Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter
to the top
close form

Remplissez le formulaire ci‑dessous en 2 étapes simples :

Vos coordonnées :

Étape 1
Félicitations ! Voici votre code promo !

Type de licence souhaité :

Étape 2
Team license
Enterprise licence
** En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité
close form
Demandez des tarifs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
La licence PVS‑Studio gratuit pour les spécialistes Microsoft MVP
close form
Pour obtenir la licence de votre projet open source, s’il vous plait rempliez ce formulaire
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
I am interested to try it on the platforms:
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
check circle
Votre message a été envoyé.

Nous vous répondrons à


Si l'e-mail n'apparaît pas dans votre boîte de réception, recherchez-le dans l'un des dossiers suivants:

  • Promotion
  • Notifications
  • Spam

Webinar: Evaluation - 05.12

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to the OWASP Application Security Verification Standard (ASVS)

The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications.

C/C++ warnings

Error Code

Error Description

Mapping

V5001

It is highly probable that the semicolon ';' is missing after 'return' keyword.

OWASP-11.1.1

V5002

An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.

OWASP-7.4.2

V5003

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5004

Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

OWASP-5.4.3

V5005

A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

OWASP-5.4.3

V5006

More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

OWASP-5.4.3

V5007

Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.

OWASP-5.4.3

V5008

Classes should always be derived from std::exception (and alike) as 'public'.

OWASP-7.4.2

V5009

Unchecked tainted data is used in expression.

OWASP-5.1.3, OWASP-5.2.2, OWASP-5.3.8, OWASP-5.4.2

V5010

The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

OWASP-5.4.3

V5011

Possible overflow. Consider casting operands, not the result.

OWASP-5.4.3

V5012

Potentially unsafe double-checked locking.

OWASP-1.11.3, OWASP-11.1.6

V5013

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

V5014

Cryptographic function is deprecated. Its use can lead to security issues. Consider switching to an equivalent newer function.

OWASP-6.2.2

C# warnings

Error Code

Error Description

Mapping

V5601

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

V5602

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5603

The original exception object was swallowed. Stack of original exception could be lost.

OWASP-11.1.8

V5604

Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

OWASP-1.11.3, OWASP-11.1.6

V5605

Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

OWASP-1.11.3, OWASP-11.1.6

V5606

An exception handling block does not contain any code.

OWASP-7.4.2

V5607

Exception classes should be publicly accessible.

OWASP-7.4.2

V5608

Possible SQL injection. Potentially tainted data is used to create SQL command.

OWASP-5.3.4, OWASP-5.3.5

V5609

Possible path traversal vulnerability. Potentially tainted data is used as a path.

OWASP-12.3.1

V5610

Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.

OWASP-5.3.3

V5611

Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

OWASP-1.5.2, OWASP-5.5.3

V5612

Do not use old versions of SSL/TLS protocols as it may cause security issues.

OWASP-9.1.3

V5613

Use of outdated cryptographic algorithm is not recommended.

OWASP-2.9.3, OWASP-8.3.7

V5614

Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.

OWASP-5.5.2

V5616

Possible command injection. Potentially tainted data is used to create OS command.

OWASP-5.3.8

V5617

Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time.

OWASP-3.3.2

V5618

Possible server-side request forgery. Potentially tainted data is used in the URL.

OWASP-12.6.1, OWASP-5.2.6

V5619

Possible log injection. Potentially tainted data is written into logs.

OWASP-7.3.1

V5620

Possible LDAP injection. Potentially tainted data is used in a search filter.

OWASP-5.3.7

V5621

Error message contains potentially sensitive data that may be exposed.

OWASP-8.3.5

V5622

Possible XPath injection. Potentially tainted data is used in the XPath expression.

OWASP-5.3.10

V5623

Possible open redirect vulnerability. Potentially tainted data is used in the URL.

OWASP-5.1.5

V5625

Referenced package contains vulnerability.

OWASP-9.1.3

V5627

Possible NoSQL injection. Potentially tainted data is used to create query.

OWASP-5.3.4

V5628

Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file.

OWASP-5.1.4

Java warnings

Error Code

Error Description

Mapping

V5301

An exception handling block does not contain any code.

OWASP-7.4.2

V5302

Exception classes should be publicly accessible.

OWASP-7.4.2

V5303

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5304

Unsafe double-checked locking.

OWASP-1.11.3

V5305

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

V5306

The original exception object was swallowed. Cause of original exception could be lost.

OWASP-11.1.8

V5307

Potentially predictable seed is used in pseudo-random number generator.

OWASP-6.3.1

V5308

Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.

OWASP-5.4.3