Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à


Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to the OWASP Application Security Verification Standard (ASVS)

The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications.

C/C++ warnings

Error Code

Error Description

Mapping

V5001

It is highly probable that the semicolon ';' is missing after 'return' keyword.

OWASP-11.1.1

V5002

An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.

OWASP-7.4.2

V5003

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5004

Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

OWASP-5.4.3

V5005

A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

OWASP-5.4.3

V5006

More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

OWASP-5.4.3

V5007

Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.

OWASP-5.4.3

V5008

Classes should always be derived from std::exception (and alike) as 'public'.

OWASP-7.4.2

V5009

Unchecked tainted data is used in expression.

OWASP-5.1.3, OWASP-5.2.2, OWASP-5.3.8, OWASP-5.4.2

V5010

The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

OWASP-5.4.3

V5011

Possible overflow. Consider casting operands, not the result.

OWASP-5.4.3

V5012

Potentially unsafe double-checked locking.

OWASP-11.1.6, OWASP-1.11.3

V5013

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

C# warnings

Error Code

Error Description

Mapping

V5601

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

V5602

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5603

The original exception object was swallowed. Stack of original exception could be lost.

OWASP-11.1.8

V5604

Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

OWASP-11.1.6, OWASP-1.11.3

V5605

Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

OWASP-1.11.3, OWASP-11.1.6

V5606

An exception handling block does not contain any code.

OWASP-7.4.2

V5607

Exception classes should be publicly accessible.

OWASP-7.4.2

V5608

Possible SQL injection. Potentially tainted data is used to create SQL command.

OWASP-5.3.4, OWASP-5.3.5

V5609

Possible path traversal vulnerability. Potentially tainted data is used as a path.

OWASP-12.3.1

V5610

Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.

OWASP-5.3.3

V5611

Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

OWASP-1.5.2, OWASP-5.5.3

V5612

Do not use old versions of SSL/TLS protocols as it may cause security issues.

OWASP-9.1.3

V5613

Use of outdated cryptographic algorithm is not recommended.

OWASP-2.9.3, OWASP-8.3.7

V5614

Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.

OWASP-5.5.2

V5616

Possible command injection. Potentially tainted data is used to create OS command.

OWASP-5.3.8

V5617

Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time.

OWASP-3.3.2

V5618

Possible server-side request forgery. Potentially tainted data is used in the URL.

OWASP-5.2.6, OWASP-12.6.1

V5619

Possible log injection. Potentially tainted data is written into logs.

OWASP-7.3.1

V5620

Possible LDAP injection. Potentially tainted data is used in a search filter.

OWASP-5.3.7

V5621

Error message contains potentially sensitive data that may be exposed.

OWASP-8.3.5

V5622

Possible XPath injection. Potentially tainted data is used in the XPath expression.

OWASP-5.3.10

V5623

Possible open redirect vulnerability. Potentially tainted data is used in the URL.

OWASP-5.1.5

V5625

Referenced package contains vulnerability.

OWASP-9.1.3

Java warnings

Error Code

Error Description

Mapping

V5301

An exception handling block does not contain any code.

OWASP-7.4.2

V5302

Exception classes should be publicly accessible.

OWASP-7.4.2

V5303

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5304

Unsafe double-checked locking.

OWASP-1.11.3

V5305

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter