常见弱点枚举 (CWE)
Polyspace® 支持的 CWE 安全标准规则的列表和描述
常见弱点枚举 (CWE™) 是软件架构、设计、代码或实现中可能出现的软件弱点类型的列表。这些弱点可能导致安全漏洞。
Polyspace 可以根据 CWE 列表的子集(包括特定于 C 或 C++ 代码的子集或弱点)检查您的代码。要激活 CWE 列表的子集,请使用分析选项检查 CWE (-cwe)。Polyspace 支持 CWE 标准版本 4.12。
Polyspace 结果
CWE Rule 14 | Compiler Removal of Code to Clear Buffers (自 R2023a 起) |
CWE Rule 15 | External Control of System or Configuration Setting (自 R2024a 起) |
CWE Rule 20 | Improper Input Validation (自 R2024a 起) |
CWE Rule 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (自 R2024a 起) |
CWE Rule 23 | Relative Path Traversal (自 R2024a 起) |
CWE Rule 36 | Absolute Path Traversal (自 R2024a 起) |
CWE Rule 67 | Improper Handling of Windows Device Names (自 R2024a 起) |
CWE Rule 77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') (自 R2024a 起) |
CWE Rule 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (自 R2024a 起) |
CWE Rule 88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (自 R2024a 起) |
CWE Rule 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (自 R2023a 起) |
CWE Rule 90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (自 R2023a 起) |
CWE Rule 99 | Improper Control of Resource Identifiers ('Resource Injection') (自 R2024b 起) |
CWE Rule 114 | Process Control (自 R2024a 起) |
CWE Rule 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer (自 R2023a 起) |
CWE Rule 120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (自 R2023a 起) |
CWE Rule 121 | Stack-based Buffer Overflow (自 R2023a 起) |
CWE Rule 122 | Heap-based Buffer Overflow (自 R2023a 起) |
CWE Rule 123 | Write-what-where Condition (自 R2023a 起) |
CWE Rule 124 | Buffer Underwrite ('Buffer Underflow') (自 R2023a 起) |
CWE Rule 125 | Out-of-bounds Read (自 R2023a 起) |
CWE Rule 126 | Buffer Over-read (自 R2023a 起) |
CWE Rule 127 | Buffer Under-read (自 R2023a 起) |
CWE Rule 128 | Wrap-around Error (自 R2023a 起) |
CWE Rule 129 | Improper Validation of Array Index (自 R2023a 起) |
CWE Rule 130 | Improper Handling of Length Parameter Inconsistency (自 R2023a 起) |
CWE Rule 131 | Incorrect Calculation of Buffer Size (自 R2023a 起) |
CWE Rule 134 | Use of Externally-Controlled Format String (自 R2023a 起) |
CWE Rule 135 | Incorrect Calculation of Multi-Byte String Length (自 R2023a 起) |
CWE Rule 170 | Improper Null Termination (自 R2023a 起) |
CWE Rule 188 | Reliance on Data/Memory Layout (自 R2023a 起) |
CWE Rule 190 | Integer Overflow or Wraparound (自 R2024b 起) |
CWE Rule 191 | Integer Underflow (Wrap or Wraparound) (自 R2023a 起) |
CWE Rule 192 | Integer Coercion Error (自 R2023a 起) |
CWE Rule 194 | Unexpected Sign Extension (自 R2023a 起) |
CWE Rule 195 | Signed to Unsigned Conversion Error (自 R2023a 起) |
CWE Rule 196 | Unsigned to Signed Conversion Error (自 R2023a 起) |
CWE Rule 197 | Numeric Truncation Error (自 R2023a 起) |
CWE Rule 198 | Use of Incorrect Byte Ordering (自 R2024a 起) |
CWE Rule 226 | Sensitive Information in Resource Not Removed Before Reuse (自 R2024a 起) |
CWE Rule 240 | Improper Handling of Inconsistent Structural Elements (自 R2024a 起) |
CWE Rule 242 | Use of Inherently Dangerous Function (自 R2023a 起) |
CWE Rule 243 | Creation of chroot Jail Without Changing Working Directory (自 R2023a 起) |
CWE Rule 244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') (自 R2023a 起) |
CWE Rule 248 | Uncaught Exception (自 R2023a 起) |
CWE Rule 250 | Execution with Unnecessary Privileges (自 R2024a 起) |
CWE Rule 252 | Unchecked Return Value (自 R2023a 起) |
CWE Rule 253 | Incorrect Check of Function Return Value (自 R2023a 起) |
CWE Rule 256 | Plaintext storage of a password (自 R2023a 起) |
CWE Rule 273 | Improper Check for Dropped Privileges (自 R2024a 起) |
CWE Rule 287 | Improper Authentication (自 R2024a 起) |
CWE Rule 297 | Improper Validation of Certificate with Host Mismatch (自 R2024a 起) |
CWE Rule 304 | Missing Critical Step in Authentication (自 R2024a 起) |
CWE Rule 311 | Missing Encryption of Sensitive Data (自 R2023b 起) |
CWE Rule 312 | Cleartext Storage of Sensitive Information (自 R2023a 起) |
CWE Rule 316 | Cleartext Storage of Sensitive Information in Memory (自 R2024a 起) |
CWE Rule 319 | Cleartext Transmission of Sensitive Information (自 R2023b 起) |
CWE Rule 321 | Use of Hard-coded Cryptographic Key (自 R2023b 起) |
CWE Rule 322 | Key Exchange without Entity Authentication (自 R2024a 起) |
CWE Rule 325 | Missing Cryptographic Step (自 R2024a 起) |
CWE Rule 326 | Inadequate Encryption Strength (自 R2024a 起) |
CWE Rule 327 | Use of a Broken or Risky Cryptographic Algorithm (自 R2024a 起) |
CWE Rule 328 | Use of Weak Hash (自 R2024a 起) |
CWE Rule 329 | Generation of Predictable IV with CBC Mode (自 R2024a 起) |
CWE Rule 330 | Use of Insufficiently Random Values (自 R2024a 起) |
CWE Rule 335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (自 R2023a 起) |
CWE Rule 336 | Same Seed in Pseudo-Random Number Generator (PRNG) (自 R2024a 起) |
CWE Rule 337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) (自 R2024a 起) |
CWE Rule 338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (自 R2023a 起) |
CWE Rule 353 | Missing Support for Integrity Check (自 R2023a 起) |
CWE Rule 354 | Improper Validation of Integrity Check Value (自 R2024a 起) |
CWE Rule 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (自 R2023a 起) |
CWE Rule 364 | Signal Handler Race Condition (自 R2023a 起) |
CWE Rule 366 | Race Condition within a Thread (自 R2023a 起) |
CWE Rule 367 | Time-of-check Time-of-use (TOCTOU) Race Condition (自 R2024a 起) |
CWE Rule 369 | Divide By Zero (自 R2023a 起) |
CWE Rule 372 | Incomplete Internal State Distinction (自 R2024a 起) |
CWE Rule 374 | Passing Mutable Objects to an Untrusted Method (自 R2023b 起) |
CWE Rule 375 | Returning a Mutable Object to an Untrusted Caller (自 R2023a 起) |
CWE Rule 377 | Insecure Temporary File (自 R2024a 起) |
CWE Rule 391 | Unchecked Error Condition (自 R2024a 起) |
CWE Rule 396 | Declaration of Catch for Generic Exception (自 R2023a 起) |
CWE Rule 397 | Declaration of Throws for Generic Exception (自 R2023a 起) |
CWE Rule 401 | Missing Release of Memory after Effective Lifetime (自 R2023a 起) |
CWE Rule 404 | Improper Resource Shutdown or Release (自 R2024a 起) |
CWE Rule 413 | Improper Resource Locking (自 R2023a 起) |
CWE Rule 415 | Double Free (自 R2023a 起) |
CWE Rule 416 | Use After Free (自 R2023a 起) |
CWE Rule 426 | Untrusted Search Path (自 R2024a 起) |
CWE Rule 427 | Uncontrolled Search Path Element (自 R2024a 起) |
CWE Rule 456 | Missing Initialization of a Variable (自 R2024a 起) |
CWE Rule 457 | Use of Uninitialized Variable (自 R2023a 起) |
CWE Rule 460 | Improper Cleanup on Thrown Exception (自 R2023a 起) |
CWE Rule 463 | Deletion of Data Structure Sentinel (自 R2023a 起) |
CWE Rule 466 | Return of Pointer Value Outside of Expected Range (自 R2023a 起) |
CWE Rule 467 | Use of sizeof() on a Pointer Type (自 R2023a 起) |
CWE Rule 468 | Incorrect Pointer Scaling (自 R2023a 起) |
CWE Rule 469 | Use of Pointer Subtraction to Determine Size (自 R2023a 起) |
CWE Rule 471 | Modification of Assumed-Immutable Data (MAID) (自 R2024a 起) |
CWE Rule 474 | Use of Function with Inconsistent Implementations (自 R2023a 起) |
CWE Rule 475 | Undefined Behavior for Input to API (自 R2024a 起) |
CWE Rule 476 | NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 477 | Use of Obsolete Function (自 R2023a 起) |
CWE Rule 478 | Missing Default Case in Multiple Condition Expression (自 R2023a 起) |
CWE Rule 479 | Signal Handler Use of a Non-reentrant Function (自 R2023a 起) |
CWE Rule 480 | Use of Incorrect Operator (自 R2023a 起) |
CWE Rule 481 | Assigning instead of Comparing (自 R2023a 起) |
CWE Rule 482 | Comparing instead of Assigning (自 R2023a 起) |
CWE Rule 483 | Incorrect Block Delimitation (自 R2023a 起) |
CWE Rule 484 | Omitted Break Statement in Switch (自 R2023a 起) |
CWE Rule 489 | Active Debug Code (自 R2023a 起) |
CWE Rule 493 | Critical Public Variable Without Final Modifier (自 R2023b 起) |
CWE Rule 495 | Private Data Structure Returned From A Public Method (自 R2023a 起) |
CWE Rule 496 | Public Data Assigned to Private Array-Typed Field (自 R2023b 起) |
CWE Rule 498 | Cloneable class containing sensitive information (自 R2023b 起) |
CWE Rule 500 | Public Static Field Not Marked Final (自 R2023a 起) |
CWE Rule 522 | Insufficiently Protected Credentials (自 R2023a 起) |
CWE Rule 532 | Insertion of Sensitive Information into Log File (自 R2024a 起) |
CWE Rule 535 | Exposure of Information Through Shell Error Message (自 R2024a 起) |
CWE Rule 543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context (自 R2024a 起) |
CWE Rule 547 | Use of Hard-coded, Security-relevant Constants (自 R2023a 起) |
CWE Rule 558 | Use of getlogin() in Multithreaded Application (自 R2023a 起) |
CWE Rule 560 | Use of umask() with chmod-style Argument (自 R2023a 起) |
CWE Rule 561 | Dead Code (自 R2023a 起) |
CWE Rule 562 | Return of Stack Variable Address (自 R2023a 起) |
CWE Rule 563 | Assignment to Variable without Use (自 R2023a 起) |
CWE Rule 570 | Expression is Always False (自 R2023a 起) |
CWE Rule 571 | Expression is Always True (自 R2023a 起) |
CWE Rule 573 | Improper Following of Specification by Caller (自 R2024a 起) |
CWE Rule 587 | Assignment of a Fixed Address to a Pointer (自 R2023a 起) |
CWE Rule 590 | Free of Memory not on the Heap (自 R2024a 起) |
CWE Rule 606 | Unchecked Input for Loop Condition (自 R2023b 起) |
CWE Rule 617 | Reachable Assertion (自 R2023a 起) |
CWE Rule 628 | Function Call with Incorrectly Specified Arguments (自 R2024a 起) |
CWE Rule 663 | Use of a Non-reentrant Function in a Concurrent Context (自 R2024a 起) |
CWE Rule 664 | Improper Control of a Resource Through its Lifetime (自 R2024a 起) |
CWE Rule 665 | Improper Initialization (自 R2024a 起) |
CWE Rule 666 | Operation on Resource in Wrong Phase of Lifetime (自 R2024a 起) |
CWE Rule 667 | Improper Locking (自 R2024a 起) |
CWE Rule 672 | Operation on a Resource after Expiration or Release (自 R2024a 起) |
CWE Rule 674 | Uncontrolled Recursion (自 R2024a 起) |
CWE Rule 675 | Multiple Operations on Resource in Single-Operation Context (自 R2024a 起) |
