Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
* Difference between Team and Enterprise
Didn't get our email?
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
Why do we ask to use Business Email?
New License
License Renewal
--Select currency--
USD
EUR
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Parsing C++ - 10.10

Registration
Home
>
Documentation
>
Annotating C# entities in JSON format
menu mobile close menu
Introduction
How to enter the PVS-Studio license and what's the next move
PVS-Studio's trial mode
System requirements
Technologies used in PVS-Studio
Release history
Release history for previous versions (before 7.00)
Analyzing projects
On Windows
Getting acquainted with the PVS-Studio static code analyzer on Windows
Build-system independent analysis (C and C++)
Direct integration of the analyzer into build automation systems (C and C++)
On Linux and macOS
PVS-Studio C# installation on Linux and macOS
How to run PVS-Studio C# on Linux and macOS
Installing and updating PVS-Studio C++ on Linux
Installing and updating PVS-Studio C++ on macOS
How to run PVS-Studio C++ on Linux and macOS
Cross-platform
Direct use of Java analyzer from command line
Cross-platform analysis of C and C++ projects in PVS-Studio
PVS-Studio for embedded development
Analysis of C and C++ projects based on JSON Compilation Database
IDE
Get started with PVS-Studio in Visual Studio
Using PVS-Studio with JetBrains Rider and CLion
How to use the PVS-Studio extension for Qt Creator
How to integrate PVS-Studio in Qt Creator without the PVS-Studio plugin
Using the PVS-Studio extension for Visual Studio Code
Using PVS-Studio with IntelliJ IDEA and Android Studio
Build systems
Analyzing Visual Studio / MSBuild / .NET projects from the command line using PVS-Studio
Using PVS-Studio with the CMake module
Integrating PVS-Studio Java into the Gradle build system
Integrating PVS-Studio Java into the Maven build system
Game Engines
How to analyze Unity projects with PVS-Studio
Analysis of Unreal Engine projects
Continuous use of the analyzer in software development
Running PVS-Studio in Docker
Running PVS-Studio in Jenkins
Running PVS-Studio in TeamCity
How to upload analysis results to Jira
PVS-Studio and continuous integration
PVS-Studio's incremental analysis mode
Analyzing commits and pull requests
Integration of PVS-Studio analysis results into DefectDojo
Integration of PVS-Studio analysis results into SonarQube
Unattended deployment of PVS-Studio
Speeding up the analysis of C and C++ code through distributed build systems (Incredibuild)
Deploying the analyzer in cloud Continuous Integration services
Using with Travis CI
Using with CircleCI
Using with GitLab CI/CD
Using with GitHub Actions
Using with Azure DevOps
Using with AppVeyor
Using with Buddy
Managing analysis results
How to display the analyzer's most interesting warnings
How to use the OWASP diagnostic group in PVS-Studio
Baselining analysis results (suppressing warnings for existing code)
Handling the diagnostic messages list in Visual Studio
Suppression of false-positive warnings
How to view and convert analyzer's results
Relative paths in PVS-Studio log files
Viewing analysis results with C and C++ Compiler Monitoring UI
Notifying the developer teams (blame-notifier utility)
Filtering and handling the analyzer output through diagnostic configuration files (.pvsconfig)
Excluding files and directories from analysis
Additional configuration and resolving issues
Tips on speeding up PVS-Studio
PVS-Studio: troubleshooting
Additional diagnostics configuration
User annotation mechanism in JSON format
Annotating C and C++ entities in JSON format
Annotating C# entities in JSON format
Predefined PVS_STUDIO macro
Analysis configuration file (Settings.xml)
Settings: general
Settings: Common Analyzer Settings
Settings: Detectable Errors
Settings: Don't Check Files
Settings: Keyword Message Filtering
Settings: Registration
Settings: Specific Analyzer Settings
Analyzer diagnostics
General Analysis (C++)
V501. Identical sub-expressions to the left and to the right of 'foo' operator.
V502. The '?:' operator may not work as expected. The '?:' operator has a lower priority than the 'foo' operator.
V503. Nonsensical comparison: pointer < 0.
V504. Semicolon ';' is probably missing after the 'return' keyword.
V505. The 'alloca' function is used inside the loop. This can quickly overflow stack.
V506. Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid.
V507. Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid.
V508. The 'new type(n)' pattern was detected. Probably meant: 'new type[n]'.
V509. Exceptions raised inside noexcept functions must be wrapped in a try..catch block.
V510. The 'Foo' function receives class-type variable as Nth actual argument. This is unexpected behavior.
V511. The sizeof() operator returns pointer size instead of array size.
V512. Call of the 'Foo' function will lead to buffer overflow.
V513. Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions.
V514. Potential logical error. Size of a pointer is divided by another value.
V515. The 'delete' operator is applied to non-pointer.
V516. Non-null function pointer is compared to null. Consider inspecting the expression.
V517. Potential logical error. The 'if (A) {...} else if (A) {...}' pattern was detected.
V518. The 'malloc' function allocates suspicious amount of memory calculated by 'strlen(expr)'. Perhaps the correct expression is strlen(expr) + 1.
V519. The 'x' variable is assigned values twice successively. Perhaps this is a mistake.
V520. Comma operator ',' in array index expression.
V521. Expressions that use comma operator ',' are dangerous. Make sure the expression is correct.
V522. Possible null pointer dereference.
V523. The 'then' statement is equivalent to the 'else' statement.
V524. It is suspicious that the body of 'Foo_1' function is fully equivalent to the body of 'Foo_2' function.
V525. Code contains collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ...
V526. The 'strcmp' function returns 0 if corresponding strings are equal. Consider inspecting the condition for mistakes.
V527. The 'zero' value is assigned to pointer. Probably meant: *ptr = zero.
V528. Pointer is compared with 'zero' value. Probably meant: *ptr != zero.
V529. Suspicious semicolon ';' after 'if/for/while' operator.
V530. Return value of 'Foo' function is required to be used.
V531. The sizeof() operator is multiplied by sizeof(). Consider inspecting the expression.
V532. Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'.
V533. It is possible that a wrong variable is incremented inside the 'for' operator. Consider inspecting 'X'.
V534. It is possible that a wrong variable is compared inside the 'for' operator. Consider inspecting 'X'.
V535. The 'X' variable is used for this loop and outer loops.
V536. Constant value is represented by an octal form.
V537. Potential incorrect use of item 'X'. Consider inspecting the expression.
V538. The line contains control character 0x0B (vertical tabulation).
V539. Iterators are passed as arguments to 'Foo' function. Consider inspecting the expression.
V540. Member 'x' should point to string terminated by two 0 characters.
V541. String is printed into itself. Consider inspecting the expression.
V542. Suspicious type cast: 'Type1' to ' Type2'. Consider inspecting the expression.
V543. It is suspicious that value 'X' is assigned to the variable 'Y' of HRESULT type.
V544. It is suspicious that the value 'X' of HRESULT type is compared with 'Y'.
V545. Conditional expression of 'if' statement is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead.
V546. The 'Foo(Foo)' class member is initialized with itself.
V547. Expression is always true/false.
V548. TYPE X[][] is not equivalent to TYPE **X. Consider inspecting type casting.
V549. The 'first' argument of 'Foo' function is equal to the 'second' argument.
V550. Suspicious precise comparison. Consider using a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon.
V551. Unreachable code under a 'case' label.
V552. A bool type variable is incremented. Perhaps another variable should be incremented instead.
V553. Length of function body or class declaration is more than 2000 lines. Consider refactoring the code.
V554. Incorrect use of smart pointer.
V555. Expression of the 'A - B > 0' kind will work as 'A != B'.
V556. Values of different enum types are compared.
V557. Possible array overrun.
V558. Function returns pointer/reference to temporary local object.
V559. Suspicious assignment inside the conditional expression of 'if/while/for' statement.
V560. Part of conditional expression is always true/false.
V561. Consider assigning value to 'foo' variable instead of declaring it anew.
V562. Bool type value is compared with value of N. Consider inspecting the expression.
V563. An 'else' branch may apply to the previous 'if' statement.
V564. The '&' or '|' operator is applied to bool type value. Check for missing parentheses or use the '&&' or '||' operator.
V565. Empty exception handler. Silent suppression of exceptions can hide errors in source code during testing.
V566. Integer constant is converted to pointer. Check for an error or bad coding style.
V567. Modification of variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior.
V568. It is suspicious that the argument of sizeof() operator is the expression.
V569. Truncation of constant value.
V570. Variable is assigned to itself.
V571. Recurring check. This condition was already verified in previous line.
V572. Object created using 'new' operator is immediately cast to another type. Consider inspecting the expression.
V573. Use of uninitialized variable 'Foo'. The variable was used to initialize itself.
V574. Pointer is used both as an array and as a pointer to single object.
V575. Function receives suspicious argument.
V576. Incorrect format. Consider checking the Nth actual argument of the 'Foo' function.
V577. Label is present inside switch(). Check for typos and consider using the 'default:' operator instead.
V578. Suspicious bitwise operation was detected. Consider inspecting it.
V579. The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument.
V580. Suspicious explicit type casting. Consider inspecting the expression.
V581. Conditional expressions of 'if' statements located next to each other are identical.
V582. Consider reviewing the source code that uses the container.
V583. The '?:' operator, regardless of its conditional expression, always returns the same value.
V584. Same value is present on both sides of the operator. The expression is incorrect or can be simplified.
V585. Attempt to release memory that stores the 'Foo' local variable.
V586. The 'Foo' function is called twice to deallocate the same resource.
V587. Suspicious sequence of assignments: A = B; B = A;.
V588. Expression of the 'A =+ B' kind is used. Possibly meant: 'A += B'. Consider inspecting the expression.
V589. Expression of the 'A =- B' kind is used. Possibly meant: 'A -= B'. Consider inspecting the expression.
V590. Possible excessive expression or typo. Consider inspecting the expression.
V591. Non-void function must return value.
V592. Expression is enclosed by parentheses twice: ((expression)). One pair of parentheses is unnecessary or typo is present.
V593. Expression 'A = B == C' is calculated as 'A = (B == C)'. Consider inspecting the expression.
V594. Pointer to array is out of array bounds.
V595. Pointer was used before its check for nullptr. Check lines: N1, N2.
V596. Object was created but is not used. Check for missing 'throw' keyword.
V597. Compiler may delete 'memset' function call that is used to clear 'Foo' buffer. Use the RtlSecureZeroMemory() function to erase private data.
V598. Memory manipulation function is used to work with a class object containing a virtual table pointer. The result of such an operation may be unexpected.
V599. The virtual destructor is not present, although the 'Foo' class contains virtual functions.
V600. The 'Foo' pointer is always not equal to NULL. Consider inspecting the condition.
V601. Suspicious implicit type casting.
V602. The '<' operator should probably be replaced with '<<'. Consider inspecting this expression.
V603. Object was created but not used. If you wish to call constructor, use 'this->Foo::Foo(....)'.
V604. Number of iterations in loop equals size of a pointer. Consider inspecting the expression.
V605. Unsigned value is compared to the NN number. Consider inspecting the expression.
V606. Ownerless token 'Foo'.
V607. Ownerless expression 'Foo'.
V608. Recurring sequence of explicit type casts.
V609. Possible division or mod by zero.
V610. Undefined behavior. Check the shift operator.
V611. Memory allocation and deallocation methods are incompatible.
V612. Unconditional 'break/continue/return/goto' within a loop.
V613. Suspicious pointer arithmetic with 'malloc/new'.
V614. Use of 'Foo' uninitialized variable.
V615. Suspicious explicit conversion from 'float *' type to 'double *' type.
V616. Use of 'Foo' named constant with 0 value in bitwise operation.
V617. Argument of the '|' bitwise operation always contains non-zero value. Consider inspecting the condition.
V618. Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str);
V619. Array is used as pointer to single object.
V620. Expression of sizeof(T)*N kind is summed up with pointer to T type. Consider inspecting the expression.
V621. Loop may execute incorrectly or may not execute at all. Consider inspecting the 'for' operator.
V622. First 'case' operator may be missing. Consider inspecting the 'switch' statement.
V623. Temporary object is created and then destroyed. Consider inspecting the '?:' operator.
V624. Use of constant NN. The resulting value may be inaccurate. Consider using the M_NN constant from <math.h>.
V625. Initial and final values of the iterator are the same. Consider inspecting the 'for' operator.
V626. It's possible that ',' should be replaced by ';'. Consider checking for typos.
V627. Argument of sizeof() is a macro, which expands to a number. Consider inspecting the expression.
V628. It is possible that a line was commented out improperly, thus altering the program's operation logic.
V629. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. Consider inspecting the expression.
V630. The 'malloc' function is used to allocate memory for an array of objects that are classes containing constructors/destructors.
V631. Defining absolute path to file or directory is considered a poor coding style. Consider inspecting the 'Foo' function call.
V632. Argument is of the 'T' type. Consider inspecting the NN argument of the 'Foo' function.
V633. The '!=' operator should probably be used here. Consider inspecting the expression.
V634. Priority of '+' operation is higher than priority of '<<' operation. Consider using parentheses in the expression.
V635. Length should be probably multiplied by sizeof(wchar_t). Consider inspecting the expression.
V636. Expression was implicitly cast from integer type to real type. Consider using an explicit type cast to avoid overflow or loss of a fractional part.
V637. Use of two opposite conditions. The second condition is always false.
V638. Terminal null is present inside a string. Use of '\0xNN' characters. Probably meant: '\xNN'.
V639. One of closing ')' parentheses is probably positioned incorrectly. Consider inspecting the expression for function call.
V640. Code's operational logic does not correspond with its formatting.
V641. Buffer size is not a multiple of element size.
V642. Function result is saved inside the 'byte' type variable. Significant bits may be lost. This may break the program's logic.
V643. Suspicious pointer arithmetic. Value of 'char' type is added to a string pointer.
V644. Suspicious function declaration. Consider creating a 'T' type object.
V645. Function call may lead to buffer overflow. Bounds should not contain size of a buffer, but a number of characters it can hold.
V646. The 'else' keyword may be missing. Consider inspecting the program's logic.
V647. Value of 'A' type is assigned to a pointer of 'B' type.
V648. Priority of '&&' operation is higher than priority of '||' operation.
V649. Two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless.
V650. Type casting is used 2 times in a row. The '+' operation is executed. Probably meant: (T1)((T2)a + b).
V651. Suspicious operation of 'sizeof(X)/sizeof(T)' kind, where 'X' is of the 'class' type.
V652. Operation is executed 3 or more times in a row.
V653. Suspicious string consisting of two parts is used for initialization. Comma may be missing.
V654. Condition of a loop is always true/false.
V655. Strings were concatenated but not used. Consider inspecting the expression.
V656. Variables are initialized through the call to the same function. It's probably an error or un-optimized code.
V657. Function always returns the same value of NN. Consider inspecting the function.
V658. Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly.
