*this not returned in
copy assignment operator
|
RETURN_NOT_REF_TO_THIS
|
Abnormal termination of
exit handler
|
EXIT_ABNORMAL_HANDLER
|
Absorption of float
operand
|
FLOAT_ABSORPTION
|
Accessing object with temporary lifetime
|
TEMP_OBJECT_ACCESS
|
Alignment changed after memory
reallocation | ALIGNMENT_CHANGE |
Alternating input and output from a stream without flush or
positioning call | IO_INTERLEAVING |
Ambiguous
declaration syntax | MOST_VEXING_PARSE |
A move
operation may throw | MOVE_OPERATION_MAY_THROW |
Arithmetic operation
with NULL pointer
|
NULL_PTR_ARITH
|
Array access out of
bounds
|
OUT_BOUND_ARRAY
|
Array access with
tainted index
|
TAINTED_ARRAY_INDEX
|
Assertion
|
ASSERT
|
Asynchronously cancellable thread | ASYNCHRONOUSLY_CANCELLABLE_THREAD |
Atomic load
and store sequence not atomic | ATOMIC_VAR_SEQUENCE_NOT_ATOMIC |
Atomic
variable accessed twice in an
expression | ATOMIC_VAR_ACCESS_TWICE |
Automatic
or thread local variable escaping from a
thread | LOCAL_ADDR_ESCAPE_THREAD |
Bad file access mode or
status
|
BAD_FILE_ACCESS_MODE_STATUS
|
Bad order of dropping
privileges
|
BAD_PRIVILEGE_DROP_ORDER
|
Base class assignment
operator not called
|
MISSING_BASE_ASSIGN_OP_CALL
|
Base class destructor
not virtual
|
DTOR_NOT_VIRTUAL
|
Bitwise and arithmetic
operation on the same data
|
BITWISE_ARITH_MIX
|
Bitwise operation on
negative value
|
BITWISE_NEG
|
Blocking
operation while holding lock | BLOCKING_WHILE_LOCKED |
Buffer overflow from
incorrect string format specifier
|
STR_FORMAT_BUFFER_OVERFLOW
|
Bytewise
operations on nontrivial class object | MEMOP_ON_NONTRIVIAL_OBJ |
C++
reference to const-qualified type with subsequent
modification | WRITE_REFERENCE_TO_CONST_TYPE |
C++
reference type qualified with const or
volatile | CV_QUALIFIED_REFERENCE_TYPE |
Call through non-prototyped function
pointer | UNPROTOTYPED_FUNC_CALL |
Call to memset with
unintended value
|
MEMSET_INVALID_VALUE
|
Character value absorbed
into EOF
|
CHAR_EOF_CONFUSED
|
Closing a previously
closed resource
|
DOUBLE_RESOURCE_CLOSE
|
Code deactivated by
constant false condition
|
DEACTIVATED_CODE
|
Command executed from
externally controlled path
|
TAINTED_PATH_CMD
|
Constant block cipher
initialization vector
|
CRYPTO_CIPHER_CONSTANT_IV
|
Constant cipher
key
|
CRYPTO_CIPHER_CONSTANT_KEY
|
Const
parameter values may cause unnecessary data
copies | CONST_PARAMETER_VALUE |
Const
return values may cause unnecessary data
copies | CONST_RETURN_VALUE |
Const
rvalue reference parameter may cause unnecessary data
copies | CONST_RVALUE_REFERENCE_PARAMETER |
Const
std::move input may cause a more expensive object
copy | EXPENSIVE_STD_MOVE_CONST_OBJECT |
Context initialized incorrectly for cryptographic
operation
|
CRYPTO_PKEY_INCORRECT_INIT
|
Context initialized incorrectly for digest
operation
|
CRYPTO_MD_BAD_FUNCTION
|
Conversion
or deletion of incomplete class
