blob: b5fbfc5ae24487fcb86d4c230badef2f399b5f3b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
|
---
# It is used by 'mach static-analysis check-coverity' and
# 'phabricator static-analysis bot', on automation, in order to determine
# how prone to false-positive a checker is.
#
# In order to update this file please do the following:
# 1. Obtain the coverity-analysis package.
# 2. Run cov-analyze `./cov-analyze --list-checkers.
# 3. Add the new checker(s) from step 2. to the list.
# 4. Depending on the reliability of the checker please set `reliability` field,
# otherwise `medium` will be used as an reliability index.
coverity_checkers:
COPY_PASTE_ERROR:
reliability: low
DEADCODE:
reliability: low
FORWARD_NULL:
reliability: high
IDENTICAL_BRANCHES:
reliability: high
CONSTANT_EXPRESSION_RESULT:
reliability: high
UNREACHABLE:
reliability: low
REVERSE_INULL:
reliability: high
UNEXPECTED_CONTROL_FLOW:
reliability: medium
NESTING_INDENT_MISMATCH:
reliability: high
STRAY_SEMICOLON:
publish: false
reliability: medium
RESOURCE_LEAK:
reliability: medium
NULL_RETURNS:
reliability: medium
DIVIDE_BY_ZERO:
reliability: medium
OVERFLOW_BEFORE_WIDEN:
reliability: high
UNINTENDED_INTEGER_DIVISION:
reliability: medium
SWAPPED_ARGUMENTS:
reliability: low
NO_EFFECT:
reliability: medium
BAD_SHIFT:
reliability: low
INFINITE_LOOP:
reliability: medium
MISSING_RESTORE:
reliability: low
UNUSED_VALUE:
reliability: medium
USELESS_CALL:
reliability: low
MISSING_BREAK:
reliability: low
CHECKED_RETURN:
reliability: low
PROPERTY_MIXUP:
reliability: medium
CALL_SUPER:
reliability: medium
IDENTIFIER_TYPO:
reliability: medium
USE_AFTER_FREE:
reliability: low
ALLOC_FREE_MISMATCH:
reliability: medium
ARRAY_VS_SINGLETON:
reliability: low
ASSERT_SIDE_EFFECT:
reliability: medium
BAD_ALLOC_ARITHMETIC:
reliability: medium
BAD_ALLOC_STRLEN:
reliability: medium
BAD_COMPARE:
reliability: medium
BAD_FREE:
reliability: medium
BAD_SIZEOF:
reliability: medium
CHAR_IO:
reliability: low
EVALUATION_ORDER:
reliability: medium
INCOMPATIBLE_CAST:
reliability: medium
MISSING_COMMA:
reliability: high
MISSING_RETURN:
reliability: medium
NEGATIVE_RETURNS:
reliability: low
OVERRUN:
reliability: low
PASS_BY_VALUE:
reliability: high
PRINTF_ARGS:
reliability: medium
READLINK:
reliability: medium
RETURN_LOCAL:
reliability: low
REVERSE_NEGATIVE:
reliability: medium
SIGN_EXTENSION:
reliability: low
SIZEOF_MISMATCH:
reliability: low
UNINIT:
reliability: high
VARARGS:
reliability: medium
INVALIDATE_ITERATOR:
reliability: medium
BAD_LOCK_OBJECT:
reliability: medium
GUARDED_BY_VIOLATION:
reliability: medium
LOCK_EVASION:
reliability: medium
MISSING_THROW:
reliability: medium
NON_STATIC_GUARDING_STATIC:
reliability: medium
VOLATILE_ATOMICITY:
reliability: medium
OVERLAPPING_COPY:
reliability: medium
BAD_OVERRIDE:
reliability: medium
CTOR_DTOR_LEAK:
reliability: low
DELETE_ARRAY:
reliability: low
DELETE_VOID:
reliability: medium
MISMATCHED_ITERATOR:
reliability: medium
MISSING_MOVE_ASSIGNMENT:
reliability: low
STREAM_FORMAT_STATE:
reliability: medium
UNCAUGHT_EXCEPT:
reliability: medium
UNINIT_CTOR:
reliability: high
VIRTUAL_DTOR:
reliability: medium
WRAPPER_ESCAPE:
reliability: low
BAD_EQ:
reliability: medium
BAD_EQ_TYPES:
reliability: medium
LOCK_INVERSION:
reliability: medium
BAD_CHECK_OF_WAIT_COND:
reliability: medium
DC.DANGEROUS:
reliability: medium
DC.DEADLOCK:
reliability: medium
HIBERNATE_BAD_HASHCODE:
reliability: medium
ORM_LOAD_NULL_CHECK:
reliability: medium
ORM_UNNECESSARY_GET:
reliability: medium
REGEX_CONFUSION:
reliability: medium
SERVLET_ATOMICITY:
reliability: medium
SINGLETON_RACE:
reliability: medium
WRONG_METHOD:
reliability: medium
PATH_MANIPULATION:
reliability: medium
SQLI:
reliability: medium
HARDCODED_CREDENTIALS:
reliability: medium
SENSITIVE_DATA_LEAK:
reliability: medium
SCRIPT_CODE_INJECTION:
reliability: medium
REGEX_INJECTION:
reliability: medium
BAD_CERT_VERIFICATION:
reliability: medium
COM.BAD_FREE:
reliability: medium
COM.BSTR.CONV:
reliability: medium
EXPLICIT_THIS_EXPECTED:
reliability: medium
UNINTENDED_GLOBAL:
reliability: medium
OS_CMD_INJECTION:
reliability: medium
XSS:
reliability: medium
WEAK_PASSWORD_HASH:
reliability: medium
UNSAFE_DESERIALIZATION:
reliability: medium
OPEN_REDIRECT:
reliability: medium
CSRF:
reliability: medium
UNSAFE_REFLECTION:
reliability: medium
BLACKLIST_FOR_AUTHN:
reliability: medium
DYNAMIC_OBJECT_ATTRIBUTES:
reliability: medium
RAILS_DEFAULT_ROUTES:
reliability: medium
RAILS_DEVISE_CONFIG:
reliability: medium
RAILS_MISSING_FILTER_ACTION:
reliability: medium
REGEX_MISSING_ANCHOR:
reliability: medium
RUBY_VULNERABLE_LIBRARY:
reliability: medium
SESSION_MANIPULATION:
reliability: medium
UNSAFE_BASIC_AUTH:
reliability: medium
UNSAFE_SESSION_SETTING:
reliability: medium
XPATH_INJECTION:
reliability: medium
RISKY_CRYPTO:
reliability: medium
UNENCRYPTED_SENSITIVE_DATA:
reliability: medium
XML_EXTERNAL_ENTITY:
reliability: medium
CONFIG.ATS_INSECURE:
reliability: medium
CUSTOM_KEYBOARD_DATA_LEAK:
reliability: medium
INSECURE_COMMUNICATION:
reliability: medium
INSECURE_MULTIPEER_CONNECTION:
reliability: medium
WEAK_BIOMETRIC_AUTH:
reliability: medium
BUFFER_SIZE:
reliability: high
CHROOT:
reliability: medium
DC.PREDICTABLE_KEY_PASSWORD:
reliability: medium
publish: !!bool no
DC.STREAM_BUFFER:
reliability: medium
publish: !!bool no
DC.WEAK_CRYPTO:
reliability: low
publish: !!bool no
OPEN_ARGS:
reliability: medium
STRING_NULL:
reliability: medium
STRING_OVERFLOW:
reliability: low
STRING_SIZE:
reliability: medium
TAINTED_SCALAR:
reliability: low
TAINTED_STRING:
reliability: medium
TOCTOU:
reliability: low
SECURE_TEMP:
reliability: medium
UNSAFE_XML_PARSE_CONFIG:
reliability: medium
ATOMICITY:
reliability: medium
LOCK:
reliability: medium
MISSING_LOCK:
reliability: medium
ORDER_REVERSAL:
reliability: medium
SLEEP:
reliability: medium
ASSIGN_NOT_RETURNING_STAR_THIS:
reliability: medium
COPY_WITHOUT_ASSIGN:
reliability: medium
MISSING_COPY_OR_ASSIGN:
reliability: medium
SELF_ASSIGN:
reliability: medium
WEAK_GUARD:
reliability: medium
AUDIT.SPECULATIVE_EXECUTION_DATA_LEAK:
reliability: medium
DC.STRING_BUFFER:
reliability: medium
publish: !!bool no
ENUM_AS_BOOLEAN:
reliability: medium
INTEGER_OVERFLOW:
reliability: low
MISRA_CAST:
reliability: medium
MIXED_ENUMS:
reliability: low
STACK_USE:
reliability: medium
USER_POINTER:
reliability: medium
PARSE_ERROR:
reliability: low
FLOATING_POINT_EQUALITY:
reliability: medium
ORM_LOST_UPDATE:
reliability: medium
HFA:
reliability: medium
COM.ADDROF_LEAK:
reliability: medium
COM.BSTR.ALLOC:
reliability: medium
COM.BSTR.BAD_COMPARE:
reliability: medium
COM.BSTR.NE_NON_BSTR:
reliability: medium
VCALL_IN_CTOR_DTOR:
reliability: medium
INSECURE_DIRECT_OBJECT_REFERENCE:
reliability: medium
UNESCAPED_HTML:
reliability: medium
SECURE_CODING:
reliability: medium
publish: !!bool no
SIZECHECK:
reliability: medium
MISSING_AUTHZ:
reliability: medium
NOSQL_QUERY_INJECTION:
reliability: medium
HEADER_INJECTION:
reliability: medium
INSECURE_RANDOM:
reliability: medium
