Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter
to the top
>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to OWASP Top 10 Web Application Security Risks

OWASP Top 10 is the rating of ten most critical web application security risks that is based on a general consensus of security experts from around the world. The ranking in the rating is based on severity of listed potential security threats, the frequency of these threats and on the magnitude of potential damage that they can inflict. The goal of OWASP Top 10 project is to provide developers and security specialists with information that can help them identify, counteract and promptly rectify security risks to the applications they are developing.

Every few years OWASP Top 10 rating is updated to reflect the most relevant application security threats. PVS-Studio classifies its diagnostic rules in accordance with OWASP Top 10 version 2021.

PVS-Studio has diagnostic rules for detecting 10/10 (100%) of the listed categories of vulnerabilities.

Category

CWE

Rules

A01.Broken Access Control Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.

CWE-22, CWE-23, CWE-35, CWE-59, CWE-200, CWE-201, CWE-219, CWE-264, CWE-275, CWE-276, CWE-284, CWE-285, CWE-352, CWE-359, CWE-377, CWE-402, CWE-425, CWE-441, CWE-497, CWE-538, CWE-540, CWE-548, CWE-552, CWE-566, CWE-601, CWE-639, CWE-651, CWE-668, CWE-706, CWE-862, CWE-863, CWE-913, CWE-922, CWE-1275

V5609 - Possible path traversal vulnerability. Potentially tainted data is used as a path. - CWE-22

V5623 - Possible open redirect vulnerability. Potentially tainted data is used in the URL. - CWE-601

A02.Cryptographic Failures Data in transit and at rest — such as passwords, credit card numbers, health records, personal information, and business secrets — require extra protection due to the potential for cryptographic failures (sensitive data exposures). This is especially true if the data falls under any of the privacy laws such as GDPR, CCPA, and others.

CWE-261, CWE-296, CWE-310, CWE-319, CWE-321, CWE-322, CWE-323, CWE-324, CWE-325, CWE-326, CWE-327, CWE-328, CWE-329, CWE-330, CWE-331, CWE-335, CWE-336, CWE-337, CWE-338, CWE-340, CWE-347, CWE-523, CWE-720, CWE-757, CWE-759, CWE-760, CWE-780, CWE-818, CWE-916

V1057 - Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time. - CWE-337

V5014 - Cryptographic function is deprecated. Its use can lead to security issues. Consider switching to an equivalent newer function. - CWE-327

V5307 - Potentially predictable seed is used in pseudo-random number generator. - CWE-337,CWE-336

V5612 - Do not use old versions of SSL/TLS protocols as it may cause security issues. - CWE-326

V5613 - Use of outdated cryptographic algorithm is not recommended. - CWE-327,CWE-328

V6109 - Potentially predictable seed is used in pseudo-random number generator. - CWE-337,CWE-336

A03.Injection Injection vulnerabilities can occur when a query or command is used to insert untrusted data into the interpreter via SQL, OS, NoSQL, or LDAP injection. The hostile data injected through this attack vector tricks the interpreter to make the application do something it was not designed for, such as generating unintended commands or accessing data without proper authentication.

CWE-20, CWE-74, CWE-75, CWE-77, CWE-78, CWE-79, CWE-80, CWE-83, CWE-87, CWE-88, CWE-89, CWE-90, CWE-91, CWE-93, CWE-94, CWE-95, CWE-96, CWE-97, CWE-98, CWE-99, CWE-100, CWE-113, CWE-116, CWE-138, CWE-184, CWE-470, CWE-471, CWE-564, CWE-610, CWE-643, CWE-644, CWE-652, CWE-917

V739 - EOF should not be compared with a value of the 'char' type. Consider using the 'int' type. - CWE-20

V1024 - Potential use of invalid data. The stream is checked for EOF before reading from it but is not checked after reading. - CWE-20

V1076 - Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor. - CWE-94

V1111 - The index was used without check after it was checked in previous lines. - CWE-20

V5309 - Possible SQL injection. Potentially tainted data is used to create SQL command. - CWE-89

V5608 - Possible SQL injection. Potentially tainted data is used to create SQL command. - CWE-89

V5610 - Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script. - CWE-79

V5616 - Possible command injection. Potentially tainted data is used to create OS command. - CWE-77,CWE-78,CWE-88

V5620 - Possible LDAP injection. Potentially tainted data is used in a search filter. - CWE-90

V5622 - Possible XPath injection. Potentially tainted data is used in the XPath expression. - CWE-643

V5628 - Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file. - CWE-22,CWE-99

A04.Insecure Design Insecure design is a wide term that encompasses a variety of flaws and is defined as "missing or poor control design". Threat modeling, secure design patterns, and reference architectures are among the new categories for 2021, with a demand for increasing the usage of threat modeling, safe design patterns, and reference architectures.

CWE-73, CWE-183, CWE-209, CWE-213, CWE-235, CWE-256, CWE-257, CWE-266, CWE-269, CWE-280, CWE-311, CWE-312, CWE-313, CWE-316, CWE-419, CWE-430, CWE-434, CWE-444, CWE-451, CWE-472, CWE-501, CWE-522, CWE-525, CWE-539, CWE-579, CWE-598, CWE-602, CWE-642, CWE-646, CWE-650, CWE-653, CWE-656, CWE-657, CWE-799, CWE-807, CWE-840, CWE-841, CWE-927, CWE-1021, CWE-1173

V504 - Semicolon ';' is probably missing after the 'return' keyword. - CWE-841

V5001 - It is highly probable that the semicolon ';' is missing after 'return' keyword. - CWE-841

V5621 - Error message contains potentially sensitive data that may be exposed. - CWE-209

A05.Security Misconfiguration Gartner estimates that up to 95% of cloud breaches are the result of human errors. Security setting misconfigurations are one of the prime drivers of that statistic, with OWASP noting that, of the top ten, this vulnerability is the most common. There are many types of misconfiguration that expose the company to cybersecurity risk, including accepting default settings that are insecure, overly accessible cloud storage resources, incomplete configurations, misconfigured HTTP headers, verbose error messages that contain sensitive information.

CWE-2, CWE-11, CWE-13, CWE-15, CWE-16, CWE-260, CWE-315, CWE-520, CWE-526, CWE-537, CWE-541, CWE-547, CWE-611, CWE-614, CWE-756, CWE-776, CWE-942, CWE-1004, CWE-1032, CWE-1174

V624 - Use of constant NN. The resulting value may be inaccurate. Consider using the M_NN constant from <math.h>. - CWE-547

V5614 - Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data. - CWE-611

V5615 - Potential XEE vulnerability. Insecure XML parser is used to process potentially tainted data. - CWE-776

V5624 - Use of potentially tainted data in configuration may lead to security issues. - CWE-15

V6107 - The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant. - CWE-547

A06.Vulnerable and Outdated Components Modern distributed web applications often incorporate open source components such as libraries and frameworks. Any component with a known vulnerability becomes a weak link that can impact the security of the entire application. Although the use of open source components with known vulnerabilities ranks low in terms of security problem severity, it is #1 when ranking the OWASP Top 10 by how often a vulnerability was the root cause of an actual data breach.

CWE-937, CWE-1035, CWE-1104

V5625 - Referenced package contains vulnerability. - CWE-1035

A07.Identification and Authentication Failures When applications incorrectly execute functions related to session management or user authentication, intruders may be able to compromise passwords, security keys, or session tokens and permanently or temporarily assume the identities and permissions of other users. This vulnerability poses a grave threat to the security of the application and the resources it accesses and can also severely compromise other assets connected to the same network.

CWE-255, CWE-259, CWE-287, CWE-288, CWE-290, CWE-294, CWE-295, CWE-297, CWE-300, CWE-302, CWE-304, CWE-306, CWE-307, CWE-346, CWE-384, CWE-521, CWE-613, CWE-620, CWE-640, CWE-798, CWE-940, CWE-1216

V5013 - Storing credentials inside source code can lead to security issues. - CWE-798,CWE-259

V5305 - Storing credentials inside source code can lead to security issues. - CWE-798,CWE-259

V5601 - Storing credentials inside source code can lead to security issues. - CWE-798,CWE-259

V5617 - Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time. - CWE-613

A08.Software and Data Integrity Failures Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. An example of this is where an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs). An insecure CI/CD pipeline can introduce the potential for unauthorized access, malicious code, or system compromise.

CWE-345, CWE-353, CWE-426, CWE-494, CWE-502, CWE-565, CWE-784, CWE-829, CWE-830, CWE-915

V5611 - Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization. - CWE-502

A09.Security Logging and Monitoring Failures This category is to help detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected. Studies indicate that the time from attack to detection can take up to 200 days, and often longer. This window gives cyber thieves plenty of time to tamper with servers, corrupt databases, steal confidential information, and plant malicious code.

CWE-117, CWE-223, CWE-532, CWE-778

V1116 - Creating an exception object without an explanatory message may result in insufficient logging. - CWE-778

V5619 - Possible log injection. Potentially tainted data is written into logs. - CWE-117

A10.Server Side Request Forgery (SSRF) SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).

CWE-918

V5618 - Possible server-side request forgery. Potentially tainted data is used in the URL. - CWE-918

close form

Remplissez le formulaire ci‑dessous en 2 étapes simples :

Vos coordonnées :

Étape 1
Félicitations ! Voici votre code promo !

Type de licence souhaité :

Étape 2
Team license
Enterprise licence
** En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité
close form
Demandez des tarifs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
La licence PVS‑Studio gratuit pour les spécialistes Microsoft MVP
close form
Pour obtenir la licence de votre projet open source, s’il vous plait rempliez ce formulaire
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
I am interested to try it on the platforms:
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
check circle
Votre message a été envoyé.

Nous vous répondrons à


Si l'e-mail n'apparaît pas dans votre boîte de réception, recherchez-le dans l'un des dossiers suivants:

  • Promotion
  • Notifications
  • Spam