleared before release
|
SENSITIVE_HEAP_NOT_CLEARED
|
Server certificate common name not checked | CRYPTO_SSL_HOSTNAME_NOT_CHECKED |
Shared data access within signal handler | SIG_HANDLER_SHARED_OBJECT |
Shift of a negative value
|
SHIFT_NEG
|
Shift operation overflow
|
SHIFT_OVFL
|
Side effect in arguments to unsafe macro | SIDE_EFFECT_IN_UNSAFE_MACRO_ARG |
Side effect of expression ignored
|
SIDE_EFFECT_IGNORED
|
Signal call from within signal handler | SIG_HANDLER_CALLING_SIGNAL |
Signal call in multithreaded program | SIGNAL_USE_IN_MULTITHREADED_PROGRAM |
Sign change integer conversion overflow
|
SIGN_CHANGE
|
Standard function call with incorrect arguments
|
STD_FUNC_ARG_MISMATCH
|
Static uncalled function
|
UNCALLED_FUNC
|
std::endl may cause an unnecessary flush | STD_ENDL_USE |
Stream argument with possibly unintended side effects
|
STREAM_WITH_SIDE_EFFECT
|
Subtraction or comparison between pointers to different arrays | PTR_TO_DIFF_ARRAY |
Tainted division operand
|
TAINTED_INT_DIVISION
|
Tainted modulo operand
|
TAINTED_INT_MOD
|
Tainted NULL or non-null-terminated string
|
TAINTED_STRING
|
Tainted sign change conversion
|
TAINTED_SIGN_CHANGE
|
Tainted size of variable length array
|
TAINTED_VLA_SIZE
|
Tainted string format
|
TAINTED_STRING_FORMAT
|
Thread-specific memory leak | THREAD_MEM_LEAK |
TLS/SSL connection method not set | CRYPTO_SSL_NO_ROLE |
TLS/SSL connection method set incorrectly | CRYPTO_SSL_BAD_ROLE |
Too many va_arg calls for current argument list
|
TOO_MANY_VA_ARG_CALLS
|
Typedef mismatch
|
TYPEDEF_MISMATCH
|
Umask used with chmod-style arguments
|
BAD_UMASK
|
Uncleared sensitive data in stack
|
SENSITIVE_STACK_NOT_CLEARED
|
Universal character name from token concatenation
|
PRE_UCNAME_JOIN_TOKENS
|
Unmodified variable not const-qualified | UNMODIFIED_VAR_NOT_CONST |
Unnamed namespace in header file | UNNAMED_NAMESPACE_IN_HEADER |
Unprotected dynamic memory allocation
|
UNPROTECTED_MEMORY_ALLOCATION
|
Unreachable code
|
UNREACHABLE
|
Unreliable cast of function pointer
|
FUNC_CAST
|
Unreliable cast of pointer
|
PTR_CAST
|
Unsafe call to a system function | UNSAFE_SYSTEM_CALL |
Unsafe conversion between pointer and integer
|
BAD_INT_PTR_CAST
|
Unsafe conversion from string to numerical value
|
UNSAFE_STR_TO_NUMERIC
|
Unsafe standard encryption function
|
UNSAFE_STD_CRYPT
|
Unsafe standard function
|
UNSAFE_STD_FUNC
|
Unsigned integer constant overflow | UINT_CONSTANT_OVFL |
Unsigned integer conversion overflow
|
UINT_CONV_OVFL
|
Unsigned integer overflow
|
UINT_OVFL
|
Unused parameter
|
UNUSED_PARAMETER
|
Use of a forbidden function | FORBIDDEN_FUNC |
Useless if
|
USELESS_IF
|
Use of automatic variable as putenv-family function argument | PUTENV_AUTO_VAR |
Use of dangerous standard function
|
DANGEROUS_STD_FUNC
|
Use of externally controlled environment variable
|
TAINTED_ENV_VARIABLE
|
Use of indeterminate string | INDETERMINATE_STRING |
Use of memset with size argument zero
|
MEMSET_INVALID_SIZE
|
Use of non-secure temporary file
|
NON_SECURE_TEMP_FILE
|
Use of obsolete standard function
|
OBSOLETE_STD_FUNC
|
Use of path manipulation function without maximum sized buffer checking
|
PATH_BUFFER_OVERFLOW
|
Use of plain char type for numerical value
|
BAD_PLAIN_CHAR_USE
|
Use of previously closed resource
|
CLOSED_RESOURCE_USE
|
Use of previously freed pointer
|
FREED_PTR
|
Use of setjmp/longjmp
|
SETJMP_LONGJMP_USE
|
Use of undefined thread ID | UNDEFINED_THREAD_ID |
Use of signal to kill thread | THREAD_KILLED_WITH_SIGNAL |
Use of tainted pointer
|
TAINTED_PTR
|
Variable length array with nonpositive size
|
NON_POSITIVE_VLA_SIZE
|
Variable shadowing
|
VAR_SHADOWING
|
Vulnerable path manipulation
|
PATH_TRAVERSAL
|
Vulnerable permission assignments
|
DANGEROUS_PERMISSIONS
|
Vulnerable pseudo-random number generator
|
VULNERABLE_PRNG
|
Weak cipher algorithm
|
CRYPTO_CIPHER_WEAK_CIPHER
|
Weak cipher mode
|
CRYPTO_CIPHER_WEAK_MODE
|
Weak padding for RSA algorithm
|
CRYPTO_RSA_WEAK_PADDING
|
Write without a further read
|
USELESS_WRITE
|
Writing to const qualified object
|
CONSTANT_OBJECT_WRITE
|
Writing to read-only resource
|
READ_ONLY_RESOURCE_WRITE
|
Wrong allocated object size for cast
|
OBJECT_SIZE_MISMATCH
|
Wrong type used in sizeof |
PTR_SIZEOF_MISMATCH
|
X.509 peer certificate not checked | CRYPTO_SSL_CERT_NOT_CHECKED |