To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to the OWASP Application Security Verification Standard (ASVS)

The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications.

C/C++ warnings

Error Code

Error Description

Mapping

V5001

It is highly probable that the semicolon ';' is missing after 'return' keyword.

OWASP-11.1.1

V5002

An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.

OWASP-7.4.2

V5003

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5004

Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

OWASP-5.4.3

V5005

A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

OWASP-5.4.3

V5006

More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

OWASP-5.4.3

V5007

Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.

OWASP-5.4.3

V5008

Classes should always be derived from std::exception (and alike) as 'public'.

OWASP-7.4.2

V5009

Unchecked tainted data is used in expression.

OWASP-5.1.3, OWASP-5.2.2, OWASP-5.3.8, OWASP-5.4.2

V5010

The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

OWASP-5.4.3

V5011

Possible overflow. Consider casting operands, not the result.

OWASP-5.4.3

V5012

Potentially unsafe double-checked locking.

OWASP-11.1.6, OWASP-1.11.3

V5013

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

C# warnings

Error Code

Error Description

Mapping

V5601

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

V5602

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5603

The original exception object was swallowed. Stack of original exception could be lost.

OWASP-11.1.8

V5604

Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

OWASP-11.1.6, OWASP-1.11.3

V5605

Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

OWASP-1.11.3, OWASP-11.1.6

V5606

An exception handling block does not contain any code.

OWASP-7.4.2

V5607

Exception classes should be publicly accessible.

OWASP-7.4.2

V5608

Possible SQL injection. Potentially tainted data is used to create SQL command.

OWASP-5.3.4, OWASP-5.3.5

V5609

Possible path traversal vulnerability. Potentially tainted data is used as a path.

OWASP-12.3.1

V5610

Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.

OWASP-5.3.3

V5611

Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

OWASP-1.5.2, OWASP-5.5.3

V5612

Do not use old versions of SSL/TLS protocols as it may cause security issues.

OWASP-9.1.3

V5613

Use of outdated cryptographic algorithm is not recommended.

OWASP-2.9.3, OWASP-8.3.7

V5614

Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.

OWASP-5.5.2

V5616

Possible command injection. Potentially tainted data is used to create OS command.

OWASP-5.3.8

Java warnings

Error Code

Error Description

Mapping

V5301

An exception handling block does not contain any code.

OWASP-7.4.2

V5302

Exception classes should be publicly accessible.

OWASP-7.4.2

V5303

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5304

Unsafe double-checked locking.

OWASP-1.11.3

V5305

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept