Classification of PVS-Studio warnings according to CWE Top 25 Most Dangerous Software Weaknesses
CWE Top 25 Most Dangerous Software Weaknesses is a list of the most dangerous and common software weaknesses. These software weaknesses are dangerous because someone can easily find and exploit them. Attackers can use them to disrupt the application's operation, steal data or even completely take over a system. CWE Top 25 Most Dangerous Software Weaknesses is a significant community resource. It helps developers, testers, users, project managers, security researchers and teachers. They use this list to get an idea of the most common and dangerous security defects now.
Below is a table of correspondence between the CWE Top 25 Most Dangerous Software Weaknesses 2021 list and the PVS-Studio diagnostics, divided by programming languages.
# |
CWE ID |
Name |
PVS-Studio Diagnostics |
---|---|---|---|
1 |
Out-of-bounds Write |
|
|
2 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
C#: V5610 |
|
3 |
Out-of-bounds Read |
|
|
4 |
Improper Input Validation |
|
|
5 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
|
6 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
C#: V5608 |
|
7 |
Use After Free |
|
|
8 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
C#: V5609 |
|
9 |
Cross-Site Request Forgery (CSRF) |
Coming in the future. |
|
10 |
Unrestricted Upload of File with Dangerous Type |
Coming in the future. |
|
11 |
Missing Authentication for Critical Function |
Coming in the future. |
|
12 |
Integer Overflow or Wraparound |
C++: V629, V658, V673, V683, V1026, V1028, V1081, V1083, V1085, V5004, V5005, V5006, V5007, V5010, V5011 |
|
13 |
Deserialization of Untrusted Data |
C#: V5611 |
|
14 |
Improper Authentication |
Coming in the future. |
|
15 |
NULL Pointer Dereference |
C++: V522, V595, V664, V713, V1004 |
|
16 |
Use of Hard-coded Credentials |
|
|
17 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
|
18 |
Missing Authorization |
Coming in the future. |
|
19 |
Incorrect Default Permissions |
Coming in the future. |
|
20 |
Exposure of Sensitive Information to an Unauthorized Actor |
Coming in the future. |
|
21 |
Insufficiently Protected Credentials |
Coming in the future. |
|
22 |
Incorrect Permission Assignment for Critical Resource |
Coming in the future. |
|
23 |
Improper Restriction of XML External Entity Reference |
C#: V5614 |
|
24 |
Server-Side Request Forgery (SSRF) |
C#: V5618 |
|
25 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
C#: V5616 |