使用 Polyspace 实现 CWE 编码规范覆盖
常见弱点枚举 (CWE™) 是一个包含常见软件弱点类型的词典,这些弱点可能出现在软件的架构、设计、代码或实现中。这些弱点可能导致安全漏洞。对于其中一些弱点,Polyspace® 能够检测到 CWE 中指定的所有违规项。除了这些精确的 CWE 规则检查项外,Polyspace 还部分支持其他 CWE 规则。要仅使用 Polyspace 完全覆盖的规则进行分析,请使用选项 -cwe all-exact-checkers。
在执行分析后,请使用 CWE 类别对代码中的 CWE 违规项按问题类型进行分组和整理。
Polyspace 支持的 CWE 规则
要查看所有支持的 CWE 规则,请参阅 常见弱点枚举 (CWE)。要了解 R2025b 中新增支持的规则,请参阅发行说明。
使用 all-exact-checkers 选项启用的 CWE 规则列表
此表列出了使用检查 CWE (-cwe) all-exact-checkers 选项时启用的规则。
| CWE ID | 描述 |
|---|---|
CWE Rule 14 | Compiler Removal of Code to Clear Buffers |
CWE Rule 119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE Rule 120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE Rule 121 | Stack-based Buffer Overflow |
CWE Rule 122 | Heap-based Buffer Overflow |
CWE Rule 123 | Write-what-where Condition |
CWE Rule 124 | Buffer Underwrite ('Buffer Underflow') |
CWE Rule 125 | Out-of-bounds Read |
CWE Rule 126 | Buffer Over-read |
CWE Rule 127 | Buffer Under-read |
CWE Rule 128 | Wrap-around Error |
CWE Rule 129 | Improper Validation of Array Index |
CWE Rule 130 | Improper Handling of Length Parameter Inconsistency |
CWE Rule 131 | Incorrect Calculation of Buffer Size |
CWE Rule 134 | Use of Externally-Controlled Format String |
CWE Rule 135 | Incorrect Calculation of Multi-Byte String Length |
CWE Rule 170 | Improper Null Termination |
CWE Rule 188 | Reliance on Data/Memory Layout |
CWE Rule 191 | Integer Underflow (Wrap or Wraparound) |
CWE Rule 192 | Integer Coercion Error |
CWE Rule 194 | Unexpected Sign Extension |
CWE Rule 195 | Signed to Unsigned Conversion Error |
CWE Rule 196 | Unsigned to Signed Conversion Error |
CWE Rule 197 | Numeric Truncation Error |
CWE Rule 242 | Use of Inherently Dangerous Function |
CWE Rule 243 | Creation of chroot Jail Without Changing Working Directory |
CWE Rule 244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
CWE Rule 248 | Uncaught Exception |
CWE Rule 252 | Unchecked Return Value |
CWE Rule 253 | Incorrect Check of Function Return Value |
CWE Rule 311 | Missing Encryption of Sensitive Data |
CWE Rule 312 | Cleartext Storage of Sensitive Information |
CWE Rule 319 | Cleartext Transmission of Sensitive Information |
CWE Rule 321 | Use of Hard-coded Cryptographic Key |
CWE Rule 335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) |
CWE Rule 338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
CWE Rule 353 | Missing Support for Integrity Check |
CWE Rule 362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CWE Rule 364 | Signal Handler Race Condition |
CWE Rule 366 | Race Condition within a Thread |
CWE Rule 369 | Divide By Zero |
CWE Rule 374 | Passing Mutable Objects to an Untrusted Method |
CWE Rule 375 | Returning a Mutable Object to an Untrusted Caller |
CWE Rule 396 | Declaration of Catch for Generic Exception |
CWE Rule 397 | Declaration of Throws for Generic Exception |
CWE Rule 401 | Missing Release of Memory after Effective Lifetime |
CWE Rule 413 | Improper Resource Locking |
CWE Rule 415 | Double Free |
CWE Rule 416 | Use After Free |
CWE Rule 457 | Use of Uninitialized Variable |
CWE Rule 460 | Improper Cleanup on Thrown Exception |
CWE Rule 463 | Deletion of Data Structure Sentinel |
CWE Rule 466 | Return of Pointer Value Outside of Expected Range |
CWE Rule 467 | Use of sizeof() on a Pointer Type |
CWE Rule 468 | Incorrect Pointer Scaling |
CWE Rule 469 | Use of Pointer Subtraction to Determine Size |
CWE Rule 474 | Use of Function with Inconsistent Implementations |
CWE Rule 476 | NULL Pointer Dereference |
CWE Rule 477 | Use of Obsolete Function |
CWE Rule 478 | Missing Default Case in Multiple Condition Expression |
CWE Rule 479 | Signal Handler Use of a Non-reentrant Function |
CWE Rule 480 | Use of Incorrect Operator |
CWE Rule 481 | Assigning instead of Comparing |
CWE Rule 482 | Comparing instead of Assigning |
CWE Rule 483 | Incorrect Block Delimitation |
CWE Rule 484 | Omitted Break Statement in Switch |
CWE Rule 489 | Active Debug Code |
CWE Rule 493 | Critical Public Variable Without Final Modifier |
CWE Rule 495 | Private Data Structure Returned From A Public Method |
CWE Rule 496 | Public Data Assigned to Private Array-Typed Field |
CWE Rule 498 | Cloneable class containing sensitive information |
CWE Rule 500 | Public Static Field Not Marked Final |
CWE Rule 522 | Insufficiently Protected Credentials |
CWE Rule 543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
CWE Rule 547 | Use of Hard-coded, Security-relevant Constants |
CWE Rule 558 | Use of getlogin() in Multithreaded Application |
CWE Rule 560 | Use of umask() with chmod-style Argument |
CWE Rule 561 | Dead Code |
CWE Rule 562 | Return of Stack Variable Address |
CWE Rule 563 | Assignment to Variable without Use |
CWE Rule 570 | Expression is Always False |
CWE Rule 571 | Expression is Always True |
CWE Rule 587 | Assignment of a Fixed Address to a Pointer |
CWE Rule 606 | Unchecked Input for Loop Condition |
CWE Rule 617 | Reachable Assertion |
CWE Rule 674 | Uncontrolled Recursion |
CWE Rule 676 | Use of Potentially Dangerous Function |
CWE Rule 683 | Function Call With Incorrect Order of Arguments |
CWE Rule 685 | Function Call With Incorrect Number of Arguments |
CWE Rule 686 | Function Call With Incorrect Argument Type |
CWE Rule 687 | Function Call With Incorrectly Specified Argument Value |
CWE Rule 688 | Function Call With Incorrect Variable or Reference as Argument |
CWE Rule 690 | Unchecked Return Value to NULL Pointer Dereference |
CWE Rule 704 | Incorrect Type Conversion or Cast |
CWE Rule 733 | Compiler Optimization Removal or Modification of Security-critical Code |
CWE Rule 762 | Mismatched Memory Management Routines |
CWE Rule 763 | Release of Invalid Pointer or Reference |
CWE Rule 766 | Critical Data Element Declared Public |
CWE Rule 767 | Access to Critical Private Variable via Public Method |
CWE Rule 783 | Operator Precedence Logic Error |
CWE Rule 785 | Use of Path Manipulation Function without Maximum-sized Buffer |
CWE Rule 787 | Out-of-bounds Write |
CWE Rule 789 | Memory Allocation with Excessive Size Value |
CWE Rule 798 | Use of Hard-coded Credentials |
CWE Rule 805 | Buffer Access with Incorrect Length Value |
CWE Rule 806 | Buffer Access Using Size of Source Buffer |
CWE Rule 822 | Untrusted Pointer Dereference |
CWE Rule 824 | Access of Uninitialized Pointer |
CWE Rule 825 | Expired Pointer Dereference |
CWE Rule 839 | Numeric Range Comparison Without Minimum Check |
CWE Rule 843 | Access of Resource Using Incompatible Type ('Type Confusion') |
CWE Rule 910 | Use of Expired File Descriptor |
CWE Rule 922 | Insecure Storage of Sensitive Information |
CWE Rule 1071 | Empty code block |
CWE Rule 1335 | Incorrect Bitwise Shift of Integer |
CWE Rule 1341 | Multiple Releases of Same Resource or Handle |
CWE 分类与 Polyspace 结果
此表列出了可映射到 Polyspace 缺陷检查项和 Polyspace CWE 编码规则检查项的 CWE 类别。CWE 类别是与共同问题相关的弱点分组,例如“错误处理不当”。虽然这些类别本身并非弱点,但您可以利用这些类别将 CWE 结果按相关弱点进行分类整理。
| CWE ID | CWE ID 描述 | 缺陷或 CWE 编码规则检查项 |
|---|---|---|
| 189 | Numeric Errors | |
| 227 | Improper fulfillment of API contract | |
| 251 | Often misused: string management | |
| 310 | Cryptographic issues | |
| 320 | Key management errors | |
| 387 | Signal errors | |
| 398 | Indicator of poor code quality | |
| 465 | Pointer Issues | |
| 872 | CERT C++ Secure Coding Section 04 - Integers (INT) | |
| 873 | CERT C++ Secure Coding Section 05 - Floating point arithmetic (FLP) | |
| 896 | SFP Primary Cluster: Tainted Input |
|