V659. Functions' declarations with 'Foo' name differ in 'const' keyword only, while these functions' bodies have different composition. It is suspicious and can possibly be an error.
V660. Program contains an unused label and function call: 'CC:AA()'. Probably meant: 'CC::AA()'.
V661. Suspicious expression 'A[B < C]'. Probably meant 'A[B] < C'.
V662. Different containers are used to set up initial and final values of iterator. Consider inspecting the loop expression.
V663. Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the 'cin.fail()' function call to the conditional expression.
V664. Pointer is dereferenced on the initialization list before its check for null inside the body of a constructor function.
V665. Possible incorrect use of '#pragma warning(default: X)'. The '#pragma warning(push/pop)' should be used instead.
V666. Value may not correspond with the length of a string passed with YY argument. Consider inspecting the NNth argument of the 'Foo' function.
V667. The 'throw' operator does not have any arguments and is not located within the 'catch' block.
V668. Possible meaningless check for null, as memory was allocated using 'new' operator. Memory allocation will lead to an exception.
V669. Argument is a non-constant reference. The analyzer is unable to determine the position where this argument is modified. Consider checking the function for an error.
V670. Uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class.
V671. The 'swap' function may interchange a variable with itself.
V672. It is possible that creating a new variable is unnecessary. One of the function's arguments has the same name and this argument is a reference.
V673. More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.
V674. Expression contains a suspicious mix of integer and real types.
V675. Writing into read-only memory.
V676. Incorrect comparison of BOOL type variable with TRUE.
V677. Custom declaration of standard type. Consider using the declaration from system header files instead.
V678. Object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function.
V679. The 'X' variable was not initialized. This variable is passed by reference to the 'Foo' function in which its value will be used.
V680. The 'delete A, B' expression only destroys the 'A' object. Then the ',' operator returns a resulting value from the right side of the expression.
V681. The language standard does not define order in which 'Foo' functions are called during evaluation of arguments.
V682. Suspicious literal: '/r'. It is possible that a backslash should be used instead: '\r'.
V683. The 'i' variable should probably be incremented instead of the 'n' variable. Consider inspecting the loop expression.
V684. Value of variable is not modified. It is possible that '1' should be present instead of '0'. Consider inspecting the expression.
V685. The expression contains a comma. Consider inspecting the return statement.
V686. Pattern A || (A && ...) was detected. The expression is excessive or contains a logical error.
V687. Size of array calculated by sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]).
V688. The 'foo' local variable has the same name as one of class members. This can result in confusion.
V689. Destructor of 'Foo' class is not declared as virtual. A smart pointer may not destroy an object correctly.
V690. The class implements a copy constructor/operator=, but lacks the operator=/copy constructor.
V691. Empirical analysis. Possible typo inside the string literal. The 'foo' word is suspicious.
V692. Inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, use a string ending with a null terminator in the first place.
V693. It is possible that 'i < X.size()' should be used instead of 'X.size()'. Consider inspecting conditional expression of the loop.
V694. The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.
V695. Range intersections are possible within conditional expressions.
V696. The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false.
V697. Number of elements in the allocated array equals the size of a pointer in bytes.
V698. Functions of strcmp() kind can return any values, not only -1, 0, or 1.
V699. It is possible that 'foo = bar == baz ? .... : ....' should be used here instead of 'foo = bar = baz ? .... : ....'. Consider inspecting the expression.
V700. It is suspicious that variable is initialized through itself. Consider inspecting the 'T foo = foo = x;' expression.
V701. Possible realloc() leak: when realloc() fails to allocate memory, original pointer is lost. Consider assigning realloc() to a temporary pointer.
V702. Classes should always be derived from std::exception (and alike) as 'public'.
V703. It is suspicious that the 'foo' field in derived class overwrites field in base class.
V704. The expression is always false on newer compilers. Avoid using 'this == 0' comparison.
V705. It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.
V706. Suspicious division: sizeof(X) / Value. Size of every element in X array is not equal to divisor.
V707. Giving short names to global variables is considered to be bad practice.
V708. Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior.
V709. Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'.
V710. Suspicious declaration. There is no point to declare constant reference to a number.
V711. It is dangerous to create a local variable within a loop with a same name as a variable controlling this loop.
V712. Compiler may optimize out this loop or make it infinite. Use volatile variable(s) or synchronization primitives to avoid this.
V713. Pointer was used in the logical expression before its check for nullptr in the same logical expression.
V714. Variable is not passed into foreach loop by reference, but its value is changed inside of the loop.
V715. The 'while' operator has empty body. This pattern is suspicious.
V716. Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT).
V717. It is suspicious to cast object of base class V to derived class U.
V718. The 'Foo' function should not be called from 'DllMain' function.
V719. The switch statement does not cover all values of the enum.
V720. The 'SuspendThread' function is usually used when developing a debugger. See documentation for details.
V721. The VARIANT_BOOL type is used incorrectly. The true value (VARIANT_TRUE) is defined as -1.
V722. Abnormality within similar comparisons. It is possible that a typo is present inside the expression.
V723. Function returns a pointer to the internal string buffer of a local object, which will be destroyed.
V724. Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'.
V725. Dangerous cast of 'this' to 'void*' type in the 'Base' class, as it is followed by a subsequent cast to 'Class' type.
V726. Attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function.
V727. Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'.
V728. Excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'x' and '!x'.
V729. Function body contains the 'X' label that is not used by any 'goto' statements.
V730. Not all members of a class are initialized inside the constructor.
V731. The variable of char type is compared with pointer to string.
V732. Unary minus operator does not modify a bool type value.
V733. It is possible that macro expansion resulted in incorrect evaluation order.
V734. Excessive expression. Examine the substrings "abc" and "abcd".
V735. Possibly an incorrect HTML. The "</XX>" closing tag was encountered, while the "</YY>" tag was expected.
V736. The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array.
V737. It is possible that ',' comma is missing at the end of the string.
V738. Temporary anonymous object is used.
V739. EOF should not be compared with a value of the 'char' type. Consider using the 'int' type.
V740. Exception is of the 'int' type because NULL is defined as 0. Keyword 'nullptr' can be used for 'pointer' type exception.
V741. Use of the throw (a, b); pattern. It is possible that type name was omitted: throw MyException(a, b);.
V742. Function receives an address of a 'char' type variable instead of pointer to a buffer.
V743. The memory areas must not overlap. Use 'memmove' function.
V744. Temporary object is immediately destroyed after being created. Consider naming the object.
V745. A 'wchar_t *' type string is incorrectly converted to 'BSTR' type string.
V746. Object slicing. An exception should be caught by reference rather than by value.
V747. Suspicious expression inside parentheses. A function name may be missing.
V748. Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function.
V749. Destructor of the object will be invoked a second time after leaving the object's scope.
V750. BSTR string becomes invalid. Notice that BSTR strings store their length before start of the text.
V751. Parameter is not used inside function's body.
V752. Creating an object with placement new requires a buffer of large size.
V753. The '&=' operation always sets a value of 'Foo' variable to zero.
V754. The expression of 'foo(foo(x))' pattern is excessive or contains an error.
V755. Copying from potentially tainted data source. Buffer overflow is possible.
V756. The 'X' counter is not used inside a nested loop. Consider inspecting usage of 'Y' counter.
V757. It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'.
V758. Reference was invalidated because of destruction of the temporary object returned by the function.
V759. Violated order of exception handlers. Exception caught by handler for base class.
V760. Two identical text blocks were detected. The second block starts with NN string.
V761. NN identical blocks were found.
V762. Consider inspecting virtual function arguments. See NN argument of function 'Foo' in derived class and base class.
V763. Parameter is always rewritten in function body before being used.
V764. Possible incorrect order of arguments passed to function.
V765. Compound assignment expression 'X += X + N' is suspicious. Consider inspecting it for a possible error.
V766. An item with the same key has already been added.
V767. Suspicious access to element by a constant index inside a loop.
V768. Variable is of enum type. It is suspicious that it is used as a variable of a Boolean-type.
V769. The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used.
V770. Possible use of left shift operator instead of comparison operator.
V771. The '?:' operator uses constants from different enums.
V772. Calling the 'delete' operator for a void pointer will cause undefined behavior.
V773. Function exited without releasing the pointer/handle. A memory/resource leak is possible.
V774. Pointer was used after the memory was released.
V775. It is suspicious that the BSTR data type is compared using a relational operator.
V776. Potentially infinite loop. The variable in the loop exit condition does not change its value between iterations.
V777. Dangerous widening type conversion from an array of derived-class objects to a base-class pointer.
V778. Two similar code fragments. Perhaps, it is a typo and 'X' variable should be used instead of 'Y'.
V779. Unreachable code was detected. It is possible that an error is present.
V780. The object of non-passive (non-PDS) type cannot be used with the function.
V781. Value of a variable is checked after it is used. Possible error in program's logic. Check lines: N1, N2.
V782. It is pointless to compute the distance between the elements of different arrays.
V783. Possible dereference of invalid iterator 'X'.
V784. The size of the bit mask is less than the size of the first operand. This will cause the loss of the higher bits.
V785. Constant expression in switch statement.
V786. Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B].
V787. Wrong variable is probably used in the for operator as an index.
V788. Review captured variable in lambda expression.
V789. Iterators for the container, used in the range-based for loop, become invalid upon a function call.
V790. It is suspicious that the assignment operator takes an object by a non-constant reference and returns this object.
V791. The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.
V792. The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead.
V793. It is suspicious that the result of the statement is a part of the condition. Perhaps, this statement should have been compared with something else.
V794. The assignment operator should be protected from the case of 'this == &src'.
V795. Size of the 'time_t' type is not 64 bits. After the year 2038, the program will work incorrectly.
V796. A 'break' statement is probably missing in a 'switch' statement.
V797. The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos.
V798. The size of the dynamic array can be less than the number of elements in the initializer.
V799. Variable is not used after memory is allocated for it. Consider checking the use of this variable.
V1001. Variable is assigned but not used by the end of the function.
V1002. Class that contains pointers, constructor and destructor is copied by the automatically generated operator= or copy constructor.
V1003. Macro expression is dangerous or suspicious.
V1004. Pointer was used unsafely after its check for nullptr.
V1005. The resource was acquired using 'X' function but was released using incompatible 'Y' function.
V1006. Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur.
V1007. Value from the uninitialized optional is used. It may be an error.
V1008. No more than one iteration of the loop will be performed. Consider inspecting the 'for' operator.
V1009. Check the array initialization. Only the first element is initialized explicitly.
V1010. Unchecked tainted data is used in expression.
V1011. Function execution could be deferred. Consider specifying execution policy explicitly.
V1012. The expression is always false. Overflow check is incorrect.
V1013. Suspicious subexpression in a sequence of similar comparisons.
V1014. Structures with members of real type are compared byte-wise.
V1015. Suspicious simultaneous use of bitwise and logical operators.
V1016. The value is out of range of enum values. This causes unspecified or undefined behavior.
V1017. Variable of the 'string_view' type references a temporary object, which will be removed after evaluation of an expression.
V1018. Usage of a suspicious mutex wrapper. It is probably unused, uninitialized, or already locked.
V1019. Compound assignment expression is used inside condition.
V1020. Function exited without performing epilogue actions. It is possible that there is an error.
V1021. The variable is assigned the same value on several loop iterations.
V1022. Exception was thrown by pointer. Consider throwing it by value instead.
V1023. A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception.
V1024. Potential use of invalid data. The stream is checked for EOF before reading from it but is not checked after reading.
V1025. New variable with default value is created instead of 'std::unique_lock' that locks on the mutex.
V1026. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.
V1027. Pointer to an object of the class is cast to unrelated class.
V1028. Possible overflow. Consider casting operands, not the result.
V1029. Numeric Truncation Error. Return value of function is written to N-bit variable.
V1030. Variable is used after it is moved.
V1031. Function is not declared. The passing of data to or from this function may be affected.
V1032. Pointer is cast to a more strictly aligned pointer type.
V1033. Variable is declared as auto in C. Its default type is int.
V1034. Do not use real-type variables as loop counters.
V1035. Only values returned from fgetpos() can be used as arguments to fsetpos().
V1036. Potentially unsafe double-checked locking.
V1037. Two or more case-branches perform the same actions.
V1038. It is suspicious that a char or string literal is added to a pointer.
V1039. Character escape is used in multicharacter literal. This causes implementation-defined behavior.
V1040. Possible typo in the spelling of a pre-defined macro name.
V1041. Class member is initialized with dangling reference.
V1042. This file is marked with copyleft license, which requires you to open the derived source code.
V1043. A global object variable is declared in the header. Multiple copies of it will be created in all translation units that include this header file.
V1044. Loop break conditions do not depend on the number of iterations.
V1045. The DllMain function throws an exception. Consider wrapping the throw operator in a try..catch block.
V1046. Unsafe usage of the 'bool' and integer types together in the operation '&='.
V1047. Lifetime of the lambda is greater than lifetime of the local variable captured by reference.
V1048. Variable 'foo' was assigned the same value.
V1049. The 'foo' include guard is already defined in the 'bar1.h' header. The 'bar2.h' header will be excluded from compilation.
V1050. Uninitialized class member is used when initializing the base class.