pointer | INCOMPLETE_CLASS_PTR |
Copy constructor not
called in initialization list
|
MISSING_COPY_CTOR_CALL
|
Copy of overlapping
memory
|
OVERLAPPING_COPY
|
Copy
operation modifying source operand | COPY_MODIFYING_SOURCE |
Critical
data member is not private | CRITICAL_DATA_MEMBER_DECLARED_PUBLIC |
C string
from string::c_str() compared to
pointer | STD_STRING_C_STR_COMPARED_TO_POINTER |
Data race
|
DATA_RACE
|
Data race
on adjacent bit fields | DATA_RACE_BIT_FIELDS |
Data race through
standard library function call
|
DATA_RACE_STD_LIB
|
Dead
code
|
DEAD_CODE
|
Deadlock
|
DEADLOCK
|
Deallocation of
previously deallocated pointer
|
DOUBLE_DEALLOCATION
|
Declaration
mismatch
|
DECL_MISMATCH
|
Declaration
of catch for generic exception | CATCH_FOR_GENERIC_EXCEPTION |
Declaration
of throw for generic exception | THROW_FOR_GENERIC_EXCEPTION |
Delete of void
pointer
|
DELETE_OF_VOID_PTR
|
Destination buffer
overflow in string manipulation
|
STRLIB_BUFFER_OVERFLOW
|
Destination buffer
underflow in string manipulation
|
STRLIB_BUFFER_UNDERFLOW
|
Destruction of locked
mutex
|
DESTROY_LOCKED
|
Deterministic random
output from constant seed
|
RAND_SEED_CONSTANT
|
Double
lock
|
DOUBLE_LOCK
|
Double
unlock
|
DOUBLE_UNLOCK
|
Duplicated code | DUPLICATED_CODE |
Empty
destructors may cause unnecessary data
copies | EMPTY_DESTRUCTOR_DEFINED |
Environment pointer invalidated by previous
operation
|
INVALID_ENV_POINTER
|
Errno not
checked
|
ERRNO_NOT_CHECKED
|
Errno not
reset
|
MISSING_ERRNO_RESET
|
Exception caught by
value
|
EXCP_CAUGHT_BY_VALUE
|
Exception handler
hidden by previous handler
|
EXCP_HANDLER_HIDDEN
|
Execution of a binary
from a relative path can be controlled by an external
actor
|
RELATIVE_PATH_CMD
|
Execution of externally
controlled command
|
TAINTED_EXTERNAL_CMD
|
Expensive member initialization | EXPENSIVE_MEMBER_INITIALIZATION |
Expensive std::function type definition | EXPENSIVE_STD_FUNCTION |
Expensive unused object | EXPENSIVE_UNUSED_OBJECT |
Expensive use of map instead of set | EXPENSIVE_USE_OF_MAP_INSTEAD_OF_SET |
Expensive use of std::any_cast | EXPENSIVE_ANY_CAST |
Expensive
allocation in loop | EXPENSIVE_ALLOC_IN_LOOP |
Expensive
constant std::string construction | EXPENSIVE_CONSTANT_STD_STRING |
Expensive
copy in a range-based for loop
iteration | EXPENSIVE_RANGE_BASED_FOR_LOOP_ITERATION |
Expensive
dynamic cast | EXPENSIVE_DYNAMIC_CAST |
Expensive
local variable copy | EXPENSIVE_LOCAL_VARIABLE |
Expensive
logical operation | EXPENSIVE_LOGICAL_OPERATION |
Expensive
pass by value | EXPENSIVE_PASS_BY_VALUE |
Expensive
post-increment operation | EXPENSIVE_POST_INCREMENT |
Expensive
return by value | EXPENSIVE_RETURN_BY_VALUE |
Expensive
return caused by unnecessary
std::move | EXPENSIVE_RETURN_STD_MOVE |
Expensive
return of a const object | EXPENSIVE_RETURN_CONST_OBJECT |
Expensive
use of a standard algorithm when a more efficient method
exists | EXPENSIVE_USE_OF_STD_ALGORITHM |
Expensive
use of container's count method | EXPENSIVE_CONTAINER_COUNT |
Expensive
use of container's insertion method | EXPENSIVE_CONTAINER_INSERTION |
Expensive
use of container's size method | EXPENSIVE_CONTAINER_EMPTINESS_CHECK |
Expensive
use of map's bracket operator to insert or assign a
value | EXPENSIVE_MAP_INSERT_OR_ASSIGN |
Expensive
use of non-member std::string operator+() instead of a
simple append | EXPENSIVE_STD_STRING_APPEND |
Expensive
use of std::string methods instead of more efficient
overload | EXPENSIVE_USE_OF_STD_STRING_METHODS |
Expensive
use of std::string with empty string
literal | UNNECESSARY_EMPTY_STRING_LITERAL |
Expensive
use of string functions from the C standard
library | EXPENSIVE_USE_OF_C_STRING_API |
Expensive
use of substr() to shorten a
std::string | EXPENSIVE_STD_STRING_RESIZE |
File access between
time of check and use (TOCTOU)
|
TOCTOU
|
File descriptor exposure to child
process | FILE_EXPOSURE_TO_CHILD |
File does
not compile | file_does_not_compile |
File manipulation after
chroot() without chdir("/")
|
CHROOT_MISUSE
|
Float conversion
overflow
|
FLOAT_CONV_OVFL
|
Float division by
zero
|
FLOAT_ZERO_DIV
|
Floating point
comparison with equality operators
|
BAD_FLOAT_OP
|
Float
overflow
|
FLOAT_OVFL
|
Format string
specifiers and arguments mismatch
|
STRING_FORMAT
|
Function called from signal handler not
asynchronous-safe | SIG_HANDLER_ASYNC_UNSAFE |
Function called from signal handler not asynchronous-safe
(strict) | SIG_HANDLER_ASYNC_UNSAFE_STRICT |
Function pointer
assigned with absolute address
|
FUNC_PTR_ABSOLUTE_ADDR
|
Function
that can spuriously fail not wrapped in
loop | SPURIOUS_FAILURE_NOT_WRAPPED_IN_LOOP |
Function
that can spuriously wake up not wrapped in
loop | SPURIOUS_WAKEUP_NOT_WRAPPED_IN_LOOP |
Hard-coded buffer
size
|
HARD_CODED_BUFFER_SIZE
|
Hard-coded loop
boundary
|
HARD_CODED_LOOP_BOUNDARY
|
Hard-coded object size
used to manipulate memory
|
HARD_CODED_MEM_SIZE
|
Hard-coded
sensitive data | HARD_CODED_SENSITIVE_DATA |
Host change using
externally controlled elements
|
TAINTED_HOSTID
|
Improper array
initialization
|
IMPROPER_ARRAY_INIT
|
Improper
erase-remove idiom | STD_REMOVE_WITHOUT_ERASE |
Inappropriate I/O operation on device
files | INAPPROPRIATE_IO_ON_DEVICE |
Incompatible padding for RSA algorithm
operation
|
CRYPTO_RSA_BAD_PADDING
|
Incompatible types
prevent overriding
|
VIRTUAL_FUNC_HIDING
|
Inconsistent cipher
operations
|
CRYPTO_CIPHER_BAD_FUNCTION
|
Incorrect data type passed to va_arg
|
VA_ARG_INCORRECT_TYPE
|
Incorrect key for cryptographic algorithm
|
CRYPTO_PKEY_INCORRECT_KEY
|
Incorrectly
indented statement | INCORRECT_INDENTATION |
Incorrect order of
network connection operations
|
BAD_NETWORK_CONNECT_ORDER
|
Incorrect test registration or definition | PSTUNIT_MISUSE_REGISTRATION |
Incorrect use of mocking API | PSTUNIT_MISUSE_MOCKING |
Incorrect use of test fixtures | PSTUNIT_MISUSE_FIXTURES |
Incorrect use of test setup/teardown API | PSTUNIT_MISUSE_SETUP_TEARDOWN |
Incorrect pointer
scaling
|
BAD_PTR_SCALING
|
Incorrect
syntax of flexible array member size | FLEXIBLE_ARRAY_MEMBER_INCORRECT_SIZE |
Incorrect
type data passed to va_start | VA_START_INCORRECT_TYPE |
Incorrect
use of offsetof in C++ | OFFSETOF_MISUSE |
Incorrect
use of va_start | VA_START_MISUSE |
Incorrect
value forwarding | INCORRECT_VALUE_FORWARDING |
Inefficient
string length computation | INEFFICIENT_BASIC_STRING_LENGTH |
Inefficient
use of for loop | PREFER_RANGE_BASED_FOR_LOOPS |
Inefficient
use of sprintf | inefficient_sprintf |
Infinite loop | INFINITE_LOOP |
Information leak via structure padding
|
PADDING_INFO_LEAK
|
Inline constraint not respected
|
INLINE_CONSTRAINT_NOT_RESPECTED
|
Integer
constant overflow | INT_CONSTANT_OVFL |
Integer conversion
overflow
|
INT_CONV_OVFL
|
Integer division by
zero
|
INT_ZERO_DIV
|
Integer
overflow
|
INT_OVFL
|
Integer
precision exceeded | INT_PRECISION_EXCEEDED |
Invalid assumptions
about memory organization
|
INVALID_MEMORY_ASSUMPTION
|
Invalid deletion of
pointer
|
BAD_DELETE
|
Invalid file position | INVALID_FILE_POS |
Invalid free of
pointer
|
BAD_FREE
|
Invalid
iterator usage | INVALID_ITERATOR_USAGE |
Invalid
scientific notation format | INVALID_NOTATION_ON_E_CONSTANT |
Invalid use of ==
operator
|
BAD_EQUAL_EQUAL_USE
|
Invalid use of =
operator
|
BAD_EQUAL_USE
|
Invalid use of standard
library floating point routine
|
FLOAT_STD_LIB
|
Invalid use of standard
library integer routine
|
INT_STD_LIB
|
Invalid use of standard
library memory routine
|
MEM_STD_LIB
|
Invalid use of standard
library routine
|
OTHER_STD_LIB
|
Invalid use of standard
library string routine
|
STR_STD_LIB
|
Invalid va_list
argument
|
INVALID_VA_LIST_ARG
|
Join or
detach of a joined or detached thread | DOUBLE_JOIN_OR_DETACH |
Lambda used
as typeid operand | LAMBDA_TYPE_MISUSE |
LDAP injection | LDAP_INJECTION |
Library loaded from
externally controlled path
|
TAINTED_PATH_LIB
|
Line with more than one
statement
|
MORE_THAN_ONE_STATEMENT
|
Load of library from a
relative path can be controlled by an external
actor
|
RELATIVE_PATH_LIB
|
Loop bounded with
tainted value
|
TAINTED_LOOP_BOUNDARY
|
Macro
terminated with a semicolon | SEMICOLON_TERMINATED_MACRO |
Macro with
multiple statements | MULTI_STMT_MACRO |
Member not initialized
in constructor
|
NON_INIT_MEMBER
|
Memory allocation with
tainted size
|
TAINTED_MEMORY_ALLOC_SIZE
|
Memory comparison of float-point values
|
MEMCMP_FLOAT
|
Memory comparison of
padding data
|
MEMCMP_PADDING_DATA
|
Memory comparison of
strings
|
MEMCMP_STRINGS
|
Memory
leak
|
MEM_LEAK
|
Method not
const | METHOD_NOT_CONST |
Mismatch between data
length and size
|
DATA_LENGTH_MISMATCH
|
Mismatched alloc/dealloc functions on
Windows | WIN_MISMATCH_DEALLOC |