CONFIG.DYNAMIC_DATA_HTML_COMMENT:
reliability: medium
LDAP_INJECTION:
reliability: medium
UNLOGGED_SECURITY_EXCEPTION:
reliability: medium
UNRESTRICTED_DISPATCH:
reliability: medium
UNSAFE_NAMED_QUERY:
reliability: medium
TAINT_ASSERT:
reliability: medium
UNKNOWN_LANGUAGE_INJECTION:
reliability: medium
URL_MANIPULATION:
reliability: medium
TAINTED_ENVIRONMENT_WITH_EXECUTION:
reliability: medium
ASPNET_MVC_VERSION_HEADER:
reliability: medium
CONFIG.ASPNET_VERSION_HEADER:
reliability: medium
CONFIG.ASP_VIEWSTATE_MAC:
reliability: medium
CONFIG.CONNECTION_STRING_PASSWORD:
reliability: medium
CONFIG.COOKIES_MISSING_HTTPONLY:
reliability: medium
CONFIG.DEAD_AUTHORIZATION_RULE:
reliability: medium
CONFIG.ENABLED_DEBUG_MODE:
reliability: medium
CONFIG.ENABLED_TRACE_MODE:
reliability: medium
CONFIG.MISSING_CUSTOM_ERROR_PAGE:
reliability: medium
PREDICTABLE_RANDOM_SEED:
reliability: medium
ATTRIBUTE_NAME_CONFLICT:
reliability: medium
CONFIG.DUPLICATE_SERVLET_DEFINITION:
reliability: medium
CONFIG.DWR_DEBUG_MODE:
reliability: medium
CONFIG.HTTP_VERB_TAMPERING:
reliability: medium
CONFIG.JAVAEE_MISSING_HTTPONLY:
reliability: medium
CONFIG.MISSING_GLOBAL_EXCEPTION_HANDLER:
reliability: medium
CONFIG.MISSING_JSF2_SECURITY_CONSTRAINT:
reliability: medium
CONFIG.SPRING_SECURITY_DEBUG_MODE:
reliability: medium
CONFIG.SPRING_SECURITY_DISABLE_AUTH_TAGS:
reliability: medium
CONFIG.SPRING_SECURITY_HARDCODED_CREDENTIALS:
reliability: medium
CONFIG.SPRING_SECURITY_REMEMBER_ME_HARDCODED_KEY:
reliability: medium
CONFIG.SPRING_SECURITY_SESSION_FIXATION:
reliability: medium
CONFIG.STRUTS2_CONFIG_BROWSER_PLUGIN:
reliability: medium
CONFIG.STRUTS2_DYNAMIC_METHOD_INVOCATION:
reliability: medium
CONFIG.STRUTS2_ENABLED_DEV_MODE:
reliability: medium
CONFIG.UNSAFE_SESSION_TIMEOUT:
reliability: medium
EL_INJECTION:
reliability: medium
JAVA_CODE_INJECTION:
reliability: medium
JCR_INJECTION:
reliability: medium
JSP_DYNAMIC_INCLUDE:
reliability: medium
JSP_SQL_INJECTION:
reliability: medium
OGNL_INJECTION:
reliability: medium
SESSION_FIXATION:
reliability: medium
TRUST_BOUNDARY_VIOLATION:
reliability: medium
UNSAFE_JNI:
reliability: medium
CONFIG.HANA_XS_PREVENT_XSRF_DISABLED:
reliability: medium
CONFIG.SEQUELIZE_ENABLED_LOGGING:
reliability: medium
COOKIE_INJECTION:
reliability: medium
CSS_INJECTION:
reliability: medium
DOM_XSS:
reliability: medium
INSECURE_SALT:
reliability: medium
INSUFFICIENT_LOGGING:
reliability: medium
LOCALSTORAGE_MANIPULATION:
reliability: medium
MISSING_IFRAME_SANDBOX:
reliability: medium
SESSIONSTORAGE_MANIPULATION:
reliability: medium
TEMPLATE_INJECTION:
reliability: medium
UNCHECKED_ORIGIN:
reliability: medium
UNRESTRICTED_MESSAGE_TARGET:
reliability: medium
ANGULAR_EXPRESSION_INJECTION:
reliability: medium
CONFIG.SYMFONY_CSRF_PROTECTION_DISABLED:
reliability: medium
SYMFONY_EL_INJECTION:
reliability: medium
LOG_INJECTION:
reliability: medium
SQL_NOT_CONSTANT:
reliability: medium
XML_INJECTION:
reliability: medium
INSECURE_COOKIE:
reliability: medium
ANGULAR_BYPASS_SECURITY:
reliability: medium
ANGULAR_ELEMENT_REFERENCE:
reliability: medium
LOCALSTORAGE_WRITE:
reliability: medium
ANDROID_CAPABILITY_LEAK:
reliability: medium
ANDROID_DEBUG_MODE:
reliability: medium
EXPOSED_PREFERENCES:
reliability: medium
IMPLICIT_INTENT:
reliability: medium
MISSING_PERMISSION_FOR_BROADCAST:
reliability: medium
MISSING_PERMISSION_ON_EXPORTED_COMPONENT:
reliability: medium
MOBILE_ID_MISUSE:
reliability: medium
UNRESTRICTED_ACCESS_TO_FILE:
reliability: medium
|