V1051. It is possible that an assigned variable should be checked in the next condition. Consider checking for typos.
V1052. Declaring virtual methods in a class marked as 'final' is pointless.
V1053. Calling the 'foo' virtual function in the constructor/destructor may lead to unexpected result at runtime.
V1054. Object slicing. Derived class object was copied to the base class object.
V1055. The 'sizeof' expression returns the size of the container type, not the number of elements. Consider using the 'size()' function.
V1056. The predefined identifier '__func__' always contains the string 'operator()' inside function body of the overloaded 'operator()'.
V1057. Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time.
V1058. Nonsensical comparison of two different functions' addresses.
V1059. Macro name overrides a keyword/reserved name. This may lead to undefined behavior.
V1060. Passing 'BSTR ' to the 'SysAllocString' function may lead to incorrect object creation.
V1061. Extending 'std' or 'posix' namespace may result in undefined behavior.
V1062. Class defines a custom new or delete operator. The opposite operator must also be defined.
V1063. The modulo by 1 operation is meaningless. The result will always be zero.
V1064. The left operand of integer division is less than the right one. The result will always be zero.
V1065. Expression can be simplified: check similar operands.
V1066. The 'SysFreeString' function should be called only for objects of the 'BSTR' type.
V1067. Throwing from exception constructor may lead to unexpected behavior.
V1068. Do not define an unnamed namespace in a header file.
V1069. Do not concatenate string literals with different prefixes.
V1070. Signed value is converted to an unsigned one with subsequent expansion to a larger type in ternary operator.
V1071. Return value is not always used. Consider inspecting the 'foo' function.
V1072. Buffer needs to be securely cleared on all execution paths.
V1073. Check the following code block after the 'if' statement. Consider checking for typos.
V1074. Boundary between numeric escape sequence and string is unclear. The escape sequence ends with a letter and the next character is also a letter. Check for typos.
V1075. The function expects the file to be opened in one mode, but it was opened in different mode.
V1076. Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor.
V1077. Constructor contains potentially uninitialized members.
V1078. An empty container is iterated. The loop will not be executed.
V1079. Parameter of 'std::stop_token' type is not used inside function's body.
V1080. Call of 'std::is_constant_evaluated' function always returns the same value.
V1081. Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior.
V1082. Function marked as 'noreturn' may return control. This will result in undefined behavior.
V1083. Signed integer overflow in arithmetic expression. This leads to undefined behavior.
V1084. The expression is always true/false. The value is out of range of enum values.
V1085. Negative value is implicitly converted to unsigned integer type in arithmetic expression.
V1086. Call of the 'Foo' function will lead to buffer underflow.
V1087. Upper bound of case range is less than its lower bound. This case may be unreachable.
V1088. No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues.
V1089. Waiting on condition variable without predicate. A thread can wait indefinitely or experience a spurious wake-up.
V1090. The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'.
V1091. The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior.
V1092. Recursive function call during the static/thread_local variable initialization might occur. This may lead to undefined behavior.
V1093. The result of the right shift operation will always be 0. The right operand is greater than or equal to the number of bits in the left operand.
V1094. Conditional escape sequence in literal. Its representation is implementation-defined.
V1095. Usage of potentially invalid handle. The value should be non-negative.
V1096. Variable with static storage duration is declared inside the inline function with external linkage. This may lead to ODR violation.
V1097. Line splice results in a character sequence that matches the syntax of a universal-character-name. Using this sequence lead to undefined behavior.
V1098. The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved object can be destroyed even if there is no insertion.
V1099. Using the function of uninitialized derived class while initializing the base class will lead to undefined behavior.
V1100. Unreal Engine. Declaring a pointer to a type derived from 'UObject' in a class that is not derived from 'UObject' is dangerous. The pointer may start pointing to an invalid object after garbage collection.
V1101. Changing the default argument of a virtual function parameter in a derived class may result in unexpected behavior.
V1102. Unreal Engine. Violation of naming conventions may cause Unreal Header Tool to work incorrectly.
V1103. The values of padding bytes are unspecified. Comparing objects with padding using 'memcmp' may lead to unexpected result.
V1104. Priority of the 'M' operator is higher than that of the 'N' operator. Possible missing parentheses.
V1105. Suspicious string modification using the 'operator+='. The right operand is implicitly converted to a character type.
V1106. Qt. Class inherited from 'QObject' should contain at least one constructor that takes a pointer to 'QObject'.
V1107. Function was declared as accepting unspecified number of parameters. Consider explicitly specifying the function parameters list.
V1108. Constraint specified in a custom function annotation on the parameter is violated.
V1109. Function is deprecated. Consider switching to an equivalent newer function.
V1110. Constructor of a class inherited from 'QObject' does not use a pointer to a parent object.
V1111. The index was used without check after it was checked in previous lines.
V1112. Comparing expressions with different signedness can lead to unexpected results.
V1113. Potential resource leak. Calling the 'memset' function will change the pointer itself, not the allocated resource. Check the first and third arguments.
V1114. Suspicious use of 'dynamic_cast' when working with COM interfaces. Consider using the 'QueryInterface' member function.
General Analysis (C#)
V3001. There are identical sub-expressions to the left and to the right of the 'foo' operator.
V3002. The switch statement does not cover all values of the enum.
V3003. The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.
V3004. The 'then' statement is equivalent to the 'else' statement.
V3005. The 'x' variable is assigned to itself.
V3006. The object was created but it is not being used. The 'throw' keyword could be missing.
V3007. Odd semicolon ';' after 'if/for/while' operator.
V3008. The 'x' variable is assigned values twice successively. Perhaps this is a mistake.
V3009. It's odd that this method always returns one and the same value of NN.
V3010. The return value of function 'Foo' is required to be utilized.
V3011. Two opposite conditions were encountered. The second condition is always false.
V3012. The '?:' operator, regardless of its conditional expression, always returns one and the same value.
V3013. It is odd that the body of 'Foo_1' function is fully equivalent to the body of 'Foo_2' function.
V3014. It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'.
V3015. It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'.
V3016. The variable 'X' is being used for this loop and for the outer loop.
V3017. A pattern was detected: A || (A && ...). The expression is excessive or contains a logical error.
V3018. Consider inspecting the application's logic. It's possible that 'else' keyword is missing.
V3019. It is possible that an incorrect variable is compared with null after type conversion using 'as' keyword.
V3020. An unconditional 'break/continue/return/goto' within a loop.
V3021. There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless.
V3022. Expression is always true/false.
V3023. Consider inspecting this expression. The expression is excessive or contains a misprint.
V3024. An odd precise comparison. Consider using a comparison with defined precision: Math.Abs(A - B) < Epsilon or Math.Abs(A - B) > Epsilon.
V3025. Incorrect format. Consider checking the N format items of the 'Foo' function.
V3026. The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant.
V3027. The variable was utilized in the logical expression before it was verified against null in the same logical expression.
V3028. Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.
V3029. The conditional expressions of the 'if' statements situated alongside each other are identical.
V3030. Recurring check. This condition was already verified in previous line.
V3031. An excessive check can be simplified. The operator '||' operator is surrounded by opposite expressions 'x' and '!x'.
V3032. Waiting on this expression is unreliable, as compiler may optimize some of the variables. Use volatile variable(s) or synchronization primitives to avoid this.
V3033. It is possible that this 'else' branch must apply to the previous 'if' statement.
V3034. Consider inspecting the expression. Probably the '!=' should be used here.
V3035. Consider inspecting the expression. Probably the '+=' should be used here.
V3036. Consider inspecting the expression. Probably the '-=' should be used here.
V3037. An odd sequence of assignments of this kind: A = B; B = A;
V3038. The argument was passed to method several times. It is possible that another argument should be passed instead.
V3039. Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style.
V3040. The expression contains a suspicious mix of integer and real types.
V3041. The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part.
V3042. Possible NullReferenceException. The '?.' and '.' operators are used for accessing members of the same object.
V3043. The code's operational logic does not correspond with its formatting.
V3044. WPF: writing and reading are performed on a different Dependency Properties.
V3045. WPF: the names of the property registered for DependencyProperty, and of the property used to access it, do not correspond with each other.
V3046. WPF: the type registered for DependencyProperty does not correspond with the type of the property used to access it.
V3047. WPF: A class containing registered property does not correspond with a type that is passed as the ownerType.type.
V3048. WPF: several Dependency Properties are registered with a same name within the owner type.
V3049. WPF: readonly field of 'DependencyProperty' type is not initialized.
V3050. Possibly an incorrect HTML. The </XX> closing tag was encountered, while the </YY> tag was expected.
V3051. An excessive type cast or check. The object is already of the same type.
V3052. The original exception object was swallowed. Stack of original exception could be lost.
V3053. An excessive expression. Examine the substrings "abc" and "abcd".
V3054. Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.
V3055. Suspicious assignment inside the condition expression of 'if/while/for' operator.
V3056. Consider reviewing the correctness of 'X' item's usage.
V3057. Function receives an odd argument.
V3058. An item with the same key has already been added.
V3059. Consider adding '[Flags]' attribute to the enum.
V3060. A value of variable is not modified. Consider inspecting the expression. It is possible that other value should be present instead of '0'.
V3061. Parameter 'A' is always rewritten in method body before being used.
V3062. An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' method.
V3063. A part of conditional expression is always true/false if it is evaluated.
V3064. Division or mod division by zero.
V3065. Parameter is not utilized inside method's body.
V3066. Possible incorrect order of arguments passed to method.
V3067. It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.
V3068. Calling overrideable class member from constructor is dangerous.
V3069. It's possible that the line was commented out improperly, thus altering the program's operation logics.
V3070. Uninitialized variables are used when initializing the 'A' variable.
V3071. The object is returned from inside 'using' block. 'Dispose' will be invoked before exiting method.
V3072. The 'A' class containing IDisposable members does not itself implement IDisposable.
V3073. Not all IDisposable members are properly disposed. Call 'Dispose' when disposing 'A' class.
V3074. The 'A' class contains 'Dispose' method. Consider making it implement 'IDisposable' interface.
V3075. The operation is executed 2 or more times in succession.
V3076. Comparison with 'double.NaN' is meaningless. Use 'double.IsNaN()' method instead.
V3077. Property setter / event accessor does not utilize its 'value' parameter.
V3078. Sorting keys priority will be reversed relative to the order of 'OrderBy' method calls. Perhaps, 'ThenBy' should be used instead.
V3079. The 'ThreadStatic' attribute is applied to a non-static 'A' field and will be ignored.
V3080. Possible null dereference.
V3081. The 'X' counter is not used inside a nested loop. Consider inspecting usage of 'Y' counter.
V3082. The 'Thread' object is created but is not started. It is possible that a call to 'Start' method is missing.
V3083. Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.
V3084. Anonymous function is used to unsubscribe from event. No handlers will be unsubscribed, as a separate delegate instance is created for each anonymous function declaration.
V3085. The name of 'X' field/property in a nested type is ambiguous. The outer type contains static field/property with identical name.
V3086. Variables are initialized through the call to the same function. It's probably an error or un-optimized code.
V3087. Type of variable enumerated in 'foreach' is not guaranteed to be castable to the type of collection's elements.
V3088. The expression was enclosed by parentheses twice: ((expression)). One pair of parentheses is unnecessary or misprint is present.
V3089. Initializer of a field marked by [ThreadStatic] attribute will be called once on the first accessing thread. The field will have default value on different threads.
V3090. Unsafe locking on an object.
V3091. Empirical analysis. It is possible that a typo is present inside the string literal. The 'foo' word is suspicious.
V3092. Range intersections are possible within conditional expressions.
V3093. The operator evaluates both operands. Perhaps a short-circuit operator should be used instead.
V3094. Possible exception when deserializing type. The Ctor(SerializationInfo, StreamingContext) constructor is missing.
V3095. The object was used before it was verified against null. Check lines: N1, N2.
V3096. Possible exception when serializing type. [Serializable] attribute is missing.
V3097. Possible exception: type marked by [Serializable] contains non-serializable members not marked by [NonSerialized].
V3098. The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false.
V3099. Not all the members of type are serialized inside 'GetObjectData' method.
V3100. NullReferenceException is possible. Unhandled exceptions in destructor lead to termination of runtime.
V3101. Potential resurrection of 'this' object instance from destructor. Without re-registering for finalization, destructor will not be called a second time on resurrected object.
V3102. Suspicious access to element by a constant index inside a loop.
V3103. A private Ctor(SerializationInfo, StreamingContext) constructor in unsealed type will not be accessible when deserializing derived types.
V3104. The 'GetObjectData' implementation in unsealed type is not virtual, incorrect serialization of derived type is possible.
V3105. The 'a' variable was used after it was assigned through null-conditional operator. NullReferenceException is possible.
V3106. Possibly index is out of bound.
V3107. Identical expression to the left and to the right of compound assignment.
V3108. It is not recommended to return null or throw exceptions from 'ToString()' method.
V3109. The same sub-expression is present on both sides of the operator. The expression is incorrect or it can be simplified.
V3110. Possible infinite recursion.
V3111. Checking value for null will always return false when generic type is instantiated with a value type.
V3112. An abnormality within similar comparisons. It is possible that a typo is present inside the expression.
V3113. Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator.
V3114. IDisposable object is not disposed before method returns.
V3115. It is not recommended to throw exceptions from 'Equals(object obj)' method.
V3116. Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all.
V3117. Constructor parameter is not used.
V3118. A component of TimeSpan is used, which does not represent full time interval. Possibly 'Total*' value was intended instead.
V3119. Calling a virtual (overridden) event may lead to unpredictable behavior. Consider implementing event accessors explicitly or use 'sealed' keyword.
V3120. Potentially infinite loop. The variable from the loop exit condition does not change its value between iterations.
V3121. An enumeration was declared with 'Flags' attribute, but does not set any initializers to override default values.
V3122. Uppercase (lowercase) string is compared with a different lowercase (uppercase) string.
V3123. Perhaps the '??' operator works in a different way than it was expected. Its priority is lower than priority of other operators in its left part.
V3124. Appending an element and checking for key uniqueness is performed on two different variables.
V3125. The object was used after it was verified against null. Check lines: N1, N2.
V3126. Type implementing IEquatable<T> interface does not override 'GetHashCode' method.
V3127. Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'.
V3128. The field (property) is used before it is initialized in constructor.
V3129. The value of the captured variable will be overwritten on the next iteration of the loop in each instance of anonymous function that captures it.
V3130. Priority of the '&&' operator is higher than that of the '||' operator. Possible missing parentheses.
V3131. The expression is checked for compatibility with the type 'A', but is casted to the 'B' type.
V3132. A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'.
V3133. Postfix increment/decrement is senseless because this variable is overwritten.
V3134. Shift by N bits is greater than the size of type.
V3135. The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.
V3136. Constant expression in switch statement.
V3137. The variable is assigned but is not used by the end of the function.
V3138. String literal contains potential interpolated expression.
V3139. Two or more case-branches perform the same actions.
V3140. Property accessors use different backing fields.
V3141. Expression under 'throw' is a potential null, which can lead to NullReferenceException.
V3142. Unreachable code detected. It is possible that an error is present.
V3143. The 'value' parameter is rewritten inside a property setter, and is not used after that.
V3144. This file is marked with copyleft license, which requires you to open the derived source code.
V3145. Unsafe dereference of a WeakReference target. The object could have been garbage collected before the 'Target' property was accessed.
V3146. Possible null dereference. A method can return default null value.
V3147. Non-atomic modification of volatile variable.
V3148. Casting potential 'null' value to a value type can lead to NullReferenceException.
V3149. Dereferencing the result of 'as' operator can lead to NullReferenceException.
V3150. Loop break conditions do not depend on the number of iterations.
V3151. Potential division by zero. Variable was used as a divisor before it was compared to zero. Check lines: N1, N2.
V3152. Potential division by zero. Variable was compared to zero before it was used as a divisor. Check lines: N1, N2.
V3153. Dereferencing the result of null-conditional access operator can lead to NullReferenceException.
V3154. The 'a % b' expression always evaluates to 0.
V3155. The expression is incorrect or it can be simplified.
V3156. The argument of the method is not expected to be null.
V3157. Suspicious division. Absolute value of the left operand is less than the right operand.
V3158. Suspicious division. Absolute values of both operands are equal.
V3159. Modified value of the operand is not used after the increment/decrement operation.
V3160. Argument of incorrect type is passed to the 'Enum.HasFlag' method.
V3161. Comparing value type variables with 'ReferenceEquals' is incorrect because compared values will be boxed.
V3162. Suspicious return of an always empty collection.
V3163. An exception handling block does not contain any code.
V3164. Exception classes should be publicly accessible.
V3165. The expression of the 'char' type is passed as an argument of the 'A' type whereas similar overload with the string parameter exists.
V3166. Calling the 'SingleOrDefault' method may lead to 'InvalidOperationException'.
V3167. Parameter of 'CancellationToken' type is not used inside function's body.
V3168. Awaiting on expression with potential null value can lead to throwing of 'NullReferenceException'.
V3169. Suspicious return of a local reference variable which always equals null.
V3170. Both operands of the '??' operator are identical.
V3171. Potentially negative value is used as the size of an array.
V3172. The 'if/if-else/for/while/foreach' statement and code block after it are not related. Inspect the program's logic.
V3173. Possible incorrect initialization of variable. Consider verifying the initializer.
V3174. Suspicious subexpression in a sequence of similar comparisons.
V3175. Locking operations must be performed on the same thread. Using 'await' in a critical section may lead to a lock being released on a different thread.
V3176. The '&=' or '|=' operator is redundant because the right operand is always true/false.
V3177. Logical literal belongs to second operator with a higher priority. It is possible literal was intended to belong to '??' operator instead.
V3178. Calling method or accessing property of potentially disposed object may result in exception.
V3179. Calling element access method for potentially empty collection may result in exception.
V3180. The 'HasFlag' method always returns 'true' because the value '0' is passed as its argument.
V3181. The result of '&' operator is '0' because one of the operands is '0'.
V3182. The result of '&' operator is always '0'.
V3183. Code formatting implies that the statement should not be a part of the 'then' branch that belongs to the preceding 'if' statement.
V3184. The argument's value is greater than the size of the collection. Passing the value into the 'Foo' method will result in an exception.
V3185. An argument containing a file path could be mixed up with another argument. The other function parameter expects a file path instead.
V3186. The arguments violate the bounds of collection. Passing these values into the method will result in an exception.
V3187. Parts of an SQL query are not delimited by any separators or whitespaces. Executing this query may lead to an error.
V3188. Unity Engine. The value of an expression is a potentially destroyed Unity object or null. Member invocation on this value may lead to an exception.
V3189. The assignment to a member of the readonly field will have no effect when the field is of a value type. Consider restricting the type parameter to reference types.
V3190. Concurrent modification of a variable may lead to errors.
V3191. Iteration through collection makes no sense because it is always empty.
V3192. Type member is used in the 'GetHashCode' method but is missing from the 'Equals' method.
V3193. Data processing results are potentially used before asynchronous output reading is complete. Consider calling 'WaitForExit' overload with no arguments before using the data.
V3194. Calling 'OfType' for collection will return an empty collection. It is not possible to cast collection elements to the type parameter.
V3195. Collection initializer implicitly calls 'Add' method. Using it on member with default value of null will result in null dereference exception.
V3196. Parameter is not utilized inside the method body, but an identifier with a similar name is used inside the same method.
V3197. The compared value inside the 'Object.Equals' override is converted to a different type that does not contain the override.
V3198. The variable is assigned the same value that it already holds.
V3199. The index from end operator is used with the value that is less than or equal to zero. Collection index will be out of bounds.
V3200. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.
V3201. Return value is not always used. Consider inspecting the 'foo' method.
V3202. Unreachable code detected. The 'case' value is out of the range of the match expression.
V3203. Method parameter is not used.
V3204. The expression is always false due to implicit type conversion. Overflow check is incorrect.
V3205. Unity Engine. Improper creation of 'MonoBehaviour' or 'ScriptableObject' object using the 'new' operator. Use the special object creation method instead.
V3206. Unity Engine. A direct call to the coroutine-like method will not start it. Use the 'StartCoroutine' method instead.
General Analysis (Java)
V6001. There are identical sub-expressions to the left and to the right of the 'foo' operator.
V6002. The switch statement does not cover all values of the enum.
V6003. The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.
V6004. The 'then' statement is equivalent to the 'else' statement.
V6005. The 'x' variable is assigned to itself.
V6006. The object was created but it is not being used. The 'throw' keyword could be missing.
V6007. Expression is always true/false.
V6008. Potential null dereference.
V6009. Function receives an odd argument.
V6010. The return value of function 'Foo' is required to be utilized.
V6011. The expression contains a suspicious mix of integer and real types.
V6012. The '?:' operator, regardless of its conditional expression, always returns one and the same value.
V6013. Comparison of arrays, strings, collections by reference. Possibly an equality comparison was intended.
V6014. It's odd that this method always returns one and the same value of NN.
V6015. Consider inspecting the expression. Probably the '!='/'-='/'+=' should be used here.
V6016. Suspicious access to element by a constant index inside a loop.
V6017. The 'X' counter is not used inside a nested loop. Consider inspecting usage of 'Y' counter.
V6018. Constant expression in switch statement.
V6019. Unreachable code detected. It is possible that an error is present.
V6020. Division or mod division by zero.
V6021. The value is assigned to the 'x' variable but is not used.
V6022. Parameter is not used inside method's body.
V6023. Parameter 'A' is always rewritten in method body before being used.
V6024. The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false.
V6025. Possibly index is out of bound.
V6026. This value is already assigned to the 'b' variable.
V6027. Variables are initialized through the call to the same function. It's probably an error or un-optimized code.
V6028. Identical expression to the left and to the right of compound assignment.
V6029. Possible incorrect order of arguments passed to method.
V6030. The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead.
V6031. The variable 'X' is being used for this loop and for the outer loop.
V6032. It is odd that the body of 'Foo_1' function is fully equivalent to the body of 'Foo_2' function.
V6033. An item with the same key has already been added.
V6034. Shift by N bits is inconsistent with the size of type.
V6035. Double negation is present in the expression: !!x.
V6036. The value from the uninitialized optional is used.
V6037. An unconditional 'break/continue/return/goto' within a loop.
V6038. Comparison with 'double.NaN' is meaningless. Use 'double.isNaN()' method instead.
V6039. There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless.
V6040. The code's operational logic does not correspond with its formatting.
V6041. Suspicious assignment inside the conditional expression of 'if/while/do...while' statement.
V6042. The expression is checked for compatibility with type 'A', but is cast to type 'B'.
V6043. Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.
V6044. Postfix increment/decrement is senseless because this variable is overwritten.
V6045. Suspicious subexpression in a sequence of similar comparisons.
V6046. Incorrect format. Consider checking the N format items of the 'Foo' function.
V6047. It is possible that this 'else' branch must apply to the previous 'if' statement.
V6048. This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake.
V6049. Classes that define 'equals' method must also define 'hashCode' method.
V6050. Class initialization cycle is present.
V6051. Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions.
V6052. Calling an overridden method in parent-class constructor may lead to use of uninitialized data.
V6053. Collection is modified while iteration is in progress. ConcurrentModificationException may occur.
V6054. Classes should not be compared by their name.
V6055. Expression inside assert statement can change object's state.
V6056. Implementation of 'compareTo' overloads the method from a base class. Possibly, an override was intended.
V6057. Consider inspecting this expression. The expression is excessive or contains a misprint.
V6058. Comparing objects of incompatible types.
V6059. Odd use of special character in regular expression. Possibly, it was intended to be escaped.
V6060. The reference was used before it was verified against null.
V6061. The used constant value is represented by an octal form.
V6062. Possible infinite recursion.
V6063. Odd semicolon ';' after 'if/for/while' operator.
V6064. Suspicious invocation of Thread.run().
V6065. A non-serializable class should not be serialized.
V6066. Passing objects of incompatible types to the method of collection.
V6067. Two or more case-branches perform the same actions.
V6068. Suspicious use of BigDecimal class.
V6069. Unsigned right shift assignment of negative 'byte' / 'short' value.
V6070. Unsafe synchronization on an object.
V6071. This file is marked with copyleft license, which requires you to open the derived source code.
V6072. Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'.
V6073. It is not recommended to return null or throw exceptions from 'toString' / 'clone' methods.
V6074. Non-atomic modification of volatile variable.
V6075. The signature of method 'X' does not conform to serialization requirements.
V6076. Recurrent serialization will use cached object state from first serialization.
V6077. A suspicious label is present inside a switch(). It is possible that these are misprints and 'default:' label should be used instead.
V6078. Potential Java SE API compatibility issue.
V6079. Value of variable is checked after use. Potential logical error is present. Check lines: N1, N2.
V6080. Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition.
V6081. Annotation that does not have 'RUNTIME' retention policy will not be accessible through Reflection API.
V6082. Unsafe double-checked locking.
V6083. Serialization order of fields should be preserved during deserialization.
V6084. Suspicious return of an always empty collection.
V6085. An abnormality within similar comparisons. It is possible that a typo is present inside the expression.
V6086. Suspicious code formatting. 'else' keyword is probably missing.
V6087. InvalidClassException may occur during deserialization.
V6088. Result of this expression will be implicitly cast to 'Type'. Check if program logic handles it correctly.
V6089. It's possible that the line was commented out improperly, thus altering the program's operation logics.
V6090. Field 'A' is being used before it was initialized.
V6091. Suspicious getter/setter implementation. The 'A' field should probably be returned/assigned instead.
V6092. A resource is returned from try-with-resources statement. It will be closed before the method exits.
V6093. Automatic unboxing of a variable may cause NullPointerException.
V6094. The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part.
V6095. Thread.sleep() inside synchronized block/method may cause decreased performance.
V6096. An odd precise comparison. Consider using a comparison with defined precision: Math.abs(A - B) < Epsilon or Math.abs(A - B) > Epsilon.
V6097. Lowercase 'L' at the end of a long literal can be mistaken for '1'.
V6098. The method does not override another method from the base class.
V6099. The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.
V6100. An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' method.
V6101. compareTo()-like methods can return not only the values -1, 0 and 1, but any values.
V6102. Inconsistent synchronization of a field. Consider synchronizing the field on all usages.
V6103. Ignored InterruptedException could lead to delayed thread shutdown.
V6104. A pattern was detected: A || (A && ...). The expression is excessive or contains a logical error.
V6105. Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator.
V6106. Casting expression to 'X' type before implicitly casting it to other type may be excessive or incorrect.
V6107. The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant.
V6108. Do not use real-type variables in 'for' loop counters.
V6109. Potentially predictable seed is used in pseudo-random number generator.
V6110. Using an environment variable could be unsafe or unreliable. Consider using trusted system property instead
V6111. Potentially negative value is used as the size of an array.
V6112. Calling the 'getClass' method repeatedly or on the value of the '.class' literal will always return the instance of the 'Class<Class>' type.
V6113. Suspicious division. Absolute value of the left operand is less than the value of the right operand.
V6114. The 'A' class containing Closeable members does not release the resources that the field is holding.
V6115. Not all Closeable members are released inside the 'close' method.
V6116. The class does not implement the Closeable interface, but it contains the 'close' method that releases resources.
V6117. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.
V6118. The original exception object was swallowed. Cause of original exception could be lost.
V6119. The result of '&' operator is always '0'.
V6120. The result of the '&' operator is '0' because one of the operands is '0'.
V6121. Return value is not always used. Consider inspecting the 'foo' method.
V6122. The 'Y' (week year) pattern is used for date formatting. Check whether the 'y' (year) pattern was intended instead.
Micro-Optimizations (C++)
V801. Decreased performance. It is better to redefine the N function argument as a reference. Consider replacing 'const T' with 'const .. &T' / 'const .. *T'.
V802. On 32-bit/64-bit platform, structure size can be reduced from N to K bytes by rearranging the fields according to their sizes in decreasing order.
V803. Decreased performance. It is more effective to use the prefix form of ++it. Replace iterator++ with ++iterator.
V804. Decreased performance. The 'Foo' function is called twice in the specified expression to calculate length of the same string.
V805. Decreased performance. It is inefficient to identify an empty string by using 'strlen(str) > 0' construct. A more efficient way is to check: str[0] != '\0'.
V806. Decreased performance. The expression of strlen(MyStr.c_str()) kind can be rewritten as MyStr.length().
V807. Decreased performance. Consider creating a pointer/reference to avoid using the same expression repeatedly.
V808. An array/object was declared but was not utilized.
V809. Verifying that a pointer value is not NULL is not required. The 'if (ptr != NULL)' check can be removed.
V810. Decreased performance. The 'A' function was called several times with identical arguments. The result should possibly be saved to a temporary variable, which then could be used while calling the 'B' function.
V811. Decreased performance. Excessive type casting: string -> char * -> string.
V812. Decreased performance. Ineffective use of the 'count' function. It can possibly be replaced by the call to the 'find' function.
V813. Decreased performance. The argument should probably be rendered as a constant pointer/reference.
V814. Decreased performance. The 'strlen' function was called multiple times inside the body of a loop.
V815. Decreased performance. Consider replacing the expression 'AA' with 'BB'.
V816. It is more efficient to catch exception by reference rather than by value.
V817. It is more efficient to search for 'X' character rather than a string.
V818. It is more efficient to use an initialization list rather than an assignment operator.
V819. Decreased performance. Memory is allocated and released multiple times inside the loop body.
V820. The variable is not used after copying. Copying can be replaced with move/swap for optimization.
V821. The variable can be constructed in a lower level scope.
V822. Decreased performance. A new object is created, while a reference to an object is expected.
V823. Decreased performance. Object may be created in-place in a container. Consider replacing methods: 'insert' -> 'emplace', 'push_*' -> 'emplace_*'.
V824. It is recommended to use the 'make_unique/make_shared' function to create smart pointers.
V825. Expression is equivalent to moving one unique pointer to another. Consider using 'std::move' instead.
V826. Consider replacing standard container with a different one.
V827. Maximum size of a vector is known at compile time. Consider pre-allocating it by calling reserve(N).
V828. Decreased performance. Moving an object in a return statement prevents copy elision.
V829. Lifetime of the heap-allocated variable is limited to the current function's scope. Consider allocating it on the stack instead.
V830. Decreased performance. Consider replacing the use of 'std::optional::value()' with either the '*' or '->' operator.
V831. Decreased performance. Consider replacing the call to the 'at()' method with the 'operator[]'.
V832. It's better to use '= default;' syntax instead of empty body.
V833. Using 'std::move' function's with const object disables move semantics.
V834. Incorrect type of a loop variable. This leads to the variable binding to a temporary object instead of a range element.
V835. Passing cheap-to-copy argument by reference may lead to decreased performance.
V836. Expression's value is copied at the variable declaration. The variable is never modified. Consider declaring it as a reference.
V837. The 'emplace' / 'insert' function does not guarantee that arguments will not be copied or moved if there is no insertion. Consider using the 'try_emplace' function.
V838. Temporary object is constructed during lookup in ordered associative container. Consider using a container with heterogeneous lookup to avoid construction of temporary objects.
V839. Function returns a constant value. This may interfere with move semantics.
Micro-Optimizations (C#)
V4001. Unity Engine. Boxing inside a frequently called method may decrease performance.
V4002. Unity Engine. Avoid storing consecutive concatenations inside a single string in performance-sensitive context. Consider using StringBuilder to improve performance.
V4003. Unity Engine. Avoid capturing variable in performance-sensitive context. This can lead to decreased performance.
V4004. Unity Engine. New array object is returned from method or property. Using such member in performance-sensitive context can lead to decreased performance.
V4005. Unity Engine. The expensive operation is performed inside method or property. Using such member in performance-sensitive context can lead to decreased performance.
V4006. Unity Engine. Multiple operations between complex and numeric values. Prioritizing operations between numeric values can optimize execution time.
Diagnosis of 64-bit errors (Viva64, C++)
V101. Implicit assignment type conversion to memsize type.
V102. Usage of non memsize type for pointer arithmetic.
V103. Implicit type conversion from memsize type to 32-bit type.
V104. Implicit type conversion to memsize type in an arithmetic expression.
V105. N operand of '?:' operation: implicit type conversion to memsize type.
V106. Implicit type conversion N argument of function 'foo' to memsize type.
V107. Implicit type conversion N argument of function 'foo' to 32-bit type.
V108. Incorrect index type: 'foo[not a memsize-type]'. Use memsize type instead.
V109. Implicit type conversion of return value to memsize type.
V110. Implicit type conversion of return value from memsize type to 32-bit type.
V111. Call of function 'foo' with variable number of arguments. N argument has memsize type.
V112. Dangerous magic number N used.
V113. Implicit type conversion from memsize to double type or vice versa.
V114. Dangerous explicit type pointer conversion.
V115. Memsize type is used for throw.
V116. Memsize type is used for catch.
V117. Memsize type is used in the union.
V118. malloc() function accepts a dangerous expression in the capacity of an argument.
V119. More than one sizeof() operator is used in one expression.
V120. Member operator[] of object 'foo' is declared with 32-bit type argument, but is called with memsize type argument.
V121. Implicit conversion of the type of 'new' operator's argument to size_t type.
V122. Memsize type is used in the struct/class.
V123. Allocation of memory by the pattern "(X*)malloc(sizeof(Y))" where the sizes of X and Y types are not equal.
V124. Function 'Foo' writes/reads 'N' bytes. The alignment rules and type sizes have been changed. Consider reviewing this value.
V125. It is not advised to declare type 'T' as 32-bit type.
V126. Be advised that the size of the type 'long' varies between LLP64/LP64 data models.
V127. An overflow of the 32-bit variable is possible inside a long cycle which utilizes a memsize-type loop counter.
V128. A variable of the memsize type is read from a stream. Consider verifying the compatibility of 32 and 64 bit versions of the application in the context of a stored data.
V201. Explicit conversion from 32-bit integer type to memsize type.
V202. Explicit conversion from memsize type to 32-bit integer type.
V203. Explicit type conversion from memsize to double type or vice versa.
V204. Explicit conversion from 32-bit integer type to pointer type.
V205. Explicit conversion of pointer type to 32-bit integer type.
V206. Explicit conversion from 'void *' to 'int *'.
V207. A 32-bit variable is utilized as a reference to a pointer. A write outside the bounds of this variable may occur.
V220. Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize.
V221. Suspicious sequence of types castings: pointer -> memsize -> 32-bit integer.
V301. Unexpected function overloading behavior. See N argument of function 'foo' in derived class 'derived' and base class 'base'.
V302. Member operator[] of 'foo' class has a 32-bit type argument. Use memsize-type here.
V303. The function is deprecated in the Win64 system. It is safer to use the 'foo' function.
Customer specific requests (C++)
V2001. Consider using the extended version of the 'foo' function here.
V2002. Consider using the 'Ptr' version of the 'foo' function here.
V2003. Explicit conversion from 'float/double' type to signed integer type.
V2004. Explicit conversion from 'float/double' type to unsigned integer type.
V2005. C-style explicit type casting is utilized. Consider using: static_cast/const_cast/reinterpret_cast.
V2006. Implicit type conversion from enum type to integer type.
V2007. This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake.
V2008. Cyclomatic complexity: NN. Consider refactoring the 'Foo' function.
V2009. Consider passing the 'Foo' argument as a pointer/reference to const.
V2010. Handling of two different exception types is identical.
V2011. Consider inspecting signed and unsigned function arguments. See NN argument of function 'Foo' in derived class and base class.
V2012. Possibility of decreased performance. It is advised to pass arguments to std::unary_function/std::binary_function template as references.
V2013. Consider inspecting the correctness of handling the N argument in the 'Foo' function.
V2014. Don't use terminating functions in library code.
V2015. An identifier declared in an inner scope should not hide an identifier in an outer scope.
V2016. Consider inspecting the function call. The function was annotated as dangerous.
V2017. String literal is identical to variable name. It is possible that the variable should be used instead of the string literal.
V2018. Cast should not remove 'const' qualifier from the type that is pointed to by a pointer or a reference.
V2019. Cast should not remove 'volatile' qualifier from the type that is pointed to by a pointer or a reference.
V2020. The loop body contains the 'break;' / 'continue;' statement. This may complicate the control flow.
V2021. Using assertions may cause the abnormal program termination in undesirable contexts.
MISRA errors
V2501. MISRA. Octal constants should not be used.
V2502. MISRA. The 'goto' statement should not be used.
V2503. MISRA. Implicitly specified enumeration constants should be unique – consider specifying non-unique constants explicitly.
V2504. MISRA. Size of an array is not specified.
V2505. MISRA. The 'goto' statement shouldn't jump to a label declared earlier.
V2506. MISRA. A function should have a single point of exit at the end.
V2507. MISRA. The body of a loop\conditional statement should be enclosed in braces.
V2508. MISRA. The function with the 'atof/atoi/atol/atoll' name should not be used.
V2509. MISRA. The function with the 'abort/exit/getenv/system' name should not be used.
V2510. MISRA. The function with the 'qsort/bsearch' name should not be used.
V2511. MISRA. Memory allocation and deallocation functions should not be used.
V2512. MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used.
V2513. MISRA. Unbounded functions performing string operations should not be used.
V2514. MISRA. Unions should not be used.
V2515. MISRA. Declaration should contain no more than two levels of pointer nesting.
V2516. MISRA. The 'if' ... 'else if' construct should be terminated with an 'else' statement.
V2517. MISRA. Literal suffixes should not contain lowercase characters.
V2518. MISRA. The 'default' label should be either the first or the last label of a 'switch' statement.
V2519. MISRA. Every 'switch' statement should have a 'default' label, which, in addition to the terminating 'break' statement, should contain either a statement or a comment.
V2520. MISRA. Every switch-clause should be terminated by an unconditional 'break' or 'throw' statement.
V2521. MISRA. Only the first member of enumerator list should be explicitly initialized, unless all members are explicitly initialized.
V2522. MISRA. The 'switch' statement should have 'default' as the last label.
V2523. MISRA. All integer constants of unsigned type should have 'u' or 'U' suffix.
V2524. MISRA. A switch-label should only appear at the top level of the compound statement forming the body of a 'switch' statement.
V2525. MISRA. Every 'switch' statement should contain non-empty switch-clauses.
V2526. MISRA. The functions from time.h/ctime should not be used.
V2527. MISRA. A switch-expression should not have Boolean type. Consider using of 'if-else' construct.
V2528. MISRA. The comma operator should not be used.
V2529. MISRA. Any label should be declared in the same block as 'goto' statement or in any block enclosing it.
V2530. MISRA. Any loop should be terminated with no more than one 'break' or 'goto' statement.
V2531. MISRA. Expression of essential type 'foo' should not be explicitly cast to essential type 'bar'.
V2532. MISRA. String literal should not be assigned to object unless it has type of pointer to const-qualified char.
V2533. MISRA. C-style and functional notation casts should not be performed.
V2534. MISRA. The loop counter should not have floating-point type.
V2535. MISRA. Unreachable code should not be present in the project.
V2536. MISRA. Function should not contain labels not used by any 'goto' statements.
V2537. MISRA. Functions should not have unused parameters.
V2538. MISRA. The value of uninitialized variable should not be used.
V2539. MISRA. Class destructor should not exit with an exception.
V2540. MISRA. Arrays should not be partially initialized.
V2541. MISRA. Function should not be declared implicitly.
V2542. MISRA. Function with a non-void return type should return a value from all exit paths.
V2543. MISRA. Value of the essential character type should be used appropriately in the addition/subtraction operations.
V2544. MISRA. The values used in expressions should have appropriate essential types.
V2545. MISRA. Conversion between pointers of different object types should not be performed.
V2546. MISRA. Expression resulting from the macro expansion should be surrounded by parentheses.
V2547. MISRA. The return value of non-void function should be used.
V2548. MISRA. The address of an object with local scope should not be passed out of its scope.
V2549. MISRA. Pointer to FILE should not be dereferenced.
V2550. MISRA. Floating-point values should not be tested for equality or inequality.
V2551. MISRA. Variable should be declared in a scope that minimizes its visibility.
V2552. MISRA. Expressions with enum underlying type should have values corresponding to the enumerators of the enumeration.
V2553. MISRA. Unary minus operator should not be applied to an expression of the unsigned type.
V2554. MISRA. Expression containing increment (++) or decrement (--) should not have other side effects.
V2555. MISRA. Incorrect shifting expression.
V2556. MISRA. Use of a pointer to FILE when the associated stream has already been closed.
V2557. MISRA. Operand of sizeof() operator should not have other side effects.
V2558. MISRA. A pointer/reference parameter in a function should be declared as pointer/reference to const if the corresponding object was not modified.
V2559. MISRA. Subtraction, >, >=, <, <= should be applied only to pointers that address elements of the same array.
V2560. MISRA. There should be no user-defined variadic functions.
V2561. MISRA. The result of an assignment expression should not be used.
V2562. MISRA. Expressions with pointer type should not be used in the '+', '-', '+=' and '-=' operations.
V2563. MISRA. Array indexing should be the only form of pointer arithmetic and it should be applied only to objects defined as an array type.
V2564. MISRA. There should be no implicit integral-floating conversion.
V2565. MISRA. A function should not call itself either directly or indirectly.
V2566. MISRA. Constant expression evaluation should not result in an unsigned integer wrap-around.
V2567. MISRA. Cast should not remove 'const' / 'volatile' qualification from the type that is pointed to by a pointer or a reference.
V2568. MISRA. Both operands of an operator should be of the same type category.
V2569. MISRA. The 'operator &&', 'operator ||', 'operator ,' and the unary 'operator &' should not be overloaded.
V2570. MISRA. Operands of the logical '&&' or the '||' operators, the '!' operator should have 'bool' type.
V2571. MISRA. Conversions between pointers to objects and integer types should not be performed.
V2572. MISRA. Value of the expression should not be converted to the different essential type or the narrower essential type.
V2573. MISRA. Identifiers that start with '__' or '_[A-Z]' are reserved.
V2574. MISRA. Functions should not be declared at block scope.
V2575. MISRA. The global namespace should only contain 'main', namespace declarations and 'extern "C"' declarations.
V2576. MISRA. The identifier 'main' should not be used for a function other than the global function 'main'.
V2577. MISRA. The function argument corresponding to a parameter declared to have an array type should have an appropriate number of elements.
V2578. MISRA. An identifier with array type passed as a function argument should not decay to a pointer.
V2579. MISRA. Macro should not be defined with the same name as a keyword.
V2580. MISRA. The 'restrict' specifier should not be used.
V2581. MISRA. Single-line comments should not end with a continuation token.
V2582. MISRA. Block of memory should only be freed if it was allocated by a Standard Library function.
V2583. MISRA. Line whose first token is '#' should be a valid preprocessing directive.
V2584. MISRA. Expression used in condition should have essential Boolean type.
V2585. MISRA. Casts between a void pointer and an arithmetic type should not be performed.
V2586. MISRA. Flexible array members should not be declared.
V2587. MISRA. The '//' and '/*' character sequences should not appear within comments.
V2588. MISRA. All memory or resources allocated dynamically should be explicitly released.
V2589. MISRA. Casts between a pointer and a non-integer arithmetic type should not be performed.
V2590. MISRA. Conversions should not be performed between pointer to function and any other type.
V2591. MISRA. Bit fields should only be declared with explicitly signed or unsigned integer type
V2592. MISRA. An identifier declared in an inner scope should not hide an identifier in an outer scope.
V2593. MISRA. Single-bit bit fields should not be declared as signed type.
V2594. MISRA. Controlling expressions should not be invariant.
V2595. MISRA. Array size should be specified explicitly when array declaration uses designated initialization.
V2596. MISRA. The value of a composite expression should not be assigned to an object with wider essential type.
V2597. MISRA. Cast should not convert pointer to function to any other pointer type.
V2598. MISRA. Variable length array types are not allowed.
V2599. MISRA. The standard signal handling functions should not be used.
V2600. MISRA. The standard input/output functions should not be used.
V2601. MISRA. Functions should be declared in prototype form with named parameters.
V2602. MISRA. Octal and hexadecimal escape sequences should be terminated.
V2603. MISRA. The 'static' keyword shall not be used between [] in the declaration of an array parameter.
V2604. MISRA. Features from <stdarg.h> should not be used.
V2605. MISRA. Features from <tgmath.h> should not be used.
V2606. MISRA. There should be no attempt to write to a stream that has been opened for reading.
V2607. MISRA. Inline functions should be declared with the static storage class.
V2608. MISRA. The 'static' storage class specifier should be used in all declarations of object and functions that have internal linkage.
V2609. MISRA. There should be no occurrence of undefined or critical unspecified behaviour.
V2610. MISRA. The ', " or \ characters and the /* or // character sequences should not occur in a header file name.
V2611. MISRA. Casts between a pointer to an incomplete type and any other type shouldn't be performed.
V2612. MISRA. Array element should not be initialized more than once.
V2613. MISRA. Operand that is a composite expression has more narrow essential type than the other operand.
V2614. MISRA. External identifiers should be distinct.
V2615. MISRA. A compatible declaration should be visible when an object or function with external linkage is defined.
V2616. MISRA. All conditional inclusion preprocessor directives should reside in the same file as the conditional inclusion directive to which they are related.
V2617. MISRA. Object should not be assigned or copied to an overlapping object.
V2618. MISRA. Identifiers declared in the same scope and name space should be distinct.
V2619. MISRA. Typedef names should be unique across all name spaces.
V2620. MISRA. Value of a composite expression should not be cast to a different essential type category or a wider essential type.
V2621. MISRA. Tag names should be unique across all name spaces.
V2622. MISRA. External object or function should be declared once in one and only one file.
V2623. MISRA. Macro identifiers should be distinct.
V2624. MISRA. The initializer for an aggregate or union should be enclosed in braces.
V2625. MISRA. Identifiers that define objects or functions with external linkage shall be unique.
AUTOSAR errors
V3501. AUTOSAR. Octal constants should not be used.
V3502. AUTOSAR. Size of an array is not specified.
V3503. AUTOSAR. The 'goto' statement shouldn't jump to a label declared earlier.
V3504. AUTOSAR. The body of a loop\conditional statement should be enclosed in braces.
V3505. AUTOSAR. The function with the 'atof/atoi/atol/atoll' name should not be used.
V3506. AUTOSAR. The function with the 'abort/exit/getenv/system' name should not be used.
V3507. AUTOSAR. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used.
V3508. AUTOSAR. Unbounded functions performing string operations should not be used.
V3509. AUTOSAR. Unions should not be used.
V3510. AUTOSAR. Declaration should contain no more than two levels of pointer nesting.
V3511. AUTOSAR. The 'if' ... 'else if' construct should be terminated with an 'else' statement.
V3512. AUTOSAR. Literal suffixes should not contain lowercase characters.
V3513. AUTOSAR. Every switch-clause should be terminated by an unconditional 'break' or 'throw' statement.
V3514. AUTOSAR. The 'switch' statement should have 'default' as the last label.
V3515. AUTOSAR. All integer constants of unsigned type should have 'U' suffix.
V3516. AUTOSAR. A switch-label should only appear at the top level of the compound statement forming the body of a 'switch' statement.
V3517. AUTOSAR. The functions from time.h/ctime should not be used.
V3518. AUTOSAR. A switch-expression should not have Boolean type. Consider using of 'if-else' construct.
V3519. AUTOSAR. The comma operator should not be used.
V3520. AUTOSAR. Any label should be declared in the same block as 'goto' statement or in any block enclosing it.
V3521. AUTOSAR. The loop counter should not have floating-point type.
V3522. AUTOSAR. Unreachable code should not be present in the project.
V3523. AUTOSAR. Functions should not have unused parameters.
V3524. AUTOSAR. The value of uninitialized variable should not be used.
V3525. AUTOSAR. Function with a non-void return type should return a value from all exit paths.
V3526. AUTOSAR. Expression resulting from the macro expansion should be surrounded by parentheses.
V3527. AUTOSAR. The return value of non-void function should be used.
V3528. AUTOSAR. The address of an object with local scope should not be passed out of its scope.
V3529. AUTOSAR. Floating-point values should not be tested for equality or inequality.
V3530. AUTOSAR. Variable should be declared in a scope that minimizes its visibility.
V3531. AUTOSAR. Expressions with enum underlying type should have values corresponding to the enumerators of the enumeration.
V3532. AUTOSAR. Unary minus operator should not be applied to an expression of the unsigned type.
V3533. AUTOSAR. Expression containing increment (++) or decrement (--) should not have other side effects.
V3534. AUTOSAR. Incorrect shifting expression.
V3535. AUTOSAR. Operand of sizeof() operator should not have other side effects.
V3536. AUTOSAR. A pointer/reference parameter in a function should be declared as pointer/reference to const if the corresponding object was not modified.
V3537. AUTOSAR. Subtraction, >, >=, <, <= should be applied only to pointers that address elements of the same array.
V3538. AUTOSAR. The result of an assignment expression should not be used.
V3539. AUTOSAR. Array indexing should be the only form of pointer arithmetic and it should be applied only to objects defined as an array type.
V3540. AUTOSAR. There should be no implicit integral-floating conversion.
V3541. AUTOSAR. A function should not call itself either directly or indirectly.
V3542. AUTOSAR. Constant expression evaluation should not result in an unsigned integer wrap-around.
V3543. AUTOSAR. Cast should not remove 'const' / 'volatile' qualification from the type that is pointed to by a pointer or a reference.
V3544. AUTOSAR. The 'operator &&', 'operator ||', 'operator ,' and the unary 'operator &' should not be overloaded.
V3545. AUTOSAR. Operands of the logical '&&' or the '||' operators, the '!' operator should have 'bool' type.
V3546. AUTOSAR. Conversions between pointers to objects and integer types should not be performed.
V3547. AUTOSAR. Identifiers that start with '__' or '_[A-Z]' are reserved.
V3548. AUTOSAR. Functions should not be declared at block scope.
V3549. AUTOSAR. The global namespace should only contain 'main', namespace declarations and 'extern "C"' declarations.
V3550. AUTOSAR. The identifier 'main' should not be used for a function other than the global function 'main'.
V3551. AUTOSAR. An identifier with array type passed as a function argument should not decay to a pointer.
V3552. AUTOSAR. Cast should not convert a pointer to a function to any other pointer type, including a pointer to function type.
V3553. AUTOSAR. The standard signal handling functions should not be used.
V3554. AUTOSAR. The standard input/output functions should not be used.
V3555. AUTOSAR. The 'static' storage class specifier should be used in all declarations of functions that have internal linkage.
OWASP errors (C++)
V5001. OWASP. It is highly probable that the semicolon ';' is missing after 'return' keyword.
V5002. OWASP. An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.
V5003. OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.
V5004. OWASP. Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
V5005. OWASP. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.
V5006. OWASP. More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.
V5007. OWASP. Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.
V5008. OWASP. Classes should always be derived from std::exception (and alike) as 'public'.
V5009. OWASP. Unchecked tainted data is used in expression.
V5010. OWASP. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.
V5011. OWASP. Possible overflow. Consider casting operands, not the result.
V5012. OWASP. Potentially unsafe double-checked locking.
V5013. OWASP. Storing credentials inside source code can lead to security issues.
OWASP errors (C#)
V5601. OWASP. Storing credentials inside source code can lead to security issues.
V5602. OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.
V5603. OWASP. The original exception object was swallowed. Stack of original exception could be lost.
V5604. OWASP. Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.
V5605. OWASP. Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.
V5606. OWASP. An exception handling block does not contain any code.
V5607. OWASP. Exception classes should be publicly accessible.
V5608. OWASP. Possible SQL injection. Potentially tainted data is used to create SQL command.
V5609. OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path.
V5610. OWASP. Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.
V5611. OWASP. Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.
V5612. OWASP. Do not use old versions of SSL/TLS protocols as it may cause security issues.
V5613. OWASP. Use of outdated cryptographic algorithm is not recommended.
V5614. OWASP. Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.
V5615. OWASP. Potential XEE vulnerability. Insecure XML parser is used to process potentially tainted data.
V5616. OWASP. Possible command injection. Potentially tainted data is used to create OS command.
V5617. OWASP. Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time.
V5618. OWASP. Possible server-side request forgery. Potentially tainted data is used in the URL.
V5619. OWASP. Possible log injection. Potentially tainted data is written into logs.
V5620. OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter.
V5621. OWASP. Error message contains potentially sensitive data that may be exposed.
V5622. OWASP. Possible XPath injection. Potentially tainted data is used in the XPath expression.
V5623. OWASP. Possible open redirect vulnerability. Potentially tainted data is used in the URL.
V5624. OWASP. Use of potentially tainted data in configuration may lead to security issues.
V5625. OWASP. Referenced package contains vulnerability.
V5626. OWASP. Possible ReDoS vulnerability. Potentially tainted data is processed by regular expression that contains an unsafe pattern.
V5627. OWASP. Possible NoSQL injection. Potentially tainted data is used to create query.
V5628. OWASP. Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file.
OWASP errors (Java)
V5301. OWASP. An exception handling block does not contain any code.
V5302. OWASP. Exception classes should be publicly accessible.
V5303. OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.
V5304. OWASP. Unsafe double-checked locking.
V5305. OWASP. Storing credentials inside source code can lead to security issues.
V5306. OWASP. The original exception object was swallowed. Cause of original exception could be lost.
V5307. OWASP. Potentially predictable seed is used in pseudo-random number generator.
V5308. OWASP. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.
Problems related to code analyzer
V001. A code fragment from 'file' cannot be analyzed.
V002. Some diagnostic messages may contain incorrect line number.
V003. Unrecognized error found...
V004. Diagnostics from the 64-bit rule set are not entirely accurate without the appropriate 64-bit compiler. Consider utilizing 64-bit compiler if possible.
V005. Cannot determine active configuration for project. Please check projects and solution configurations.
V006. File cannot be processed. Analysis aborted by timeout.
V007. Deprecated CLR switch was detected. Incorrect diagnostics are possible.
V008. Unable to start the analysis on this file.
V010. Analysis of 'Makefile/Utility' type projects is not supported in this tool. Use direct analyzer integration or compiler monitoring instead.
V011. Presence of #line directives may cause some diagnostic messages to have incorrect file name and line number.
V012. Some warnings could have been disabled.
V013. Intermodular analysis may be incomplete, as it is not run on all source files.
V014. The version of your suppress file is outdated. Appending new suppressed messages to it is not possible. Consider re-generating your suppress file to continue updating it.
V015. All analyzer messages were filtered out or marked as false positive. Use filter buttons or 'Don't Check Files' settings to enable message display.
V016. User annotation was not applied to a virtual function. To force the annotation, use the 'enable_on_virtual' flag.
V017. The analyzer terminated abnormally due to lack of memory.
V018. False Alarm marks without hash codes were ignored because the 'V_HASH_ONLY' option is enabled.
V019. Error occurred while working with the user annotation mechanism.
V020. Error occurred while working with rules configuration files.
V051. Some of the references in project are missing or incorrect. The analysis results could be incomplete. Consider making the project fully compilable and building it before analysis.
V052. A critical error had occurred.
V061. An error has occurred.
V062. Failed to run analyzer core. Make sure the correct 64-bit Java 11 or higher executable is used, or specify it manually.
V063. Analysis aborted by timeout.
Additional information
Credits and acknowledgements
toggle menu Contents
Oct 02 2024

Annotating C# entities in JSON format

Oct 02 2024

Note. Currently, the C# analyzer supports annotations only for taint analysis. User annotations for general purposes will be supported later.

Ways to register the annotation file

You can learn more about how to enable the annotation file in this documentation.

Structure of the annotation file

The file content is a JSON object consisting of three mandatory fields: language, version, and annotations.

The language field must receive the value 'csharp'. The version field takes an integer-type value and specifies the version of the mechanism. Depending on the value, the markup file can be processed differently. Currently, only the value 1 is supported.

The annotations field is an array of "annotation" objects:

{
  "language": "csharp",
  "version": 1,
  "annotations":
  [
    {
      ...
    },
    {
      ...
    }
  ]
}

Annotations can be of three types:

  • method annotations
  • constructor annotations
  • property annotations.

Annotations for taint analysis

The PVS-Studio analyzer provides a range of annotations for taint analysis, which can be used to track taint sources and sinks. It is also possible to mark up methods/constructors that validate tainted data. Therefore, if the tainted data has been validated, the analyzer will not issue a warning when the data reaches the sink.

A different diagnostic rule is used to handle each type of vulnerability. At the moment, the analyzer provides the following diagnostic rules for identifying tainted data:

  • V5608 — SQL injection
  • V5609 — Path traversal vulnerability
  • V5610 — XSS vulnerability
  • V5611 — Insecure deserialization vulnerability
  • V5614 — XXE vulnerability
  • V5615 — XEE vulnerability
  • V5616 — Command injection
  • V5618 — Server-side request forgery
  • V5619 — Log injection
  • V5620 — LDAP injection
  • V5622 — XPath injection
  • V5623 — Open redirect vulnerability
  • V5624 — Configuration vulnerability
  • V5626 — ReDoS vulnerability
  • V5627 — NoSQL injection
  • V5628 — Zip Slip vulnerability.

How taint annotations operate

Each diagnostic rule has special annotations to mark taint sinks and methods/constructors that validate tainted data.

As for taint data sources, they are common to all diagnostic rules. However, such data can also be annotated.

Note: The attributes for taint annotations are detailed in the following documentation sections.

It's important to note that, in addition to user annotations, the analyzer already provides a range of taint annotations for various libraries. To give an example, passing the result of the System.Console.ReadLine method to the System.Data.SqlClient.SqlCommand constructor can potentially lead to SQL injection. The analyzer provides annotations that indicate System.Console.ReadLine as a source of tainted data and System.Data.SqlClient.SqlCommand as a sink where this tainted data could lead to SQL injection.

Thus, if we annotate the source of tainted data, the analyzer will recognize its exposure to existing sinks, and vice versa. If the sink is annotated, the analyzer will issue a warning when it encounters previously marked tainted data sources, such as System.Console.ReadLine.

Method annotations

Note: The method annotation object must contain at least one optional field.

The method annotation object consists of the following fields:

The "type" field

The mandatory field. It takes a string with the method value.