Missing blinding for RSA algorithm
|
CRYPTO_RSA_NO_BLINDING
|
Missing block cipher
initialization vector
|
CRYPTO_CIPHER_NO_IV
|
Missing break of switch
case
|
MISSING_SWITCH_BREAK
|
Missing byte reordering when transferring
data | MISSING_BYTESWAP |
Missing
call to container's reserve method | MISSING_CONTAINER_RESERVE |
Missing case for switch
condition
|
MISSING_SWITCH_CASE
|
Missing
certification authority list | CRYPTO_SSL_NO_CA |
Missing cipher
algorithm
|
CRYPTO_CIPHER_NO_ALGORITHM
|
Missing cipher data to
process
|
CRYPTO_CIPHER_NO_DATA
|
Missing cipher final
step
|
CRYPTO_CIPHER_NO_FINAL
|
Missing cipher
key
|
CRYPTO_CIPHER_NO_KEY
|
Missing
constexpr specifier | MISSING_CONSTEXPR |
Missing data for encryption, decryption or signing
operation
|
CRYPTO_PKEY_NO_DATA
|
Missing explicit
keyword
|
MISSING_EXPLICIT_KEYWORD
|
Missing
final step after hashing update
operation | CRYPTO_MD_NO_FINAL |
Missing
hash algorithm | CRYPTO_MD_NO_ALGORITHM |
Missing
lock
|
BAD_UNLOCK
|
Missing null in string
array
|
MISSING_NULL_CHAR
|
Missing or
double initialization of thread
attribute | BAD_THREAD_ATTRIBUTE |
Missing
overload of allocation or deallocation
function | MISSING_OVERLOAD_NEW_DELETE_PAIR |
Missing padding for RSA algorithm
|
CRYPTO_RSA_NO_PADDING
|
Missing parameters for key generation
|
CRYPTO_PKEY_NO_PARAMS
|
Missing peer key
|
CRYPTO_PKEY_NO_PEER
|
Missing private key
|
CRYPTO_PKEY_NO_PRIVATE_KEY
|
Missing
private key for X.509 certificate | CRYPTO_SSL_NO_PRIVATE_KEY |
Missing public key
|
CRYPTO_PKEY_NO_PUBLIC_KEY
|
Missing reset of a
freed pointer
|
MISSING_FREED_PTR_RESET
|
Missing return
statement
|
MISSING_RETURN
|
Missing
salt for hashing operation | CRYPTO_MD_NO_SALT |
Missing
unlock
|
BAD_LOCK
|
Missing virtual
inheritance
|
MISSING_VIRTUAL_INHERITANCE
|
Missing
X.509 certificate | CRYPTO_SSL_NO_CERTIFICATE |
Misuse of a FILE object | FILE_OBJECT_MISUSE |
Misuse of
errno
|
ERRNO_MISUSE
|
Misuse of errno in a signal handler
|
SIG_HANDLER_ERRNO_MISUSE
|
Misuse of
narrow or wide character string | NARROW_WIDE_STR_MISUSE |
Misuse of
readlink()
|
READLINK_MISUSE
|
Misuse of return value
from nonreentrant standard function
|
NON_REENTRANT_STD_RETURN
|
Misuse of sign-extended
character value
|
CHARACTER_MISUSE
|
Misuse of structure with flexible array
member | FLEXIBLE_ARRAY_MEMBER_STRUCT_MISUSE |
Modification of
internal buffer returned from nonreentrant standard
function
|
WRITE_INTERNAL_BUFFER_RETURNED_FROM_STD_FUNC
|
Move
operation on const object | MOVE_CONST_OBJECT |
Move
operation uses copy | MOVE_OPERATION_USES_COPY |
Multiple
mutexes used with same condition
variable | MULTI_MUTEX_WITH_ONE_COND_VAR |
Multiple
threads waiting on same condition
variable | SIGNALED_COND_VAR_NOT_UNIQUE |
No data
added into context | CRYPTO_MD_NO_DATA |
Noexcept
function exits with exception | NOEXCEPT_FUNCTION_THROWS |
Non-compliance with AUTOSAR
specification | autosar_lib_non_compliance |
Non-initialized
pointer
|
NON_INIT_PTR
|
Non-initialized
variable
|
NON_INIT_VAR
|
Nonsecure hash algorithm
|
CRYPTO_MD_WEAK_HASH
|
Nonsecure parameters for key generation
|
CRYPTO_PKEY_WEAK_PARAMS
|
Nonsecure RSA public exponent
|
CRYPTO_RSA_LOW_EXPONENT
|
Nonsecure SSL/TLS protocol
|
CRYPTO_SSL_WEAK_PROTOCOL
|
Null
pointer
|
NULL_PTR
|
Object
slicing
|
OBJECT_SLICING
|
Opening previously
opened resource
|
DOUBLE_RESOURCE_OPEN
|
Operator
new not overloaded for possibly overaligned
class | MISSING_OVERLOAD_NEW_FOR_ALIGNED_OBJ |
Overlapping
assignment
|
OVERLAPPING_ASSIGN
|
Partially accessed
array
|
PARTIALLY_ACCESSED_ARRAY
|
Partial override of
overloaded virtual functions
|
PARTIAL_OVERRIDE
|
Partially duplicated code | ALMOST_DUPLICATED_CODE |
Plain text password stored in file system | PLAIN_TEXT_PASSWORD_IN_FILESYSTEM |
Pointer access out of
bounds
|
OUT_BOUND_PTR
|
Pointer dereference
with tainted offset
|
TAINTED_PTR_OFFSET
|
Pointer or reference to destroyed temporary object | POINTER_TO_TEMPORARY_OBJECT |
Pointer or reference to
stack variable leaving scope
|
LOCAL_ADDR_ESCAPE
|
Pointer to
non-initialized value converted to const
pointer
|
NON_INIT_PTR_CONV
|
Possible copy-paste error | COPY_PASTE_ERROR |
Possible
invalid operation on boolean operand | INVALID_OPERATION_ON_BOOLEAN |
Possible misuse of
sizeof
|
SIZEOF_MISUSE
|
Possibly
inappropriate data type for switch
expression | INAPPROPRIATE_TYPE_IN_SWITCH |
Possibly unintended
evaluation of expression because of operator precedence
rules
|
OPERATOR_PRECEDENCE
|
Precision
loss in integer to float conversion | INT_TO_FLOAT_PRECISION_LOSS |
Predefined macro used as an object
|
MACRO_USED_AS_OBJECT
|
Predictable block
cipher initialization vector
|
CRYPTO_CIPHER_PREDICTABLE_IV
|
Predictable cipher
key
|
CRYPTO_CIPHER_PREDICTABLE_KEY
|
Predictable random
output from predictable seed
|
RAND_SEED_PREDICTABLE
|
Preprocessor directive in macro argument
|
PRE_DIRECTIVE_MACRO_ARG
|
Privilege drop not
verified
|
MISSING_PRIVILEGE_DROP_CHECK
|
Public
static field is not const | PUBLIC_STATIC_FIELD_NOT_CONST |
Qualifier removed in
conversion
|
QUALIFIER_MISMATCH
|
Redundant
expression in sizeof operand | SIZEOF_USELESS_OP |
Reference to un-named temporary | LOCAL_REF_TO_UNNAMED_TEMPORARY |
Resource injection | RESOURCE_INJECTION |
Resource
leak
|
RESOURCE_LEAK
|
Returned value of a
sensitive function not checked
|
RETURN_NOT_CHECKED
|
Return from computational exception signal
handler | SIG_HANDLER_COMP_EXCP_RETURN |
Return of non const
handle to encapsulated data member
|
BREAKING_DATA_ENCAPSULATION
|
Right operand of shift
operation outside allowed bounds
|
SHIFT_OVFL
|
Self assignment not
tested in operator
|
MISSING_SELF_ASSIGN_TEST
|
Semicolon
on same line as if, for or while
statement | SEMICOLON_CTRL_STMT_SAME_LINE |
Sensitive data printed
out
|
SENSITIVE_DATA_PRINT
|
Sensitive heap memory
not cleared before release
|
SENSITIVE_HEAP_NOT_CLEARED
|
Server
certificate common name not checked | CRYPTO_SSL_HOSTNAME_NOT_CHECKED |
Shared data access within signal
handler | SIG_HANDLER_SHARED_OBJECT |
Shift of a negative
value
|
SHIFT_NEG
|
Side effect
in arguments to unsafe macro | SIDE_EFFECT_IN_UNSAFE_MACRO_ARG |
Side effect of expression ignored
|
SIDE_EFFECT_IGNORED
|
Signal call from within signal
handler | SIG_HANDLER_CALLING_SIGNAL |
Signal call
in multithreaded program | SIGNAL_USE_IN_MULTITHREADED_PROGRAM |
Sign change integer
conversion overflow
|
SIGN_CHANGE
|
SQL injection | SQL_INJECTION |
Standard function call
with incorrect arguments
|
STD_FUNC_ARG_MISMATCH
|
Static uncalled
function
|
UNCALLED_FUNC
|
std::endl may cause an unnecessary
flush | STD_ENDL_USE |
std::move
called on an unmovable type | STD_MOVE_UNMOVABLE_TYPE |
std::string_view initialized with dangling
pointer | DANGLING_STRING_VIEW |
Stream argument with possibly unintended side
effects
|
STREAM_WITH_SIDE_EFFECT
|
Subtraction or comparison between pointers to different
arrays | PTR_TO_DIFF_ARRAY |
Tainted division
operand
|
TAINTED_INT_DIVISION
|
Tainted modulo
operand
|
TAINTED_INT_MOD
|
Tainted NULL or
non-null-terminated string
|
TAINTED_STRING
|
Tainted sign change
conversion
|
TAINTED_SIGN_CHANGE
|
Tainted size of
variable length array
|
TAINTED_VLA_SIZE
|
Tainted source used with sensitive function | TAINTED_SOURCE_USE_CUSTOM |
Tainted string
format
|
TAINTED_STRING_FORMAT
|
Thread-specific memory leak | THREAD_MEM_LEAK |
Throw argument expression calls new | THROW_EXPRESSION_CALLS_NEW |
Throw
argument raises unexpected exception | THROW_ARGUMENT_EXPRESSION_THROWS |
TLS/SSL
connection method not set | CRYPTO_SSL_NO_ROLE |
TLS/SSL
connection method set incorrectly | CRYPTO_SSL_BAD_ROLE |
Too many va_arg calls for current argument
list
|
TOO_MANY_VA_ARG_CALLS
|
Typedef
mismatch
|
TYPEDEF_MISMATCH
|
Umask used with
chmod-style arguments
|
BAD_UMASK
|
Uncaught
exception | UNCAUGHT_EXCEPTION |
Uncaught
exception | UNCAUGHT_EXCEPTION |
Uncertain
memory cleaning | UNCERTAIN_MEMORY_CLEANING |
Uncleared sensitive
data in stack
|
SENSITIVE_STACK_NOT_CLEARED
|
Universal character name from token
concatenation
|
PRE_UCNAME_JOIN_TOKENS
|
Unmodified
variable not const-qualified | UNMODIFIED_VAR_NOT_CONST |
Unnamed
namespace in header file | UNNAMED_NAMESPACE_IN_HEADER |
Unnecessary construction before reassignment | UNNECESSARY_CONSTRUCTION_BEFORE_ASSIGNMENT |
Unnecessary implementation of a special member function | UNNECESSARY_IMPL_OF_SPECIAL_MEMBER_FUNCTION |
Unnecessary reference to parameter | EXPENSIVE_PASS_BY_REFERENCE |
Unnecessary
padding | UNNECESSARY_STRUCT_PADDING |
Unnecessary
use of std::string::c_str() or equivalent string
methods | EXPENSIVE_C_STR_STD_STRING_CONSTRUCTION |
Unprotected dynamic
memory allocation
|
UNPROTECTED_MEMORY_ALLOCATION
|
Unreachable
code
|
UNREACHABLE
|
Unreliable cast of
function pointer
|
FUNC_CAST
|
Unreliable cast of
pointer
|
PTR_CAST
|
Unsafe call to a system function | UNSAFE_SYSTEM_CALL |
Unsafe conversion
between pointer and integer
|
BAD_INT_PTR_CAST
|
Unsafe conversion from
string to numerical value
|
UNSAFE_STR_TO_NUMERIC
|
Unsafe standard
encryption function
|
UNSAFE_STD_CRYPT
|
Unsafe standard
function
|
UNSAFE_STD_FUNC
|
Unsigned
integer constant overflow | UINT_CONSTANT_OVFL |
Unsigned integer
conversion overflow
|
UINT_CONV_OVFL
|
Unsigned integer
overflow
|
UINT_OVFL
|
Unsupported syntax used with test authoring API | PSTUNIT_UNSUPPORTED_SYNTAX |
Unused variable | UNUSED_VARIABLE |
Unused
parameter
|
UNUSED_PARAMETER
|
Useless if
|
USELESS_IF
|
Useless
Include | USELESS_INCLUDE |
Useless
preprocessor conditional directive | USELESS_PREPROC_CONDITION |
Use of a
forbidden C/C++ keyword | FORBIDDEN_KEYWORD |
Use of a
forbidden function | FORBIDDEN_FUNC |
Use of a
forbidden macro | FORBIDDEN_MACRO |
Use of automatic variable as putenv-family function
argument | PUTENV_AUTO_VAR |
Use of dangerous
standard function
|
DANGEROUS_STD_FUNC
|
Use of externally
controlled environment variable
|
TAINTED_ENV_VARIABLE
|
Use of indeterminate string | INDETERMINATE_STRING |
Use of memset with size
argument zero
|
MEMSET_INVALID_SIZE
|
Use of new
or make_unique instead of more efficient
make_shared | MISSING_MAKE_SHARED |
Use of non-secure
temporary file
|
NON_SECURE_TEMP_FILE
|
Use of obsolete
standard function
|
OBSOLETE_STD_FUNC
|
Use of path
manipulation function without maximum sized buffer
checking
|
PATH_BUFFER_OVERFLOW
|
Use of plain char type
for numerical value
|
BAD_PLAIN_CHAR_USE
|
Use of previously
closed resource
|
CLOSED_RESOURCE_USE
|
Use of previously freed
pointer
|
FREED_PTR
|
Use of
setjmp/longjmp
|
SETJMP_LONGJMP_USE
|
Use of
signal to kill thread | THREAD_KILLED_WITH_SIGNAL |
Useless capture | USELESS_CAPTURE |
Use of tainted
pointer | TAINTED_PTR |
Use of
tainted pointer | TAINTED_PTR |
Use of
undefined thread ID | UNDEFINED_THREAD_ID |
Variable length array
with nonpositive size
|
NON_POSITIVE_VLA_SIZE
|
Variable
shadowing
|
VAR_SHADOWING
|
Vulnerable path
manipulation
|
PATH_TRAVERSAL
|
Vulnerable permission
assignments
|
DANGEROUS_PERMISSIONS
|
Vulnerable
pseudo-random number generator
|
VULNERABLE_PRNG
|
Weak cipher
algorithm
|
CRYPTO_CIPHER_WEAK_CIPHER
|
Weak cipher
mode
|
CRYPTO_CIPHER_WEAK_MODE
|
Weak padding for RSA algorithm
|
CRYPTO_RSA_WEAK_PADDING
|
Write without a further
read
|
USELESS_WRITE
|
Writing to const
qualified object
|
CONSTANT_OBJECT_WRITE
|
Writing to read-only
resource
|
READ_ONLY_RESOURCE_WRITE
|
Wrong allocated object
size for cast
|
OBJECT_SIZE_MISMATCH
|
Wrong type used in
sizeof |
PTR_SIZEOF_MISMATCH
|
X.509 peer
certificate not checked | CRYPTO_SSL_CERT_NOT_CHECKED |