CWE Rule 676 | Use of Potentially Dangerous Function (自 R2023a 起) |
CWE Rule 681 | Incorrect Conversion between Numeric Types (自 R2024a 起) |
CWE Rule 682 | Incorrect Calculation (自 R2024a 起) |
CWE Rule 683 | Function Call With Incorrect Order of Arguments (自 R2023b 起) |
CWE Rule 685 | Function Call With Incorrect Number of Arguments (自 R2023a 起) |
CWE Rule 686 | Function Call With Incorrect Argument Type (自 R2023b 起) |
CWE Rule 687 | Function Call With Incorrectly Specified Argument Value (自 R2023b 起) |
CWE Rule 688 | Function Call With Incorrect Variable or Reference as Argument (自 R2023b 起) |
CWE Rule 690 | Unchecked Return Value to NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 691 | Insufficient Control Flow Management (自 R2024a 起) |
CWE Rule 693 | Protection Mechanism Failure (自 R2024a 起) |
CWE Rule 696 | Incorrect Behavior Order (自 R2024a 起) |
CWE Rule 703 | Improper Check or Handling of Exceptional Conditions (自 R2024a 起) |
CWE Rule 704 | Incorrect Type Conversion or Cast (自 R2023a 起) |
CWE Rule 705 | Incorrect Control Flow Scoping (自 R2024a 起) |
CWE Rule 710 | Improper Adherence to Coding Standards (自 R2024a 起) |
CWE Rule 732 | Incorrect Permission Assignment for Critical Resource (自 R2024a 起) |
CWE Rule 733 | Compiler Optimization Removal or Modification of Security-critical Code (自 R2023a 起) |
CWE Rule 754 | Improper Check for Unusual or Exceptional Conditions (自 R2024a 起) |
CWE Rule 755 | Improper Handling of Exceptional Conditions (自 R2024a 起) |
CWE Rule 758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (自 R2024a 起) |
CWE Rule 759 | Use of a One-Way Hash without a Salt (自 R2024a 起) |
CWE Rule 762 | Mismatched Memory Management Routines (自 R2023a 起) |
CWE Rule 763 | Release of Invalid Pointer or Reference (自 R2023a 起) |
CWE Rule 764 | Multiple Locks of a Critical Resource (自 R2024a 起) |
CWE Rule 765 | Multiple Unlocks of a Critical Resource (自 R2024a 起) |
CWE Rule 766 | Critical Data Element Declared Public (自 R2023a 起) |
CWE Rule 767 | Access to Critical Private Variable via Public Method (自 R2023a 起) |
CWE Rule 770 | Allocation of Resources Without Limits or Throttling (自 R2024a 起) |
CWE Rule 772 | Missing Release of Resource after Effective Lifetime (自 R2024a 起) |
CWE Rule 780 | Use of RSA Algorithm without OAEP (自 R2024a 起) |
CWE Rule 783 | Operator Precedence Logic Error (自 R2023a 起) |
CWE Rule 785 | Use of Path Manipulation Function without Maximum-sized Buffer (自 R2023a 起) |
CWE Rule 786 | Access of Memory Location Before Start of Buffer (自 R2024a 起) |
CWE Rule 787 | Out-of-bounds Write (自 R2023a 起) |
CWE Rule 789 | Memory Allocation with Excessive Size Value (自 R2023a 起) |
CWE Rule 798 | Use of Hard-coded Credentials (自 R2023a 起) |
CWE Rule 805 | Buffer Access with Incorrect Length Value (自 R2023a 起) |
CWE Rule 806 | Buffer Access Using Size of Source Buffer (自 R2023a 起) |
CWE Rule 822 | Untrusted Pointer Dereference (自 R2023b 起) |
CWE Rule 823 | Use of Out-of-range Pointer Offset (自 R2024a 起) |
CWE Rule 824 | Access of Uninitialized Pointer (自 R2023a 起) |
CWE Rule 825 | Expired Pointer Dereference (自 R2023a 起) |
CWE Rule 826 | Premature Release of Resource During Expected Lifetime (自 R2024a 起) |
CWE Rule 828 | Signal Handler with Functionality that is not Asynchronous-Safe (自 R2024a 起) |
CWE Rule 832 | Unlock of a Resource that is not Locked (自 R2024a 起) |
CWE Rule 833 | Deadlock (自 R2024a 起) |
CWE Rule 839 | Numeric Range Comparison Without Minimum Check (自 R2023a 起) |
CWE Rule 843 | Access of Resource Using Incompatible Type ('Type Confusion') (自 R2023a 起) |
CWE Rule 908 | Use of Uninitialized Resource (自 R2024a 起) |
CWE Rule 910 | Use of Expired File Descriptor (自 R2023a 起) |
CWE Rule 922 | Insecure Storage of Sensitive Information (自 R2023a 起) |
CWE Rule 1071 | Empty code block (自 R2023a 起) |
CWE Rule 1335 | Incorrect Bitwise Shift of Integer (自 R2023a 起) |
CWE Rule 1341 | Multiple Releases of Same Resource or Handle (自 R2023a 起) |
CWE-658
CWE Rule 14 | Compiler Removal of Code to Clear Buffers (自 R2023a 起) |
CWE Rule 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer (自 R2023a 起) |
CWE Rule 120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (自 R2023a 起) |
CWE Rule 121 | Stack-based Buffer Overflow (自 R2023a 起) |
CWE Rule 122 | Heap-based Buffer Overflow (自 R2023a 起) |
CWE Rule 123 | Write-what-where Condition (自 R2023a 起) |
CWE Rule 124 | Buffer Underwrite ('Buffer Underflow') (自 R2023a 起) |
CWE Rule 125 | Out-of-bounds Read (自 R2023a 起) |
CWE Rule 126 | Buffer Over-read (自 R2023a 起) |
CWE Rule 127 | Buffer Under-read (自 R2023a 起) |
CWE Rule 128 | Wrap-around Error (自 R2023a 起) |
CWE Rule 129 | Improper Validation of Array Index (自 R2023a 起) |
CWE Rule 130 | Improper Handling of Length Parameter Inconsistency (自 R2023a 起) |
CWE Rule 131 | Incorrect Calculation of Buffer Size (自 R2023a 起) |
CWE Rule 134 | Use of Externally-Controlled Format String (自 R2023a 起) |
CWE Rule 135 | Incorrect Calculation of Multi-Byte String Length (自 R2023a 起) |
CWE Rule 170 | Improper Null Termination (自 R2023a 起) |
CWE Rule 188 | Reliance on Data/Memory Layout (自 R2023a 起) |
CWE Rule 190 | Integer Overflow or Wraparound (自 R2024b 起) |
CWE Rule 191 | Integer Underflow (Wrap or Wraparound) (自 R2023a 起) |
CWE Rule 192 | Integer Coercion Error (自 R2023a 起) |
CWE Rule 194 | Unexpected Sign Extension (自 R2023a 起) |
CWE Rule 195 | Signed to Unsigned Conversion Error (自 R2023a 起) |
CWE Rule 196 | Unsigned to Signed Conversion Error (自 R2023a 起) |
CWE Rule 197 | Numeric Truncation Error (自 R2023a 起) |
CWE Rule 242 | Use of Inherently Dangerous Function (自 R2023a 起) |
CWE Rule 243 | Creation of chroot Jail Without Changing Working Directory (自 R2023a 起) |
CWE Rule 244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') (自 R2023a 起) |
CWE Rule 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (自 R2023a 起) |
CWE Rule 364 | Signal Handler Race Condition (自 R2023a 起) |
CWE Rule 366 | Race Condition within a Thread (自 R2023a 起) |
CWE Rule 374 | Passing Mutable Objects to an Untrusted Method (自 R2023b 起) |
CWE Rule 375 | Returning a Mutable Object to an Untrusted Caller (自 R2023a 起) |
CWE Rule 401 | Missing Release of Memory after Effective Lifetime (自 R2023a 起) |
CWE Rule 415 | Double Free (自 R2023a 起) |
CWE Rule 416 | Use After Free (自 R2023a 起) |
CWE Rule 457 | Use of Uninitialized Variable (自 R2023a 起) |
CWE Rule 460 | Improper Cleanup on Thrown Exception (自 R2023a 起) |
CWE Rule 463 | Deletion of Data Structure Sentinel (自 R2023a 起) |
CWE Rule 466 | Return of Pointer Value Outside of Expected Range (自 R2023a 起) |
CWE Rule 467 | Use of sizeof() on a Pointer Type (自 R2023a 起) |
CWE Rule 468 | Incorrect Pointer Scaling (自 R2023a 起) |
CWE Rule 469 | Use of Pointer Subtraction to Determine Size (自 R2023a 起) |
CWE Rule 474 | Use of Function with Inconsistent Implementations (自 R2023a 起) |
CWE Rule 476 | NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 478 | Missing Default Case in Multiple Condition Expression (自 R2023a 起) |
CWE Rule 479 | Signal Handler Use of a Non-reentrant Function (自 R2023a 起) |
CWE Rule 480 | Use of Incorrect Operator (自 R2023a 起) |
CWE Rule 481 | Assigning instead of Comparing (自 R2023a 起) |
CWE Rule 482 | Comparing instead of Assigning (自 R2023a 起) |
CWE Rule 483 | Incorrect Block Delimitation (自 R2023a 起) |
CWE Rule 484 | Omitted Break Statement in Switch (自 R2023a 起) |
CWE Rule 495 | Private Data Structure Returned From A Public Method (自 R2023a 起) |
CWE Rule 496 | Public Data Assigned to Private Array-Typed Field (自 R2023b 起) |
CWE Rule 558 | Use of getlogin() in Multithreaded Application (自 R2023a 起) |
CWE Rule 560 | Use of umask() with chmod-style Argument (自 R2023a 起) |
CWE Rule 562 | Return of Stack Variable Address (自 R2023a 起) |
CWE Rule 587 | Assignment of a Fixed Address to a Pointer (自 R2023a 起) |
CWE Rule 676 | Use of Potentially Dangerous Function (自 R2023a 起) |
CWE Rule 685 | Function Call With Incorrect Number of Arguments (自 R2023a 起) |
CWE Rule 688 | Function Call With Incorrect Variable or Reference as Argument (自 R2023b 起) |
CWE Rule 690 | Unchecked Return Value to NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 704 | Incorrect Type Conversion or Cast (自 R2023a 起) |
CWE Rule 733 | Compiler Optimization Removal or Modification of Security-critical Code (自 R2023a 起) |
CWE Rule 762 | Mismatched Memory Management Routines (自 R2023a 起) |
CWE Rule 783 | Operator Precedence Logic Error (自 R2023a 起) |
CWE Rule 785 | Use of Path Manipulation Function without Maximum-sized Buffer (自 R2023a 起) |
CWE Rule 787 | Out-of-bounds Write (自 R2023a 起) |
CWE Rule 789 | Memory Allocation with Excessive Size Value (自 R2023a 起) |
CWE Rule 805 | Buffer Access with Incorrect Length Value (自 R2023a 起) |
CWE Rule 806 | Buffer Access Using Size of Source Buffer (自 R2023a 起) |
CWE Rule 839 | Numeric Range Comparison Without Minimum Check (自 R2023a 起) |
CWE Rule 843 | Access of Resource Using Incompatible Type ('Type Confusion') (自 R2023a 起) |
CWE Rule 910 | Use of Expired File Descriptor (自 R2023a 起) |
CWE Rule 1335 | Incorrect Bitwise Shift of Integer (自 R2023a 起) |
CWE Rule 1341 | Multiple Releases of Same Resource or Handle (自 R2023a 起) |
CWE-659
CWE Rule 14 | Compiler Removal of Code to Clear Buffers (自 R2023a 起) |
CWE Rule 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer (自 R2023a 起) |
CWE Rule 120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (自 R2023a 起) |
CWE Rule 121 | Stack-based Buffer Overflow (自 R2023a 起) |
CWE Rule 122 | Heap-based Buffer Overflow (自 R2023a 起) |
CWE Rule 123 | Write-what-where Condition (自 R2023a 起) |
CWE Rule 124 | Buffer Underwrite ('Buffer Underflow') (自 R2023a 起) |
CWE Rule 125 | Out-of-bounds Read (自 R2023a 起) |
CWE Rule 126 | Buffer Over-read (自 R2023a 起) |
CWE Rule 127 | Buffer Under-read (自 R2023a 起) |
CWE Rule 128 | Wrap-around Error (自 R2023a 起) |
CWE Rule 129 | Improper Validation of Array Index (自 R2023a 起) |