The "namespace_name" field

The mandatory field. It takes a string specifying the name of the namespace that contains the method.

The "type_name" field

The mandatory field. It takes a string specifying the name of the class where the method is defined.

The "method_name" field

The mandatory field. It takes a string with the name of the method.

The "attributes" field

The optional field. The array of strings that specifies the properties of an entity.

Possible method attributes

#

Attribute name

Attribute description

1

not_apply_to_child_class

The annotation is not applied when the annotated method is called on an object of a child class.

2

caller_is_xml_parser

The object calling the method is an XML parser, which could be vulnerable (V5614, V5615).

The "params" field

The optional field. This field is described in the "Parameter annotations" section.

The "returns" field

Note. The return value annotation object must either include both the 'namespace_name' and 'type_name' fields or have both fields absent (or set to null). If both fields are absent, the type of the return value will not be considered when selecting an annotation.

The optional field. The return value object consists of the following fields:

The "namespace_name" field

The optional field. It takes a string specifying the name of the namespace that contains the type of the method return value.

The "type_name" field

The optional field. It takes a string specifying the name of the class where the type of the method return value is defined.

The "attributes" field

The optional field. The array of strings that specifies the properties of the method return value.

Possible return value attributes

#

Attribute name

Attribute description

1

not_apply_to_child_class

The annotation does not apply to the method if its return value type is a child of the annotated type.

2

always_taint

The method returns tainted data.

3

transfer_annotations_from_caller

If the caller object has an annotation, it will be propagated to the method return value.

Constructor annotations

Note. The constructor annotation object must include at least one optional field.

The constructor annotation object consists of the following fields:

The "type" field

The mandatory field. It takes a string with the ctor value.

The "namespace_name" field

The mandatory field. It takes a string specifying the name of the namespace that contains the constructor.

The "type_name" field

The mandatory field. It takes a string specifying the name of the class where the constructor is defined.

The "attributes" field

The optional field. The array of strings that specifies the properties of an entity.

Possible attributes for constructors

#

Attribute name

Attribute description

1

not_apply_to_child_class

The annotation does not apply to child implementations of the annotated constructor.

2

create_taint_object

The object created by the constructor is taint.

The "params" field

The optional field. This field is described in the "Parameter annotations" section.

Property annotations

The property annotation object consists of the following fields:

The "type" field

The mandatory field. It takes a string with the property value.

The "namespace_name" field

The mandatory field. It takes a string specifying the name of the namespace that contains the property.

The "type_name" field

The mandatory field. It takes a string specifying the name of the class where the property is defined.

The "attributes" field

The optional field. The array of strings that specifies the properties of an entity.

Possible property attributes

Note: Each taint sink attribute has a link to the diagnostic rule.

#

Attribute name

Attribute description

1

not_apply_to_child_class

The annotation does not apply when accessing the annotated property of a child class object.

2

transfer_annotation_to_return_value

If the caller object has an annotation, it will be propagated to the return value.

3

transfer_annotation_to_caller

When a value is assigned to a property, the annotations of that value are applied to the property object that calls it.

4

return_taint

The property returns tainted data.

5

sql_injection_target

Writing tainted data to this property leads to SQL injection (V5608).

6

path_traversal_target

Writing tainted data to this property leads to a path traversal vulnerability (V5609).

7

xss_injection_target

Writing tainted data to this property leads to XSS injection (V5610).

8

insecure_deserialization_target

Writing tainted data to this property leads to insecure deserialization (V5611).

9

command_injection_target

Writing tainted data to this property leads to command injection (V5616).

10

ssrf_target

Writing tainted data to this property leads to server-side request forgery (V5618).

11

log_injection_target

Writing tainted data to this property leads to log injection (V5619).

12

ldapi_injection_target

Writing tainted data to this property leads to LDAP injection (V5620).

13

xpath_injection_target

Writing tainted data to this property leads to XPath injection (V5622).

14

open_redirect_target

Writing tainted data to this property leads to an open redirect vulnerability (V5623).

15

configuration_attack_target

Writing tainted data to this property leads to a configuration attack (5624).

16

nosql_injection_target

Writing tainted data to this property leads to NoSQL injection (5627).

17

redos_target

Writing tainted data to this property leads to a ReDoS (V5626).

18

zipslip_target

Writing tainted data to this property leads to a Zip Slip vulnerability (V5628).

Parameter annotations

Note 1. A parameter annotation object can only reside in the 'params' array, method annotation object or constructor.

Note 2. The parameter annotation object must either contain the 'namespace_name' and 'type_name' fields, or both fields must be absent (or set to null).

The parameter annotation object consists of the following fields:

The "namespace_name" field

The mandatory field. It takes a string specifying the name of the namespace that contains the parameter type.

The "type_name" field

The mandatory field. It takes a string specifying the name of the class where the parameter type is defined.

The "attributes" field

The optional field. The array of strings that specifies the properties of an entity.

Possible parameter attributes

Note. Each taint sink and taint validation attribute have a link to the diagnostic rule.

#

Attribute name

Attribute description

1

ignore_current_and_next

The current and next parameters will not be considered when selecting the annotation; only the last argument can have this annotation.

2

transfer_annotation_to_return_value

If the parameter has an annotation, it will be propagated to the method return value.

3

object_creation_infector

Tainting of a newly created object occurs through this parameter (applicable only for constructors).

4

sql_injection_target

Passing tainted data to this parameter leads to SQL injection (V5608).

5

sql_injection_validation

Calling the method resets the SQL injection taint status for this parameter (V5608).

6

path_traversal_target

Passing tainted data to this parameter leads to a path traversal vulnerability (V5609).

7

path_traversal_validation

Calling the method resets the path traversal taint status for this parameter (V5609).

8

xss_injection_target

Passing tainted data to this parameter leads to XSS Injection (V5610).

9

xss_injection_validation

Calling the method resets the XSS Injection taint status for this parameter (V5610).

10

insecure_deserialization_target

Passing tainted data to this parameter leads to insecure deserialization (V5611).

11

insecure_deserialization_validation

Calling the method resets the insecure deserialization taint status for this parameter (V5611).

12

command_injection_target

Passing tainted data to this parameter leads to command injection (V5616).

13

command_injection_validation

Calling the method resets the command injection taint status for this parameter (V5616).

14

xml_source_to_parse

The parameter is the XML source that will be parsed. It can be the XML file itself, the path to the file, the XML file stream, a parser that includes the XML file stream, and so on (V5614, V5615).

15

transfer_xml_settings_to_return

It passes the XML parser settings from this argument to the return value (V5614, V5615).

16

ssrf_target

Passing tainted data to this parameter leads to server-side request forgery (V5618).

17

ssrf_validation

Calling the method resets the server-side request forgery taint status for this parameter (V5618).

18

log_injection_target

Passing tainted data to this parameter leads to log injection (V5619).

19

log_injection_validation

Calling the method resets the log injection taint status for this parameter (V5619).

20

ldapi_injection_target

Passing tainted data to this parameter leads to LDAP injection (V5620).

21

ldapi_injection_validation

Calling the method resets the LDAP injection taint status for this parameter (V5620).

22

xpath_injection_target

Passing tainted data to this parameter leads to XPath injection (V5622).

23

xpath_injection_validation

Calling the method resets the XPath injection taint status for this parameter (V5622).

24

open_redirect_target

Passing tainted data to this parameter leads to an open redirect vulnerability (V5623).

25

open_redirect_validation

Calling the method resets the open redirect taint status for this parameter (V5623).

26

configuration_attack_target

Passing tainted data to this parameter leads to a configuration attack (5624).

27

configuration_attack_validation

Calling the method resets the configuration attack taint status for this parameter (5624).

28

nosql_injection_target

Passing tainted data to this parameter leads to NoSQL injection (5627).

29

nosql_injection_validation

Calling the method resets the NoSQL injection taint status for this parameter (V5627).

30

redos_target

A string that is parsed using a regular expression. Passing tainted data to this parameter leads to a ReDoS (V5626).

31

redos_validation

Calling the method resets the ReDoS taint status for this parameter (V5626).

32

zipslip_target

A string that can be used as a path to extract a file from the archive. Passing tainted data to this parameter leads to a Zip Slip vulnerability (V5628).

33

zipslip_validation

Calling the method resets the Zip Slip taint status for this parameter (V5628).

34

regex

The parameter is a regular expression.

Ignoring the parameter type

To ignore the type of a parameter, do not specify the 'namespace_name' and 'type_name', or set both fields to null.

JSON Schema

JSON Schema is included in the distribution kit or can be accessed via the link.

Examples:

Method annotation

Look at the method: 

namespace MyNamespace
{
  public class MyClass
  {
    public string GetUserInput()
    {
      ....
    }
  }
}

Assume this method returns user input that may include tainted data. An annotation explaining this for the analyzer would be as follows: 

{
  "version": 1,
  "language": "csharp",
  "annotations": [
    {
      "type": "method",
      "namespace_name": "MyNamespace",
      "type_name": "MyClass",
      "method_name": "GetUserInput",
      "returns": {
        "attributes": [ "always_taint" ]
      }
    }
  ]
}

Constructor annotation

Look at the constructor: 

namespace MyNamespace
{
  public class MyClass
  {
    public MyClass()
    {
      ....
    }
  }
}

Assume this constructor creates an object that may contain tainted data. An annotation explaining this for the analyzer would be as follows: 

{
  "version": 1,
  "language": "csharp",
  "annotations": [
    {
      "type": "ctor",
      "namespace_name": "MyNamespace",
      "type_name": "MyClass",
      "attributes": [ "create_taint_object" ]
    }
  ]
}

Property annotation

Look at the property: 

namespace MyNamespace
{
  public class MyClass
  {
    public string UserInput 
    {
      get
      {
        ....
      }
    }
  }
}

Assume this property returns user input that may include tainted data. An annotation explaining this for the analyzer would be as follows: 

{
  "version": 1,
  "language": "csharp",
  "annotations": [
    {
      "type": "property",
      "namespace_name": "MyNamespace",
      "type_name": "MyClass",
      "property_name": "UserInput",
      "attributes": [ "return_taint" ]
    }
  ]
}

Annotation for a method/constructor where the parameter type is disregarded

Note. A method annotation is provided as an example. We can ignore the parameter type in the same way by not specifying 'type_name' and 'namespace_name' in the parameter annotation.

Here are two overloads of the 'GetUserInput' method: 

namespace MyNamespace
{
  public class MyClass
  {
    public string GetUserInput(string str)
    {
      ....
    }

    public string GetUserInput(int index)
    {
      ....
    }
  }
}

Assume this method returns user input that may include tainted data, regardless of the parameter type. An annotation explaining this for the analyzer would be as follows: 

{
  "version": 1,
  "language": "csharp",
  "annotations": [
    {
      "type": "method",
      "namespace_name": "MyNamespace",
      "type_name": "MyClass",
      "method_name": "GetUserInput",
      "params": [
        { }
      ],
      "returns": {
        "attributes": [ "always_taint" ]
      }
    }
  ]
}

In this case, there is no annotation for the first parameter. Additionally, when selecting a method annotation, the type of the first parameter is not important. As a result, the parameter annotation is represented by an empty object.

Annotation for a method or constructor that disregards certain parameters

Note. A method annotation is provided as an example. We can ignore the parameter type in the same way by using the 'ignore_current_and_next' annotation.

Here are two overloads of the 'GetUserInput' method: 

namespace MyNamespace
{
  public class MyClass
  {
    public string GetUserInput(string str)
    {
      ....
    }

    public string GetUserInput(string str, bool flag1, bool flag2)
    {
      ....
    }
  }
}

Assume this method returns user input that may contain tainted data when an overload with one or more parameters. Additionally, if tainted data is passed to the first parameter, it will result in SQL injection. An annotation explaining this for the analyzer would be as follows: 

{
  "version": 1,
  "language": "csharp",
  "annotations": [
    {
      "type": "method",
      "namespace_name": "MyNamespace",
      "type_name": "MyClass",
      "method_name": "GetUserInput",
      "params": [
        {
          "namespace_name": "System",
          "type_name": "String",
          "attributes": [ "sql_injection_target" ]
        },
        {
          "attributes": [ "ignore_current_and_next" ]
        }
      ],
      "returns": {
        "attributes": [ "always_taint" ]
      }
    }
  ]
}

There is the 'ignore_current_and_next' annotation for the second parameter. It enables us to disregard the number of parameters (including the annotated one) when processing the annotation.

Was this page helpful?

< Previous
Next >