metrica
Мы используем куки, чтобы пользоваться сайтом было удобно.
Хорошо
to the top
close form

Заполните форму в два простых шага ниже:

Ваши контактные данные:

Шаг 1
Поздравляем! У вас есть промокод!

Тип желаемой лицензии:

Шаг 2
Team license
Enterprise license
** Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности
close form
Запросите информацию о ценах
Новая лицензия
Продление лицензии
--Выберите валюту--
USD
EUR
RUB
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Бесплатная лицензия PVS‑Studio для специалистов Microsoft MVP
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Для получения лицензии для вашего открытого
проекта заполните, пожалуйста, эту форму
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Мне интересно попробовать плагин на:
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
check circle
Ваше сообщение отправлено.

Мы ответим вам на


Если вы так и не получили ответ, пожалуйста, проверьте папку
Spam/Junk и нажмите на письме кнопку "Не спам".
Так Вы не пропустите ответы от нашей команды.

Вебинар: Трудности при интеграции SAST, как с ними справляться - 04.04

>
>
>
Классификация предупреждений PVS-Studio…

Классификация предупреждений PVS-Studio согласно Common Weakness Enumeration (CWE)

Common Weakness Enumeration (CWE) - система классификации потенциальных и подтверждённых уязвимостей. Она поддерживается сообществом с целью выявления проблем программного обеспечения и создания автоматизированных инструментов, которые могут использоваться для выявления и устранения этих проблем.

CCR (Coverage Claims Representation) для PVS-Studio доступно здесь.

C/C++ диагностики

Error Code

Error Description

Mapping

V501

Identical sub-expressions to the left and to the right of 'foo' operator.

CWE-570, CWE-571

V502

The '?:' operator may not work as expected. The '?:' operator has a lower priority than the 'foo' operator.

CWE-783

V503

Nonsensical comparison: pointer < 0.

CWE-697

V504

Semicolon ';' is probably missing after the 'return' keyword.

CWE-841

V505

The 'alloca' function is used inside the loop. This can quickly overflow stack.

CWE-770

V506

Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid.

CWE-562

V507

Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid.

CWE-562

V508

The 'new type(n)' pattern was detected. Probably meant: 'new type[n]'.

CWE-480

V509

Exceptions raised inside noexcept functions must be wrapped in a try..catch block.

CWE-248, CWE-703

V510

The 'Foo' function receives class-type variable as Nth actual argument. This is unexpected behavior.

CWE-686

V511

The sizeof() operator returns pointer size instead of array size.

CWE-467

V512

Call of the 'Foo' function will lead to buffer overflow.

CWE-119, CWE-125, CWE-193, CWE-467, CWE-682, CWE-787, CWE-806

V513

Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions.

CWE-676

V514

Potential logical error. Size of a pointer is divided by another value.

CWE-131

V515

The 'delete' operator is applied to non-pointer.

CWE-763

V516

Non-null function pointer is compared to null. Consider inspecting the expression.

CWE-570, CWE-571

V517

Potential logical error. The 'if (A) {...} else if (A) {...}' pattern was detected.

CWE-570

V518

The 'malloc' function allocates suspicious amount of memory calculated by 'strlen(expr)'. Perhaps the correct expression is strlen(expr) + 1.

CWE-131

V519

The 'x' variable is assigned values twice successively. Perhaps this is a mistake.

CWE-563

V520

Comma operator ',' in array index expression.

CWE-480

V521

Expressions that use comma operator ',' are dangerous. Make sure the expression is correct.

CWE-480

V522

Possible null pointer dereference.

CWE-476, CWE-690

V523

The 'then' statement is equivalent to the 'else' statement.

CWE-691

V525

Code contains collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ...

CWE-682

V526

The 'strcmp' function returns 0 if corresponding strings are equal. Consider inspecting the condition for mistakes.

CWE-253

V527

The 'zero' value is assigned to pointer. Probably meant: *ptr = zero.

CWE-351

V528

Pointer is compared with 'zero' value. Probably meant: *ptr != zero.

CWE-697

V529

Suspicious semicolon ';' after 'if/for/while' operator.

CWE-670

V530

Return value of 'Foo' function is required to be used.

CWE-252

V531

The sizeof() operator is multiplied by sizeof(). Consider inspecting the expression.

CWE-131

V532

Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'.

CWE-480

V533

It is possible that a wrong variable is incremented inside the 'for' operator. Consider inspecting 'X'.

CWE-691

V534

It is possible that a wrong variable is compared inside the 'for' operator. Consider inspecting 'X'.

CWE-691

V535

The 'X' variable is used for this loop and outer loops.

CWE-691

V536

Constant value is represented by an octal form.

CWE-682

V537

Potential incorrect use of item 'X'. Consider inspecting the expression.

CWE-682

V539

Iterators are passed as arguments to 'Foo' function. Consider inspecting the expression.

CWE-688

V540

Member 'x' should point to string terminated by two 0 characters.

CWE-628

V541

String is printed into itself. Consider inspecting the expression.

CWE-628

V542

Suspicious type cast: 'Type1' to ' Type2'. Consider inspecting the expression.

CWE-704

V543

It is suspicious that value 'X' is assigned to the variable 'Y' of HRESULT type.

CWE-704

V544

It is suspicious that the value 'X' of HRESULT type is compared with 'Y'.

CWE-253

V545

Conditional expression of 'if' statement is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead.

CWE-253

V546

The 'Foo(Foo)' class member is initialized with itself.

CWE-665

V547

Expression is always true/false.

CWE-570, CWE-571

V548

TYPE X[][] is not equivalent to TYPE **X. Consider inspecting type casting.

CWE-704

V549

The 'first' argument of 'Foo' function is equal to the 'second' argument.

CWE-688

V550

Suspicious precise comparison. Consider using a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon.

CWE-682

V551

Unreachable code under a 'case' label.

CWE-561

V552

A bool type variable is incremented. Perhaps another variable should be incremented instead.

CWE-480

V554

Incorrect use of smart pointer.

CWE-762

V555

Expression of the 'A - B > 0' kind will work as 'A != B'.

CWE-191

V556

Values of different enum types are compared.

CWE-697

V557

Possible array overrun.

CWE-119, CWE-125, CWE-787

V558

Function returns pointer/reference to temporary local object.

CWE-562

V559

Suspicious assignment inside the conditional expression of 'if/while/for' statement.

CWE-481

V560

Part of conditional expression is always true/false.

CWE-570, CWE-571

V561

Consider assigning value to 'foo' variable instead of declaring it anew.

CWE-563

V562

Bool type value is compared with value of N. Consider inspecting the expression.

CWE-563

V563

An 'else' branch may apply to the previous 'if' statement.

CWE-670

V564

The '&' or '|' operator is applied to bool type value. Check for missing parentheses or use the '&&' or '||' operator.

CWE-480

V565

Empty exception handler. Silent suppression of exceptions can hide errors in source code during testing.

CWE-1069, CWE-390, CWE-544

V566

Integer constant is converted to pointer. Check for an error or bad coding style.

CWE-587

V567

Modification of variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior.

CWE-758

V568

It is suspicious that the argument of sizeof() operator is the expression.

CWE-131

V569

Truncation of constant value.

CWE-197

V570

Variable is assigned to itself.

CWE-480

V571

Recurring check. This condition was already verified in previous line.

CWE-571

V572

Object created using 'new' operator is immediately cast to another type. Consider inspecting the expression.

CWE-665

V573

Use of uninitialized variable 'Foo'. The variable was used to initialize itself.

CWE-457

V574

Pointer is used both as an array and as a pointer to single object.

CWE-823

V575

Function receives suspicious argument.

CWE-628

V576

Incorrect format. Consider checking the Nth actual argument of the 'Foo' function.

CWE-628, CWE-685, CWE-686, CWE-687

V577

Label is present inside switch(). Check for typos and consider using the 'default:' operator instead.

CWE-478

V578

Suspicious bitwise operation was detected. Consider inspecting it.

CWE-480

V579

The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument.

CWE-467

V580

Suspicious explicit type casting. Consider inspecting the expression.

CWE-843

V581

Conditional expressions of 'if' statements located next to each other are identical.

CWE-670

V582

Consider reviewing the source code that uses the container.

CWE-119, CWE-125, CWE-787

V583

The '?:' operator, regardless of its conditional expression, always returns the same value.

CWE-783

V584

Same value is present on both sides of the operator. The expression is incorrect or can be simplified.

CWE-480

V585

Attempt to release memory that stores the 'Foo' local variable.

CWE-762

V586

The 'Foo' function is called twice to deallocate the same resource.

CWE-415, CWE-675

V588

Expression of the 'A =+ B' kind is used. Possibly meant: 'A += B'. Consider inspecting the expression.

CWE-480

V589

Expression of the 'A =- B' kind is used. Possibly meant: 'A -= B'. Consider inspecting the expression.

CWE-480

V590

Possible excessive expression or typo. Consider inspecting the expression.

CWE-571

V591

Non-void function must return value.

CWE-393

V593

Expression 'A = B == C' is calculated as 'A = (B == C)'. Consider inspecting the expression.

CWE-783

V594

Pointer to array is out of array bounds.

CWE-823

V595

Pointer was used before its check for nullptr. Check lines: N1, N2.

CWE-476

V596

Object was created but is not used. Check for missing 'throw' keyword.

CWE-390

V597

Compiler may delete 'memset' function call that is used to clear 'Foo' buffer. Use the RtlSecureZeroMemory() function to erase private data.

CWE-14

V598

Memory manipulation function is used to work with a class object containing a virtual table pointer. The result of such an operation may be unexpected.

CWE-665

V599

The virtual destructor is not present, although the 'Foo' class contains virtual functions.

CWE-1079

V600

The 'Foo' pointer is always not equal to NULL. Consider inspecting the condition.

CWE-570, CWE-571

V601

Suspicious implicit type casting.

CWE-704

V602

The '<' operator should probably be replaced with '<<'. Consider inspecting this expression.

CWE-480

V603

Object was created but not used. If you wish to call constructor, use 'this->Foo::Foo(....)'.

CWE-665

V604

Number of iterations in loop equals size of a pointer. Consider inspecting the expression.

CWE-682

V605

Unsigned value is compared to the NN number. Consider inspecting the expression.

CWE-682

V607

Ownerless expression 'Foo'.

CWE-482

V608

Recurring sequence of explicit type casts.

CWE-704

V609

Possible division or mod by zero.

CWE-369

V610

Undefined behavior. Check the shift operator.

CWE-758

V611

Memory allocation and deallocation methods are incompatible.

CWE-590, CWE-762

V612

Unconditional 'break/continue/return/goto' within a loop.

CWE-670

V613

Suspicious pointer arithmetic with 'malloc/new'.

CWE-761

V614

Use of 'Foo' uninitialized variable.

CWE-457, CWE-824

V615

Suspicious explicit conversion from 'float *' type to 'double *' type.

CWE-704

V616

Use of 'Foo' named constant with 0 value in bitwise operation.

CWE-480

V617

Argument of the '|' bitwise operation always contains non-zero value. Consider inspecting the condition.

CWE-480

V618

Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str);

CWE-134

V619

Array is used as pointer to single object.

CWE-480

V620

Expression of sizeof(T)*N kind is summed up with pointer to T type. Consider inspecting the expression.

CWE-682

V621

Loop may execute incorrectly or may not execute at all. Consider inspecting the 'for' operator.

CWE-835

V622

First 'case' operator may be missing. Consider inspecting the 'switch' statement.

CWE-478

V623

Temporary object is created and then destroyed. Consider inspecting the '?:' operator.

CWE-416

V624

Use of constant NN. The resulting value may be inaccurate. Consider using the M_NN constant from <math.h>.

CWE-547

V625

Initial and final values of the iterator are the same. Consider inspecting the 'for' operator.

CWE-691

V626

It's possible that ',' should be replaced by ';'. Consider checking for typos.

CWE-483

V627

Argument of sizeof() is a macro, which expands to a number. Consider inspecting the expression.

CWE-682

V628

It is possible that a line was commented out improperly, thus altering the program's operation logic.

CWE-670

V629

Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. Consider inspecting the expression.

CWE-190

V630

The 'malloc' function is used to allocate memory for an array of objects that are classes containing constructors/destructors.

CWE-665

V631

Defining absolute path to file or directory is considered a poor coding style. Consider inspecting the 'Foo' function call.

CWE-30, CWE-37, CWE-39

V632

Argument is of the 'T' type. Consider inspecting the NN argument of the 'Foo' function.

CWE-686

V633

The '!=' operator should probably be used here. Consider inspecting the expression.

CWE-480

V634

Priority of '+' operation is higher than priority of '<<' operation. Consider using parentheses in the expression.

CWE-783

V635

Length should be probably multiplied by sizeof(wchar_t). Consider inspecting the expression.

CWE-135

V636

Expression was implicitly cast from integer type to real type. Consider using an explicit type cast to avoid overflow or loss of a fractional part.

CWE-682

V637

Use of two opposite conditions. The second condition is always false.

CWE-570

V638

Terminal null is present inside a string. Use of '\0xNN' characters. Probably meant: '\xNN'.

CWE-665

V639

One of closing ')' parentheses is probably positioned incorrectly. Consider inspecting the expression for function call.

CWE-685

V640

Code's operational logic does not correspond with its formatting.

CWE-483

V641

Buffer size is not a multiple of element size.

CWE-704

V642

Function result is saved inside the 'byte' type variable. Significant bits may be lost. This may break the program's logic.

CWE-197

V643

Suspicious pointer arithmetic. Value of 'char' type is added to a string pointer.

CWE-480

V644

Suspicious function declaration. Consider creating a 'T' type object.

CWE-664

V645

Function call may lead to buffer overflow. Bounds should not contain size of a buffer, but a number of characters it can hold.

CWE-193, CWE-787

V646

The 'else' keyword may be missing. Consider inspecting the program's logic.

CWE-670

V647

Value of 'A' type is assigned to a pointer of 'B' type.

CWE-587

V648

Priority of '&&' operation is higher than priority of '||' operation.

CWE-783

V649

Two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless.

CWE-561

V650

Type casting is used 2 times in a row. The '+' operation is executed. Probably meant: (T1)((T2)a + b).

CWE-468

V651

Suspicious operation of 'sizeof(X)/sizeof(T)' kind, where 'X' is of the 'class' type.

CWE-682

V652

Operation is executed 3 or more times in a row.

CWE-480

V653

Suspicious string consisting of two parts is used for initialization. Comma may be missing.

CWE-665

V654

Condition of a loop is always true/false.

CWE-834

V655

Strings were concatenated but not used. Consider inspecting the expression.

CWE-480

V656

Variables are initialized through the call to the same function. It's probably an error or un-optimized code.

CWE-665

V657

Function always returns the same value of NN. Consider inspecting the function.

CWE-393

V658

Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly.

CWE-190

V660

Program contains an unused label and function call: 'CC:AA()'. Probably meant: 'CC::AA()'.

CWE-480

V662

Different containers are used to set up initial and final values of iterator. Consider inspecting the loop expression.

CWE-758

V663

Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the 'cin.fail()' function call to the conditional expression.

CWE-834

V664

Pointer is dereferenced on the initialization list before its check for null inside the body of a constructor function.

CWE-476

V666

Value may not correspond with the length of a string passed with YY argument. Consider inspecting the NNth argument of the 'Foo' function.

CWE-805

V667

The 'throw' operator does not have any arguments and is not located within the 'catch' block.

CWE-480

V668

Possible meaningless check for null, as memory was allocated using 'new' operator. Memory allocation will lead to an exception.

CWE-570, CWE-571

V670

Uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class.

CWE-457

V671

The 'swap' function may interchange a variable with itself.

CWE-687

V673

More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

CWE-190

V674

Expression contains a suspicious mix of integer and real types.

CWE-682

V676

Incorrect comparison of BOOL type variable with TRUE.

CWE-253

V678

Object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function.

CWE-688

V679

The 'X' variable was not initialized. This variable is passed by reference to the 'Foo' function in which its value will be used.

CWE-457

V680

The 'delete A, B' expression only destroys the 'A' object. Then the ',' operator returns a resulting value from the right side of the expression.

CWE-401

V681

The language standard does not define order in which 'Foo' functions are called during evaluation of arguments.

CWE-758

V683

The 'i' variable should probably be incremented instead of the 'n' variable. Consider inspecting the loop expression.

CWE-190

V684

Value of variable is not modified. It is possible that '1' should be present instead of '0'. Consider inspecting the expression.

CWE-682

V685

The expression contains a comma. Consider inspecting the return statement.

CWE-480

V686

Pattern A || (A && ...) was detected. The expression is excessive or contains a logical error.

CWE-571

V687

Size of array calculated by sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]).

CWE-682

V689

Destructor of 'Foo' class is not declared as virtual. A smart pointer may not destroy an object correctly.

CWE-404

V692

Inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, use a string ending with a null terminator in the first place.

CWE-788

V693

It is possible that 'i < X.size()' should be used instead of 'X.size()'. Consider inspecting conditional expression of the loop.

CWE-835

V694

The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.

CWE-571

V695

Range intersections are possible within conditional expressions.

CWE-561, CWE-670

V696

The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false.

CWE-670

V697

Number of elements in the allocated array equals the size of a pointer in bytes.

CWE-682

V698

Functions of strcmp() kind can return any values, not only -1, 0, or 1.

CWE-253

V699

It is possible that 'foo = bar == baz ? .... : ....' should be used here instead of 'foo = bar = baz ? .... : ....'. Consider inspecting the expression.

CWE-481

V700

It is suspicious that variable is initialized through itself. Consider inspecting the 'T foo = foo = x;' expression.

CWE-480

V701

Possible realloc() leak: when realloc() fails to allocate memory, original pointer is lost. Consider assigning realloc() to a temporary pointer.

CWE-401

V702

Classes should always be derived from std::exception (and alike) as 'public'.

CWE-544

V704

The expression is always false on newer compilers. Avoid using 'this == 0' comparison.

CWE-570, CWE-571

V705

It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.

CWE-691

V706

Suspicious division: sizeof(X) / Value. Size of every element in X array is not equal to divisor.

CWE-682

V708

Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior.

CWE-758

V709

Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'.

CWE-682

V712

Compiler may optimize out this loop or make it infinite. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-835

V713

Pointer was used in the logical expression before its check for nullptr in the same logical expression.

CWE-476

V714

Variable is not passed into foreach loop by reference, but its value is changed inside of the loop.

CWE-563

V715

The 'while' operator has empty body. This pattern is suspicious.

CWE-691

V716

Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT).

CWE-704

V717

It is suspicious to cast object of base class V to derived class U.

CWE-843

V721

The VARIANT_BOOL type is used incorrectly. The true value (VARIANT_TRUE) is defined as -1.

CWE-665, CWE-697

V722

Abnormality within similar comparisons. It is possible that a typo is present inside the expression.

CWE-697

V723

Function returns a pointer to the internal string buffer of a local object, which will be destroyed.

CWE-416

V724

Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'.

CWE-197

V725

Dangerous cast of 'this' to 'void*' type in the 'Base' class, as it is followed by a subsequent cast to 'Class' type.

CWE-704

V726

Attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function.

CWE-761

V727

Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'.

CWE-783

V728

Excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'x' and '!x'.

CWE-570

V730

Not all members of a class are initialized inside the constructor.

CWE-457

V731

The variable of char type is compared with pointer to string.

CWE-665

V732

Unary minus operator does not modify a bool type value.

CWE-480

V733

It is possible that macro expansion resulted in incorrect evaluation order.

CWE-783

V736

The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array.

CWE-758

V737

It is possible that ',' comma is missing at the end of the string.

CWE-665

V738

Temporary anonymous object is used.

CWE-672

V739

EOF should not be compared with a value of the 'char' type. Consider using the 'int' type.

CWE-20

V741

Use of the throw (a, b); pattern. It is possible that type name was omitted: throw MyException(a, b);.

CWE-480

V742

Function receives an address of a 'char' type variable instead of pointer to a buffer.

CWE-170

V743

The memory areas must not overlap. Use 'memmove' function.

CWE-475

V744

Temporary object is immediately destroyed after being created. Consider naming the object.

CWE-664

V745

A 'wchar_t *' type string is incorrectly converted to 'BSTR' type string.

CWE-704

V747

Suspicious expression inside parentheses. A function name may be missing.

CWE-480

V748

Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function.

CWE-762

V749

Destructor of the object will be invoked a second time after leaving the object's scope.

CWE-675

V752

Creating an object with placement new requires a buffer of large size.

CWE-788

V753

The '&=' operation always sets a value of 'Foo' variable to zero.

CWE-682

V755

Copying from potentially tainted data source. Buffer overflow is possible.

CWE-123

V757

It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'.

CWE-690

V758

Reference was invalidated because of destruction of the temporary object returned by the function.

CWE-416

V759

Violated order of exception handlers. Exception caught by handler for base class.

CWE-703

V762

Consider inspecting virtual function arguments. See NN argument of function 'Foo' in derived class and base class.

CWE-670

V764

Possible incorrect order of arguments passed to function.

CWE-683

V765

Compound assignment expression 'X += X + N' is suspicious. Consider inspecting it for a possible error.

CWE-682

V766

An item with the same key has already been added.

CWE-462

V768

Variable is of enum type. It is suspicious that it is used as a variable of a Boolean-type.

CWE-570, CWE-571

V769

The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used.

CWE-119

V770

Possible use of left shift operator instead of comparison operator.

CWE-480

V772

Calling the 'delete' operator for a void pointer will cause undefined behavior.

CWE-758

V773

Function exited without releasing the pointer/handle. A memory/resource leak is possible.

CWE-401, CWE-775

V774

Pointer was used after the memory was released.

CWE-416

V775

It is suspicious that the BSTR data type is compared using a relational operator.

CWE-1023

V776

Potentially infinite loop. The variable in the loop exit condition does not change its value between iterations.

CWE-835

V777

Dangerous widening type conversion from an array of derived-class objects to a base-class pointer.

CWE-468

V778

Two similar code fragments. Perhaps, it is a typo and 'X' variable should be used instead of 'Y'.

CWE-682

V779

Unreachable code was detected. It is possible that an error is present.

CWE-561

V781

Value of a variable is checked after it is used. Possible error in program's logic. Check lines: N1, N2.

CWE-129, CWE-20, CWE-789

V782

It is pointless to compute the distance between the elements of different arrays.

CWE-469

V783

Possible dereference of invalid iterator 'X'.

CWE-119

V784

The size of the bit mask is less than the size of the first operand. This will cause the loss of the higher bits.

CWE-197

V785

Constant expression in switch statement.

CWE-691

V786

Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B].

CWE-197

V788

Review captured variable in lambda expression.

CWE-457

V789

Iterators for the container, used in the range-based for loop, become invalid upon a function call.

CWE-672

V791

The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.

CWE-691

V792

The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead.

CWE-691

V793

It is suspicious that the result of the statement is a part of the condition. Perhaps, this statement should have been compared with something else.

CWE-691

V796

A 'break' statement is probably missing in a 'switch' statement.

CWE-484

V797

The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos.

CWE-253

V798

The size of the dynamic array can be less than the number of elements in the initializer.

CWE-789

V1001

Variable is assigned but not used by the end of the function.

CWE-563

V1002

Class that contains pointers, constructor and destructor is copied by the automatically generated operator= or copy constructor.

CWE-665

V1004

Pointer was used unsafely after its check for nullptr.

CWE-119, CWE-476, CWE-628

V1005

The resource was acquired using 'X' function but was released using incompatible 'Y' function.

CWE-404

V1006

Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur.

CWE-675

V1007

Value from the uninitialized optional is used. It may be an error.

CWE-457

V1008

No more than one iteration of the loop will be performed. Consider inspecting the 'for' operator.

CWE-691

V1009

Check the array initialization. Only the first element is initialized explicitly.

CWE-665

V1010

Unchecked tainted data is used in expression.

CWE-134, CWE-138, CWE-20, CWE-78

V1012

The expression is always false. Overflow check is incorrect.

CWE-192

V1013

Suspicious subexpression in a sequence of similar comparisons.

CWE-670

V1014

Structures with members of real type are compared byte-wise.

CWE-682

V1015

Suspicious simultaneous use of bitwise and logical operators.

CWE-480

V1016

The value is out of range of enum values. This causes unspecified or undefined behavior.

CWE-681

V1017

Variable of the 'string_view' type references a temporary object, which will be removed after evaluation of an expression.

CWE-416

V1018

Usage of a suspicious mutex wrapper. It is probably unused, uninitialized, or already locked.

CWE-413, CWE-833

V1019

Compound assignment expression is used inside condition.

CWE-480

V1020

Function exited without performing epilogue actions. It is possible that there is an error.

CWE-772

V1021

The variable is assigned the same value on several loop iterations.

CWE-835

V1022

Exception was thrown by pointer. Consider throwing it by value instead.

CWE-755

V1023

A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception.

CWE-460

V1024

Potential use of invalid data. The stream is checked for EOF before reading from it but is not checked after reading.

CWE-20

V1025

New variable with default value is created instead of 'std::unique_lock' that locks on the mutex.

CWE-820

V1026

The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

CWE-190

V1027

Pointer to an object of the class is cast to unrelated class.

CWE-704

V1028

Possible overflow. Consider casting operands, not the result.

CWE-190

V1029

Numeric Truncation Error. Return value of function is written to N-bit variable.

CWE-197

V1032

Pointer is cast to a more strictly aligned pointer type.

CWE-843

V1034

Do not use real-type variables as loop counters.

CWE-834

V1036

Potentially unsafe double-checked locking.

CWE-609

V1037

Two or more case-branches perform the same actions.

CWE-691

V1038

It is suspicious that a char or string literal is added to a pointer.

CWE-468

V1041

Class member is initialized with dangling reference.

CWE-825

V1042

This file is marked with copyleft license, which requires you to open the derived source code.

CWE-1177

V1044

Loop break conditions do not depend on the number of iterations.

CWE-834

V1045

The DllMain function throws an exception. Consider wrapping the throw operator in a try..catch block.

CWE-248, CWE-703

V1046

Unsafe usage of the 'bool' and integer types together in the operation '&='.

CWE-682

V1047

Lifetime of the lambda is greater than lifetime of the local variable captured by reference.

CWE-672

V1048

Variable 'foo' was assigned the same value.

CWE-1164

V1050

Uninitialized class member is used when initializing the base class.

CWE-457

V1051

It is possible that an assigned variable should be checked in the next condition. Consider checking for typos.

CWE-754

V1055

The 'sizeof' expression returns the size of the container type, not the number of elements. Consider using the 'size()' function.

CWE-131

V1057

Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time.

CWE-337

V1058

Nonsensical comparison of two different functions' addresses.

CWE-1025

V1063

The modulo by 1 operation is meaningless. The result will always be zero.

CWE-682

V1064

The left operand of integer division is less than the right one. The result will always be zero.

CWE-682

V1065

Expression can be simplified: check similar operands.

CWE-682

V1066

The 'SysFreeString' function should be called only for objects of the 'BSTR' type.

CWE-762

V1067

Throwing from exception constructor may lead to unexpected behavior.

CWE-755

V1070

Signed value is converted to an unsigned one with subsequent expansion to a larger type in ternary operator.

CWE-681

V1072

Buffer needs to be securely cleared on all execution paths.

CWE-212

V1073

Check the following code block after the 'if' statement. Consider checking for typos.

CWE-483

V1076

Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor.

CWE-94

V1077

Constructor contains potentially uninitialized members.

CWE-457

V1080

Call of 'std::is_constant_evaluated' function always returns the same value.

CWE-570, CWE-571

V1081

Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior.

CWE-190

V1083

Signed integer overflow in arithmetic expression. This leads to undefined behavior.

CWE-190

V1084

The expression is always true/false. The value is out of range of enum values.

CWE-1024

V1085

Negative value is implicitly converted to unsigned integer type in arithmetic expression.

CWE-190

V1086

Call of the 'Foo' function will lead to buffer underflow.

CWE-119, CWE-467, CWE-682

V1087

Upper bound of case range is less than its lower bound. This case may be unreachable.

CWE-670

V1088

No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues.

CWE-821

V1090

The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'.

CWE-248

V1091

The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior.

CWE-704

V1095

Usage of potentially invalid handle. The value should be non-negative.

CWE-775

V1098

The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved object can be destroyed even if there is no insertion.

CWE-826

V1099

Using the function of uninitialized derived class while initializing the base class will lead to undefined behavior.

CWE-908

V1100

Unreal Engine. Declaring a pointer to a type derived from 'UObject' in a class that is not derived from 'UObject' is dangerous. The pointer may start pointing to an invalid object after garbage collection.

CWE-826

V1101

Changing the default argument of a virtual function parameter in a derived class may result in unexpected behavior.

CWE-665

V1103

The values of padding bytes are unspecified. Comparing objects with padding using 'memcmp' may lead to unexpected result.

CWE-188

V1104

Priority of the 'M' operator is higher than that of the 'N' operator. Possible missing parentheses.

CWE-783

V2001

Consider using the extended version of the 'foo' function here.

CWE-477

V2002

Consider using the 'Ptr' version of the 'foo' function here.

CWE-477

V2003

Explicit conversion from 'float/double' type to signed integer type.

CWE-681

V2004

Explicit conversion from 'float/double' type to unsigned integer type.

CWE-681

V2007

This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake.

CWE-480

V2008

Cyclomatic complexity: NN. Consider refactoring the 'Foo' function.

CWE-407

V2013

Consider inspecting the correctness of handling the N argument in the 'Foo' function.

CWE-704

V2016

Consider inspecting the function call. The function was annotated as dangerous.

CWE-1177

V2509

MISRA. The function with the 'abort/exit/getenv/system' name should not be used.

CWE-676

V2510

MISRA. The function with the 'qsort/bsearch' name should not be used.

CWE-676

V2511

MISRA. Memory allocation and deallocation functions should not be used.

CWE-676

V2512

MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used.

CWE-676

V2513

MISRA. Unbounded functions performing string operations should not be used.

CWE-676

V2599

MISRA. The standard signal handling functions should not be used.

CWE-676

V2600

MISRA. The standard input/output functions should not be used.

CWE-676

V2619

MISRA. Typedef names should be unique across all name spaces.

CWE-676

V5001

OWASP. It is highly probable that the semicolon ';' is missing after 'return' keyword.

CWE-841

V5002

OWASP. An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.

CWE-1069, CWE-390, CWE-544

V5003

OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V5004

OWASP. Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

CWE-190

V5005

OWASP. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

CWE-190

V5006

OWASP. More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

CWE-190

V5007

OWASP. Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.

CWE-190

V5008

OWASP. Classes should always be derived from std::exception (and alike) as 'public'.

CWE-544

V5009

OWASP. Unchecked tainted data is used in expression.

CWE-134, CWE-138, CWE-20, CWE-78

V5010

OWASP. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

CWE-190

V5011

OWASP. Possible overflow. Consider casting operands, not the result.

CWE-190

V5012

OWASP. Potentially unsafe double-checked locking.

CWE-609

V5013

OWASP. Storing credentials inside source code can lead to security issues.

CWE-259, CWE-798

C# диагностики

Error Code

Error Description

Mapping

V3001

There are identical sub-expressions to the left and to the right of the 'foo' operator.

CWE-570, CWE-571

V3003

The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.

CWE-570

V3004

The 'then' statement is equivalent to the 'else' statement.

CWE-691

V3006

The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V3007

Odd semicolon ';' after 'if/for/while' operator.

CWE-691

V3008

The 'x' variable is assigned values twice successively. Perhaps this is a mistake.

CWE-563

V3009

It's odd that this method always returns one and the same value of NN.

CWE-393

V3010

The return value of function 'Foo' is required to be utilized.

CWE-252

V3011

Two opposite conditions were encountered. The second condition is always false.

CWE-570

V3012

The '?:' operator, regardless of its conditional expression, always returns one and the same value.

CWE-783

V3014

It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'.

CWE-691

V3015

It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'.

CWE-691

V3016

The variable 'X' is being used for this loop and for the outer loop.

CWE-691

V3018

Consider inspecting the application's logic. It's possible that 'else' keyword is missing.

CWE-670

V3019

It is possible that an incorrect variable is compared with null after type conversion using 'as' keyword.

CWE-697

V3020

An unconditional 'break/continue/return/goto' within a loop.

CWE-670

V3021

There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless.

CWE-561

V3022

Expression is always true/false.

CWE-570, CWE-571

V3023

Consider inspecting this expression. The expression is excessive or contains a misprint.

CWE-571

V3024

An odd precise comparison. Consider using a comparison with defined precision: Math.Abs(A - B) < Epsilon or Math.Abs(A - B) > Epsilon.

CWE-682

V3025

Incorrect format. Consider checking the N format items of the 'Foo' function.

CWE-685

V3026

The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant.

CWE-1339

V3027

The variable was utilized in the logical expression before it was verified against null in the same logical expression.

CWE-476

V3028

Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.

CWE-691

V3030

Recurring check. This condition was already verified in previous line.

CWE-571

V3032

Waiting on this expression is unreliable, as compiler may optimize some of the variables. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-835

V3033

It is possible that this 'else' branch must apply to the previous 'if' statement.

CWE-670

V3034

Consider inspecting the expression. Probably the '!=' should be used here.

CWE-480

V3035

Consider inspecting the expression. Probably the '+=' should be used here.

CWE-480

V3036

Consider inspecting the expression. Probably the '-=' should be used here.

CWE-480

V3038

The argument was passed to method several times. It is possible that another argument should be passed instead.

CWE-687

V3039

Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style.

CWE-39

V3040

The expression contains a suspicious mix of integer and real types.

CWE-682

V3041

The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part.

CWE-682

V3042

Possible NullReferenceException. The '?.' and '.' operators are used for accessing members of the same object.

CWE-476

V3043

The code's operational logic does not correspond with its formatting.

CWE-483

V3051

An excessive type cast or check. The object is already of the same type.

CWE-704

V3052

The original exception object was swallowed. Stack of original exception could be lost.

CWE-390

V3054

Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-609

V3055

Suspicious assignment inside the condition expression of 'if/while/for' operator.

CWE-481

V3056

Consider reviewing the correctness of 'X' item's usage.

CWE-682

V3057

Function receives an odd argument.

CWE-628

V3058

An item with the same key has already been added.

CWE-462

V3060

A value of variable is not modified. Consider inspecting the expression. It is possible that other value should be present instead of '0'.

CWE-682

V3063

A part of conditional expression is always true/false if it is evaluated.

CWE-570, CWE-571

V3064

Division or mod division by zero.

CWE-369

V3066

Possible incorrect order of arguments passed to method.

CWE-683

V3067

It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.

CWE-691

V3069

It's possible that the line was commented out improperly, thus altering the program's operation logics.

CWE-670

V3070

Uninitialized variables are used when initializing the 'A' variable.

CWE-457

V3076

Comparison with 'double.NaN' is meaningless. Use 'double.IsNaN()' method instead.

CWE-570, CWE-571

V3080

Possible null dereference.

CWE-476

V3082

The 'Thread' object is created but is not started. It is possible that a call to 'Start' method is missing.

CWE-563

V3083

Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

CWE-367

V3089

Initializer of a field marked by [ThreadStatic] attribute will be called once on the first accessing thread. The field will have default value on different threads.

CWE-665

V3090

Unsafe locking on an object.

CWE-662, CWE-833

V3092

Range intersections are possible within conditional expressions.

CWE-670

V3093

The operator evaluates both operands. Perhaps a short-circuit operator should be used instead.

CWE-480

V3095

The object was used before it was verified against null. Check lines: N1, N2.

CWE-476

V3098

The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false.

CWE-670

V3099

Not all the members of type are serialized inside 'GetObjectData' method.

CWE-684

V3100

NullReferenceException is possible. Unhandled exceptions in destructor lead to termination of runtime.

CWE-476

V3105

The 'a' variable was used after it was assigned through null-conditional operator. NullReferenceException is possible.

CWE-690

V3106

Possibly index is out of bound.

CWE-125, CWE-787

V3108

It is not recommended to return null or throw exceptions from 'ToString()' method.

CWE-684

V3110

Possible infinite recursion.

CWE-674

V3112

An abnormality within similar comparisons. It is possible that a typo is present inside the expression.

CWE-697

V3113

Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator.

CWE-190

V3114

IDisposable object is not disposed before method returns.

CWE-404

V3115

It is not recommended to throw exceptions from 'Equals(object obj)' method.

CWE-684

V3116

Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all.

CWE-835

V3120

Potentially infinite loop. The variable from the loop exit condition does not change its value between iterations.

CWE-835

V3122

Uppercase (lowercase) string is compared with a different lowercase (uppercase) string.

CWE-570

V3123

Perhaps the '??' operator works in a different way than it was expected. Its priority is lower than priority of other operators in its left part.

CWE-783

V3125

The object was used after it was verified against null. Check lines: N1, N2.

CWE-476

V3127

Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'.

CWE-682

V3128

The field (property) is used before it is initialized in constructor.

CWE-665

V3131

The expression is checked for compatibility with the type 'A', but is casted to the 'B' type.

CWE-704

V3132

A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'.

CWE-665

V3133

Postfix increment/decrement is senseless because this variable is overwritten.

CWE-682

V3134

Shift by N bits is greater than the size of type.

CWE-128

V3135

The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.

CWE-691

V3136

Constant expression in switch statement.

CWE-691

V3137

The variable is assigned but is not used by the end of the function.

CWE-563

V3142

Unreachable code detected. It is possible that an error is present.

CWE-561

V3145

Unsafe dereference of a WeakReference target. The object could have been garbage collected before the 'Target' property was accessed.

CWE-476

V3146

Possible null dereference. A method can return default null value.

CWE-476

V3147

Non-atomic modification of volatile variable.

CWE-567

V3148

Casting potential 'null' value to a value type can lead to NullReferenceException.

CWE-476

V3149

Dereferencing the result of 'as' operator can lead to NullReferenceException.

CWE-476

V3151

Potential division by zero. Variable was used as a divisor before it was compared to zero. Check lines: N1, N2.

CWE-369

V3152

Potential division by zero. Variable was compared to zero before it was used as a divisor. Check lines: N1, N2.

CWE-369

V3153

Dereferencing the result of null-conditional access operator can lead to NullReferenceException.

CWE-476

V3154

The 'a % b' expression always evaluates to 0.

CWE-682

V3155

The expression is incorrect or it can be simplified.

CWE-682

V3156

The argument of the method is not expected to be null.

CWE-628

V3157

Suspicious division. Absolute value of the left operand is less than the right operand.

CWE-682

V3158

Suspicious division. Absolute values of both operands are equal.

CWE-682

V3159

Modified value of the operand is not used after the increment/decrement operation.

CWE-563

V3160

Argument of incorrect type is passed to the 'Enum.HasFlag' method.

CWE-686

V3161

Comparing value type variables with 'ReferenceEquals' is incorrect because compared values will be boxed.

CWE-686

V3163

An exception handling block does not contain any code.

CWE-1069, CWE-390, CWE-544

V3164

Exception classes should be publicly accessible.

CWE-544

V3165

The expression of the 'char' type is passed as an argument of the 'A' type whereas similar overload with the string parameter exists.

CWE-628

V3166

Calling the 'SingleOrDefault' method may lead to 'InvalidOperationException'.

CWE-628

V3168

Awaiting on expression with potential null value can lead to throwing of 'NullReferenceException'.

CWE-476

V3170

Both operands of the '??' operator are identical.

CWE-670

V3171

Potentially negative value is used as the size of an array.

CWE-839

V3172

The 'if/if-else/for/while/foreach' statement and code block after it are not related. Inspect the program's logic.

CWE-483

V3174

Suspicious subexpression in a sequence of similar comparisons.

CWE-670

V3175

Locking operations must be performed on the same thread. Using 'await' in a critical section may lead to a lock being released on a different thread.

CWE-667

V3176

The '&=' or '|=' operator is redundant because the right operand is always true/false.

CWE-570, CWE-571

V3177

Logical literal belongs to second operator with a higher priority. It is possible literal was intended to belong to '??' operator instead.

CWE-783

V3178

Calling method or accessing property of potentially disposed object may result in exception.

CWE-672

V3179

Calling element access method for potentially empty collection may result in exception.

CWE-628

V3180

The 'HasFlag' method always returns 'true' because the value '0' is passed as its argument.

CWE-687

V3181

The result of '&' operator is '0' because one of the operands is '0'.

CWE-682

V3182

The result of '&' operator is always '0'.

CWE-480

V3183

Code formatting implies that the statement should not be a part of the 'then' branch that belongs to the preceding 'if' statement.

CWE-670

V3184

The argument's value is greater than the size of the collection. Passing the value into the 'Foo' method will result in an exception.

CWE-687

V3185

An argument containing a file path could be mixed up with another argument. The other function parameter expects a file path instead.

CWE-628

V3186

The arguments violate the bounds of collection. Passing these values into the method will result in an exception.

CWE-687

V3190

Concurrent modification of a variable may lead to errors.

CWE-821

V3192

Type member is used in the 'GetHashCode' method but is missing from the 'Equals' method.

CWE-697

V3193

Data processing results are potentially used before asynchronous output reading is complete. Consider calling 'WaitForExit' overload with no arguments before using the data.

CWE-366

V3194

Calling 'OfType' for collection will return an empty collection. It is not possible to cast collection elements to the type parameter.

CWE-704

V3195

Collection initializer implicitly calls 'Add' method. Using it on member with default value of null will result in null dereference exception.

CWE-476

V3197

The compared value inside the 'Object.Equals' override is converted to a different type that does not contain the override.

CWE-697

V4001

Unity Engine. Boxing inside a frequently called method may decrease performance.

CWE-1235

V5601

OWASP. Storing credentials inside source code can lead to security issues.

CWE-259, CWE-798

V5602

OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V5603

OWASP. The original exception object was swallowed. Stack of original exception could be lost.

CWE-390

V5604

OWASP. Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-609

V5605

OWASP. Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

CWE-367

V5606

OWASP. An exception handling block does not contain any code.

CWE-1069, CWE-390, CWE-544

V5607

OWASP. Exception classes should be publicly accessible.

CWE-544

V5608

OWASP. Possible SQL injection. Potentially tainted data is used to create SQL command.

CWE-89

V5609

OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path.

CWE-22

V5610

OWASP. Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.

CWE-79

V5611

OWASP. Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

CWE-502

V5612

OWASP. Do not use old versions of SSL/TLS protocols as it may cause security issues.

CWE-326

V5613

OWASP. Use of outdated cryptographic algorithm is not recommended.

CWE-327, CWE-328

V5614

OWASP. Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.

CWE-611

V5615

OWASP. Potential XEE vulnerability. Insecure XML parser is used to process potentially tainted data.

CWE-776

V5616

OWASP. Possible command injection. Potentially tainted data is used to create OS command.

CWE-77, CWE-78, CWE-88

V5617

OWASP. Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time.

CWE-613

V5618

OWASP. Possible server-side request forgery. Potentially tainted data is used in the URL.

CWE-918

V5619

OWASP. Possible log injection. Potentially tainted data is written into logs.

CWE-117

V5620

OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter.

CWE-90

V5621

OWASP. Error message contains potentially sensitive data that may be exposed.

CWE-209

V5622

OWASP. Possible XPath injection. Potentially tainted data is used in the XPath expression.

CWE-643

V5623

OWASP. Possible open redirect vulnerability. Potentially tainted data is used in the URL.

CWE-601

V5624

OWASP. Use of potentially tainted data in configuration may lead to security issues.

CWE-15

V5625

OWASP. Referenced package contains vulnerability.

CWE-1035, CWE-1352

V5626

OWASP. Possible ReDoS vulnerability. Potentially tainted data is processed by regular expression that contains an unsafe pattern.

CWE-1333

V5627

OWASP. Possible NoSQL injection. Potentially tainted data is used to create query.

CWE-943

V5628

OWASP. Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file.

CWE-22, CWE-641, CWE-99

Java диагностики

Error Code

Error Description

Mapping

V5301

OWASP. An exception handling block does not contain any code.

CWE-1069

V5302

OWASP. Exception classes should be publicly accessible.

CWE-544

V5303

OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V5304

OWASP. Unsafe double-checked locking.

CWE-609

V5305

OWASP. Storing credentials inside source code can lead to security issues.

CWE-259, CWE-798

V6001

There are identical sub-expressions to the left and to the right of the 'foo' operator.

CWE-570, CWE-571

V6003

The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.

CWE-570

V6004

The 'then' statement is equivalent to the 'else' statement.

CWE-691

V6006

The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V6007

Expression is always true/false.

CWE-570, CWE-571

V6008

Potential null dereference.

CWE-476, CWE-690

V6009

Function receives an odd argument.

CWE-628

V6010

The return value of function 'Foo' is required to be utilized.

CWE-252

V6011

The expression contains a suspicious mix of integer and real types.

CWE-682

V6012

The '?:' operator, regardless of its conditional expression, always returns one and the same value.

CWE-783

V6013

Comparison of arrays, strings, collections by reference. Possibly an equality comparison was intended.

CWE-595

V6014

It's odd that this method always returns one and the same value of NN.

CWE-393

V6015

Consider inspecting the expression. Probably the '!='/'-='/'+=' should be used here.

CWE-480

V6018

Constant expression in switch statement.

CWE-691

V6019

Unreachable code detected. It is possible that an error is present.

CWE-561

V6020

Division or mod division by zero.

CWE-369

V6021

The value is assigned to the 'x' variable but is not used.

CWE-563

V6024

The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false.

CWE-670

V6025

Possibly index is out of bound.

CWE-125, CWE-787

V6029

Possible incorrect order of arguments passed to method.

CWE-683

V6030

The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead.

CWE-691

V6031

The variable 'X' is being used for this loop and for the outer loop.

CWE-691

V6033

An item with the same key has already been added.

CWE-462

V6034

Shift by N bits is inconsistent with the size of type.

CWE-758

V6036

The value from the uninitialized optional is used.

CWE-457

V6037

An unconditional 'break/continue/return/goto' within a loop.

CWE-670

V6038

Comparison with 'double.NaN' is meaningless. Use 'double.isNaN()' method instead.

CWE-570, CWE-571

V6039

There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless.

CWE-561

V6040

The code's operational logic does not correspond with its formatting.

CWE-483

V6041

Suspicious assignment inside the conditional expression of 'if/while/do...while' statement.

CWE-481

V6042

The expression is checked for compatibility with type 'A', but is cast to type 'B'.

CWE-704

V6043

Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.

CWE-691

V6044

Postfix increment/decrement is senseless because this variable is overwritten.

CWE-682

V6046

Incorrect format. Consider checking the N format items of the 'Foo' function.

CWE-628, CWE-685, CWE-686

V6047

It is possible that this 'else' branch must apply to the previous 'if' statement.

CWE-670

V6048

This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake.

CWE-480

V6050

Class initialization cycle is present.

CWE-665

V6051

Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions.

CWE-584

V6054

Classes should not be compared by their name.

CWE-486

V6057

Consider inspecting this expression. The expression is excessive or contains a misprint.

CWE-571

V6058

Comparing objects of incompatible types.

CWE-1024

V6059

Odd use of special character in regular expression. Possibly, it was intended to be escaped.

CWE-185

V6060

The reference was used before it was verified against null.

CWE-476

V6061

The used constant value is represented by an octal form.

CWE-682

V6062

Possible infinite recursion.

CWE-674

V6063

Odd semicolon ';' after 'if/for/while' operator.

CWE-670

V6064

Suspicious invocation of Thread.run().

CWE-572

V6067

Two or more case-branches perform the same actions.

CWE-691

V6070

Unsafe synchronization on an object.

CWE-662

V6072

Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'.

CWE-682

V6073

It is not recommended to return null or throw exceptions from 'toString' / 'clone' methods.

CWE-684

V6074

Non-atomic modification of volatile variable.

CWE-567

V6075

The signature of method 'X' does not conform to serialization requirements.

CWE-684

V6077

A suspicious label is present inside a switch(). It is possible that these are misprints and 'default:' label should be used instead.

CWE-478

V6079

Value of variable is checked after use. Potential logical error is present. Check lines: N1, N2.

CWE-129

V6080

Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition.

CWE-697

V6082

Unsafe double-checked locking.

CWE-609

V6085

An abnormality within similar comparisons. It is possible that a typo is present inside the expression.

CWE-697

V6086

Suspicious code formatting. 'else' keyword is probably missing.

CWE-670

V6089

It's possible that the line was commented out improperly, thus altering the program's operation logics.

CWE-670

V6090

Field 'A' is being used before it was initialized.

CWE-665

V6093

Automatic unboxing of a variable may cause NullPointerException.

CWE-476

V6094

The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part.

CWE-682

V6096

An odd precise comparison. Consider using a comparison with defined precision: Math.abs(A - B) < Epsilon or Math.abs(A - B) > Epsilon.

CWE-682

V6099

The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.

CWE-691

V6100

An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' method.

CWE-688

V6101

compareTo()-like methods can return not only the values -1, 0 and 1, but any values.

CWE-253

V6102

Inconsistent synchronization of a field. Consider synchronizing the field on all usages.

CWE-662

V6103

Ignored InterruptedException could lead to delayed thread shutdown.

CWE-391

V6105

Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator.

CWE-190

V6106

Casting expression to 'X' type before implicitly casting it to other type may be excessive or incorrect.

CWE-704

V6107

The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant.

CWE-547

V6108

Do not use real-type variables in 'for' loop counters.

CWE-834

V6109

Potentially predictable seed is used in pseudo-random number generator.

CWE-336, CWE-337