CWE Rule 130 | Improper Handling of Length Parameter Inconsistency (自 R2023a 起) |
CWE Rule 131 | Incorrect Calculation of Buffer Size (自 R2023a 起) |
CWE Rule 134 | Use of Externally-Controlled Format String (自 R2023a 起) |
CWE Rule 135 | Incorrect Calculation of Multi-Byte String Length (自 R2023a 起) |
CWE Rule 170 | Improper Null Termination (自 R2023a 起) |
CWE Rule 188 | Reliance on Data/Memory Layout (自 R2023a 起) |
CWE Rule 190 | Integer Overflow or Wraparound (自 R2024b 起) |
CWE Rule 191 | Integer Underflow (Wrap or Wraparound) (自 R2023a 起) |
CWE Rule 192 | Integer Coercion Error (自 R2023a 起) |
CWE Rule 194 | Unexpected Sign Extension (自 R2023a 起) |
CWE Rule 195 | Signed to Unsigned Conversion Error (自 R2023a 起) |
CWE Rule 196 | Unsigned to Signed Conversion Error (自 R2023a 起) |
CWE Rule 197 | Numeric Truncation Error (自 R2023a 起) |
CWE Rule 242 | Use of Inherently Dangerous Function (自 R2023a 起) |
CWE Rule 243 | Creation of chroot Jail Without Changing Working Directory (自 R2023a 起) |
CWE Rule 244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') (自 R2023a 起) |
CWE Rule 248 | Uncaught Exception (自 R2023a 起) |
CWE Rule 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (自 R2023a 起) |
CWE Rule 364 | Signal Handler Race Condition (自 R2023a 起) |
CWE Rule 366 | Race Condition within a Thread (自 R2023a 起) |
CWE Rule 374 | Passing Mutable Objects to an Untrusted Method (自 R2023b 起) |
CWE Rule 375 | Returning a Mutable Object to an Untrusted Caller (自 R2023a 起) |
CWE Rule 396 | Declaration of Catch for Generic Exception (自 R2023a 起) |
CWE Rule 397 | Declaration of Throws for Generic Exception (自 R2023a 起) |
CWE Rule 401 | Missing Release of Memory after Effective Lifetime (自 R2023a 起) |
CWE Rule 415 | Double Free (自 R2023a 起) |
CWE Rule 416 | Use After Free (自 R2023a 起) |
CWE Rule 457 | Use of Uninitialized Variable (自 R2023a 起) |
CWE Rule 460 | Improper Cleanup on Thrown Exception (自 R2023a 起) |
CWE Rule 463 | Deletion of Data Structure Sentinel (自 R2023a 起) |
CWE Rule 466 | Return of Pointer Value Outside of Expected Range (自 R2023a 起) |
CWE Rule 467 | Use of sizeof() on a Pointer Type (自 R2023a 起) |
CWE Rule 468 | Incorrect Pointer Scaling (自 R2023a 起) |
CWE Rule 469 | Use of Pointer Subtraction to Determine Size (自 R2023a 起) |
CWE Rule 476 | NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 478 | Missing Default Case in Multiple Condition Expression (自 R2023a 起) |
CWE Rule 479 | Signal Handler Use of a Non-reentrant Function (自 R2023a 起) |
CWE Rule 480 | Use of Incorrect Operator (自 R2023a 起) |
CWE Rule 481 | Assigning instead of Comparing (自 R2023a 起) |
CWE Rule 482 | Comparing instead of Assigning (自 R2023a 起) |
CWE Rule 483 | Incorrect Block Delimitation (自 R2023a 起) |
CWE Rule 484 | Omitted Break Statement in Switch (自 R2023a 起) |
CWE Rule 493 | Critical Public Variable Without Final Modifier (自 R2023b 起) |
CWE Rule 495 | Private Data Structure Returned From A Public Method (自 R2023a 起) |
CWE Rule 496 | Public Data Assigned to Private Array-Typed Field (自 R2023b 起) |
CWE Rule 498 | Cloneable class containing sensitive information (自 R2023b 起) |
CWE Rule 500 | Public Static Field Not Marked Final (自 R2023a 起) |
CWE Rule 543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context (自 R2024a 起) |
CWE Rule 558 | Use of getlogin() in Multithreaded Application (自 R2023a 起) |
CWE Rule 562 | Return of Stack Variable Address (自 R2023a 起) |
CWE Rule 587 | Assignment of a Fixed Address to a Pointer (自 R2023a 起) |
CWE Rule 676 | Use of Potentially Dangerous Function (自 R2023a 起) |
CWE Rule 690 | Unchecked Return Value to NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 704 | Incorrect Type Conversion or Cast (自 R2023a 起) |
CWE Rule 733 | Compiler Optimization Removal or Modification of Security-critical Code (自 R2023a 起) |
CWE Rule 762 | Mismatched Memory Management Routines (自 R2023a 起) |
CWE Rule 766 | Critical Data Element Declared Public (自 R2023a 起) |
CWE Rule 767 | Access to Critical Private Variable via Public Method (自 R2023a 起) |
CWE Rule 783 | Operator Precedence Logic Error (自 R2023a 起) |
CWE Rule 785 | Use of Path Manipulation Function without Maximum-sized Buffer (自 R2023a 起) |
CWE Rule 787 | Out-of-bounds Write (自 R2023a 起) |
CWE Rule 789 | Memory Allocation with Excessive Size Value (自 R2023a 起) |
CWE Rule 805 | Buffer Access with Incorrect Length Value (自 R2023a 起) |
CWE Rule 806 | Buffer Access Using Size of Source Buffer (自 R2023a 起) |
CWE Rule 839 | Numeric Range Comparison Without Minimum Check (自 R2023a 起) |
CWE Rule 843 | Access of Resource Using Incompatible Type ('Type Confusion') (自 R2023a 起) |
CWE Rule 910 | Use of Expired File Descriptor (自 R2023a 起) |
CWE Rule 1335 | Incorrect Bitwise Shift of Integer (自 R2023a 起) |
CWE Rule 1341 | Multiple Releases of Same Resource or Handle (自 R2023a 起) |
API/函数错误
CWE Rule 242 | Use of Inherently Dangerous Function (自 R2023a 起) |
CWE Rule 474 | Use of Function with Inconsistent Implementations (自 R2023a 起) |
CWE Rule 475 | Undefined Behavior for Input to API (自 R2024a 起) |
CWE Rule 477 | Use of Obsolete Function (自 R2023a 起) |
CWE Rule 676 | Use of Potentially Dangerous Function (自 R2023a 起) |
不良编码做法
CWE Rule 478 | Missing Default Case in Multiple Condition Expression (自 R2023a 起) |
CWE Rule 489 | Active Debug Code (自 R2023a 起) |
CWE Rule 547 | Use of Hard-coded, Security-relevant Constants (自 R2023a 起) |
CWE Rule 561 | Dead Code (自 R2023a 起) |
CWE Rule 562 | Return of Stack Variable Address (自 R2023a 起) |
CWE Rule 563 | Assignment to Variable without Use (自 R2023a 起) |
CWE Rule 628 | Function Call with Incorrectly Specified Arguments (自 R2024a 起) |
CWE Rule 1071 | Empty code block (自 R2023a 起) |
行为问题
CWE Rule 480 | Use of Incorrect Operator (自 R2023a 起) |
CWE Rule 483 | Incorrect Block Delimitation (自 R2023a 起) |
CWE Rule 484 | Omitted Break Statement in Switch (自 R2023a 起) |
CWE Rule 733 | Compiler Optimization Removal or Modification of Security-critical Code (自 R2023a 起) |
CWE Rule 783 | Operator Precedence Logic Error (自 R2023a 起) |
并发性问题
CWE Rule 366 | Race Condition within a Thread (自 R2023a 起) |
CWE Rule 367 | Time-of-check Time-of-use (TOCTOU) Race Condition (自 R2024a 起) |
CWE Rule 663 | Use of a Non-reentrant Function in a Concurrent Context (自 R2024a 起) |
凭据管理错误
CWE Rule 798 | Use of Hard-coded Credentials (自 R2023a 起) |
CWE Rule 256 | Plaintext storage of a password (自 R2023a 起) |
加密问题
CWE Rule 325 | Missing Cryptographic Step (自 R2024a 起) |
CWE Rule 328 | Use of Weak Hash (自 R2024a 起) |
数据完整性问题
CWE Rule 353 | Missing Support for Integrity Check (自 R2023a 起) |
CWE Rule 354 | Improper Validation of Integrity Check Value (自 R2024a 起) |
数据中性化问题
CWE Rule 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (自 R2024a 起) |
CWE Rule 88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (自 R2024a 起) |
CWE Rule 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (自 R2023a 起) |
CWE Rule 90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (自 R2023a 起) |
CWE Rule 170 | Improper Null Termination (自 R2023a 起) |
CWE Rule 188 | Reliance on Data/Memory Layout (自 R2023a 起) |
CWE Rule 463 | Deletion of Data Structure Sentinel (自 R2023a 起) |
数据处理错误
CWE Rule 130 | Improper Handling of Length Parameter Inconsistency (自 R2023a 起) |
数据验证问题
CWE Rule 129 | Improper Validation of Array Index (自 R2023a 起) |
CWE Rule 606 | Unchecked Input for Loop Condition (自 R2023b 起) |
错误条件、返回值、状态代码
CWE Rule 248 | Uncaught Exception (自 R2023a 起) |
CWE Rule 252 | Unchecked Return Value (自 R2023a 起) |
CWE Rule 253 | Incorrect Check of Function Return Value (自 R2023a 起) |
CWE Rule 391 | Unchecked Error Condition (自 R2024a 起) |
CWE Rule 396 | Declaration of Catch for Generic Exception (自 R2023a 起) |
CWE Rule 397 | Declaration of Throws for Generic Exception (自 R2023a 起) |
CWE Rule 617 | Reachable Assertion (自 R2023a 起) |
表达式问题
CWE Rule 570 | Expression is Always False (自 R2023a 起) |
CWE Rule 571 | Expression is Always True (自 R2023a 起) |
文件处理问题
CWE Rule 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (自 R2024a 起) |
CWE Rule 426 | Untrusted Search Path (自 R2024a 起) |
CWE Rule 427 | Uncontrolled Search Path Element (自 R2024a 起) |
处理程序错误
CWE Rule 479 | Signal Handler Use of a Non-reentrant Function (自 R2023a 起) |
信息管理错误
CWE Rule 312 | Cleartext Storage of Sensitive Information (自 R2023a 起) |
CWE Rule 319 | Cleartext Transmission of Sensitive Information (自 R2023b 起) |
CWE Rule 321 | Use of Hard-coded Cryptographic Key (自 R2023b 起) |
初始化和清理错误
CWE Rule 460 | Improper Cleanup on Thrown Exception (自 R2023a 起) |
密钥管理错误
CWE Rule 322 | Key Exchange without Entity Authentication (自 R2024a 起) |
内存缓冲区错误
CWE Rule 120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (自 R2023a 起) |
CWE Rule 123 | Write-what-where Condition (自 R2023a 起) |
CWE Rule 124 | Buffer Underwrite ('Buffer Underflow') (自 R2023a 起) |
CWE Rule 125 | Out-of-bounds Read (自 R2023a 起) |
CWE Rule 131 | Incorrect Calculation of Buffer Size (自 R2023a 起) |
CWE Rule 786 | Access of Memory Location Before Start of Buffer (自 R2024a 起) |
CWE Rule 787 | Out-of-bounds Write (自 R2023a 起) |
CWE Rule 805 | Buffer Access with Incorrect Length Value (自 R2023a 起) |
数值错误
CWE Rule 128 | Wrap-around Error (自 R2023a 起) |
CWE Rule 191 | Integer Underflow (Wrap or Wraparound) (自 R2023a 起) |
CWE Rule 192 | Integer Coercion Error (自 R2023a 起) |
CWE Rule 197 | Numeric Truncation Error (自 R2023a 起) |
CWE Rule 369 | Divide By Zero (自 R2023a 起) |
CWE Rule 681 | Incorrect Conversion between Numeric Types (自 R2024a 起) |
CWE Rule 839 | Numeric Range Comparison Without Minimum Check (自 R2023a 起) |
验证输入
CWE Rule 20 | Improper Input Validation (自 R2024a 起) |
CWE Rule 77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') (自 R2024a 起) |
CWE Rule 78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (自 R2024a 起) |
CWE Rule 88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (自 R2024a 起) |
CWE Rule 89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (自 R2023a 起) |
CWE Rule 90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') (自 R2023a 起) |
CWE Rule 99 | Improper Control of Resource Identifiers ('Resource Injection') (自 R2024b 起) |
其他
CWE Rule 14 | Compiler Removal of Code to Clear Buffers (自 R2023a 起) |
CWE Rule 20 | Improper Input Validation (自 R2024a 起) |
CWE Rule 23 | Relative Path Traversal (自 R2024a 起) |
CWE Rule 36 | Absolute Path Traversal (自 R2024a 起) |
CWE Rule 67 | Improper Handling of Windows Device Names (自 R2024a 起) |
CWE Rule 77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') (自 R2024a 起) |
CWE Rule 88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') (自 R2024a 起) |
CWE Rule 114 | Process Control (自 R2024a 起) |
CWE Rule 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer (自 R2023a 起) |
CWE Rule 121 | Stack-based Buffer Overflow (自 R2023a 起) |
CWE Rule 122 | Heap-based Buffer Overflow (自 R2023a 起) |
CWE Rule 126 | Buffer Over-read (自 R2023a 起) |
CWE Rule 127 | Buffer Under-read (自 R2023a 起) |
CWE Rule 190 | Integer Overflow or Wraparound (自 R2024b 起) |
CWE Rule 194 | Unexpected Sign Extension (自 R2023a 起) |
CWE Rule 195 | Signed to Unsigned Conversion Error (自 R2023a 起) |
CWE Rule 196 | Unsigned to Signed Conversion Error (自 R2023a 起) |
CWE Rule 198 | Use of Incorrect Byte Ordering (自 R2024a 起) |
CWE Rule 226 | Sensitive Information in Resource Not Removed Before Reuse (自 R2024a 起) |
CWE Rule 240 | Improper Handling of Inconsistent Structural Elements (自 R2024a 起) |
CWE Rule 244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') (自 R2023a 起) |
CWE Rule 287 | Improper Authentication (自 R2024a 起) |
CWE Rule 297 | Improper Validation of Certificate with Host Mismatch (自 R2024a 起) |
CWE Rule 304 | Missing Critical Step in Authentication (自 R2024a 起) |
CWE Rule 311 | Missing Encryption of Sensitive Data (自 R2023b 起) |
CWE Rule 316 | Cleartext Storage of Sensitive Information in Memory (自 R2024a 起) |
CWE Rule 326 | Inadequate Encryption Strength (自 R2024a 起) |
CWE Rule 327 | Use of a Broken or Risky Cryptographic Algorithm (自 R2024a 起) |
CWE Rule 329 | Generation of Predictable IV with CBC Mode (自 R2024a 起) |
CWE Rule 330 | Use of Insufficiently Random Values (自 R2024a 起) |
CWE Rule 336 | Same Seed in Pseudo-Random Number Generator (PRNG) (自 R2024a 起) |
CWE Rule 337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) (自 R2024a 起) |
CWE Rule 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') (自 R2023a 起) |
CWE Rule 377 | Insecure Temporary File (自 R2024a 起) |
CWE Rule 401 | Missing Release of Memory after Effective Lifetime (自 R2023a 起) |
CWE Rule 404 | Improper Resource Shutdown or Release (自 R2024a 起) |
CWE Rule 415 | Double Free (自 R2023a 起) |
CWE Rule 416 | Use After Free (自 R2023a 起) |
CWE Rule 456 | Missing Initialization of a Variable (自 R2024a 起) |
CWE Rule 457 | Use of Uninitialized Variable (自 R2023a 起) |
CWE Rule 471 | Modification of Assumed-Immutable Data (MAID) (自 R2024a 起) |
CWE Rule 481 | Assigning instead of Comparing (自 R2023a 起) |
CWE Rule 482 | Comparing instead of Assigning (自 R2023a 起) |
CWE Rule 493 | Critical Public Variable Without Final Modifier (自 R2023b 起) |
CWE Rule 495 | Private Data Structure Returned From A Public Method (自 R2023a 起) |
CWE Rule 496 | Public Data Assigned to Private Array-Typed Field (自 R2023b 起) |
CWE Rule 498 | Cloneable class containing sensitive information (自 R2023b 起) |
CWE Rule 500 | Public Static Field Not Marked Final (自 R2023a 起) |
CWE Rule 522 | Insufficiently Protected Credentials (自 R2023a 起) |
CWE Rule 532 | Insertion of Sensitive Information into Log File (自 R2024a 起) |
CWE Rule 535 | Exposure of Information Through Shell Error Message (自 R2024a 起) |
CWE Rule 543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context (自 R2024a 起) |
CWE Rule 558 | Use of getlogin() in Multithreaded Application (自 R2023a 起) |
CWE Rule 560 | Use of umask() with chmod-style Argument (自 R2023a 起) |
CWE Rule 573 | Improper Following of Specification by Caller (自 R2024a 起) |
CWE Rule 590 | Free of Memory not on the Heap (自 R2024a 起) |
CWE Rule 664 | Improper Control of a Resource Through its Lifetime (自 R2024a 起) |
CWE Rule 665 | Improper Initialization (自 R2024a 起) |
CWE Rule 666 | Operation on Resource in Wrong Phase of Lifetime (自 R2024a 起) |
CWE Rule 667 | Improper Locking (自 R2024a 起) |
CWE Rule 672 | Operation on a Resource after Expiration or Release (自 R2024a 起) |
CWE Rule 674 | Uncontrolled Recursion (自 R2024a 起) |
CWE Rule 675 | Multiple Operations on Resource in Single-Operation Context (自 R2024a 起) |
CWE Rule 682 | Incorrect Calculation (自 R2024a 起) |
CWE Rule 683 | Function Call With Incorrect Order of Arguments (自 R2023b 起) |
CWE Rule 685 | Function Call With Incorrect Number of Arguments (自 R2023a 起) |
CWE Rule 686 | Function Call With Incorrect Argument Type (自 R2023b 起) |
CWE Rule 687 | Function Call With Incorrectly Specified Argument Value (自 R2023b 起) |
CWE Rule 688 | Function Call With Incorrect Variable or Reference as Argument (自 R2023b 起) |
CWE Rule 690 | Unchecked Return Value to NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 691 | Insufficient Control Flow Management (自 R2024a 起) |
CWE Rule 693 | Protection Mechanism Failure (自 R2024a 起) |
CWE Rule 696 | Incorrect Behavior Order (自 R2024a 起) |
CWE Rule 703 | Improper Check or Handling of Exceptional Conditions (自 R2024a 起) |
CWE Rule 704 | Incorrect Type Conversion or Cast (自 R2023a 起) |
CWE Rule 705 | Incorrect Control Flow Scoping (自 R2024a 起) |
CWE Rule 710 | Improper Adherence to Coding Standards (自 R2024a 起) |
CWE Rule 732 | Incorrect Permission Assignment for Critical Resource (自 R2024a 起) |
CWE Rule 754 | Improper Check for Unusual or Exceptional Conditions (自 R2024a 起) |
CWE Rule 755 | Improper Handling of Exceptional Conditions (自 R2024a 起) |
CWE Rule 758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (自 R2024a 起) |
CWE Rule 759 | Use of a One-Way Hash without a Salt (自 R2024a 起) |
CWE Rule 762 | Mismatched Memory Management Routines (自 R2023a 起) |
CWE Rule 780 | Use of RSA Algorithm without OAEP (自 R2024a 起) |
CWE Rule 785 | Use of Path Manipulation Function without Maximum-sized Buffer (自 R2023a 起) |
CWE Rule 789 | Memory Allocation with Excessive Size Value (自 R2023a 起) |
CWE Rule 806 | Buffer Access Using Size of Source Buffer (自 R2023a 起) |
CWE Rule 828 | Signal Handler with Functionality that is not Asynchronous-Safe (自 R2024a 起) |
CWE Rule 922 | Insecure Storage of Sensitive Information (自 R2023a 起) |
CWE Rule 1335 | Incorrect Bitwise Shift of Integer (自 R2023a 起) |
CWE Rule 1341 | Multiple Releases of Same Resource or Handle (自 R2023a 起) |
权限问题
CWE Rule 766 | Critical Data Element Declared Public (自 R2023a 起) |
CWE Rule 767 | Access to Critical Private Variable via Public Method (自 R2023a 起) |
指针问题
CWE Rule 466 | Return of Pointer Value Outside of Expected Range (自 R2023a 起) |
CWE Rule 467 | Use of sizeof() on a Pointer Type (自 R2023a 起) |
CWE Rule 468 | Incorrect Pointer Scaling (自 R2023a 起) |
CWE Rule 469 | Use of Pointer Subtraction to Determine Size (自 R2023a 起) |
CWE Rule 476 | NULL Pointer Dereference (自 R2023a 起) |
CWE Rule 587 | Assignment of a Fixed Address to a Pointer (自 R2023a 起) |
CWE Rule 763 | Release of Invalid Pointer or Reference (自 R2023a 起) |
CWE Rule 822 | Untrusted Pointer Dereference (自 R2023b 起) |
CWE Rule 823 | Use of Out-of-range Pointer Offset (自 R2024a 起) |
CWE Rule 824 | Access of Uninitialized Pointer (自 R2023a 起) |
CWE Rule 825 | Expired Pointer Dereference (自 R2023a 起) |
特权问题
CWE Rule 243 | Creation of chroot Jail Without Changing Working Directory (自 R2023a 起) |
CWE Rule 250 | Execution with Unnecessary Privileges (自 R2024a 起) |
CWE Rule 273 | Improper Check for Dropped Privileges (自 R2024a 起) |
随机数问题
CWE Rule 335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) (自 R2023a 起) |
CWE Rule 338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (自 R2023a 起) |
资源锁定问题
CWE Rule 413 | Improper Resource Locking (自 R2023a 起) |
CWE Rule 764 | Multiple Locks of a Critical Resource (自 R2024a 起) |
CWE Rule 765 | Multiple Unlocks of a Critical Resource (自 R2024a 起) |
CWE Rule 832 | Unlock of a Resource that is not Locked (自 R2024a 起) |
CWE Rule 833 | Deadlock (自 R2024a 起) |
资源管理错误
CWE Rule 770 | Allocation of Resources Without Limits or Throttling (自 R2024a 起) |
CWE Rule 772 | Missing Release of Resource after Effective Lifetime (自 R2024a 起) |
CWE Rule 826 | Premature Release of Resource During Expected Lifetime (自 R2024a 起) |
CWE Rule 908 | Use of Uninitialized Resource (自 R2024a 起) |
CWE Rule 910 | Use of Expired File Descriptor (自 R2023a 起) |
信号错误
CWE Rule 364 | Signal Handler Race Condition (自 R2023a 起) |
状态问题
CWE Rule 15 | External Control of System or Configuration Setting (自 R2024a 起) |
CWE Rule 372 | Incomplete Internal State Distinction (自 R2024a 起) |
CWE Rule 374 | Passing Mutable Objects to an Untrusted Method (自 R2023b 起) |
CWE Rule 375 | Returning a Mutable Object to an Untrusted Caller (自 R2023a 起) |
字符串错误
CWE Rule 134 | Use of Externally-Controlled Format String (自 R2023a 起) |
CWE Rule 135 | Incorrect Calculation of Multi-Byte String Length (自 R2023a 起) |
类型错误
CWE Rule 843 | Access of Resource Using Incompatible Type ('Type Confusion') (自 R2023a 起) |
主题
- 使用 Polyspace 实现 CWE 编码规范覆盖
按类别分类的 CWE 结果及查看
all-exact-checkers的列表。 - Polyspace 编码规范支持
检查 Polyspace 对不同编码标准的支持情况。
- 检查并审查编码标准违规
使用 Polyspace Bug Finder 检查代码是否违反了 AUTOSAR C++14、CERT® C、CERT C++、CWE、MISRA C™、MISRA® C++、JSF AV C++ 或 ISO-17961 标准。
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
选择网站
选择网站以获取翻译的可用内容,以及查看当地活动和优惠。根据您的位置,我们建议您选择:。
您也可以从以下列表中选择网站:
如何获得最佳网站性能
选择中国网站(中文或英文)以获得最佳网站性能。其他 MathWorks 国家/地区网站并未针对您所在位置的访问进行优化。
美洲
- América Latina (Español)
- Canada (English)
- United States (English)
欧洲
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)