DISA STIG IDs mapped to Klocwork C and C++ checkers
From current
(Redirected from STIG IDs mapped to Klocwork C and C++ checkers)
Reference > Coding standards > DISA STIG IDs mapped to Klocwork C and C++ checkers
This article maps DISA Security Technical Implementation Guide IDs to Klocwork C/C++ checkers. For details on DISA STIG, consult the DISA STIG web site.
See also:
| DISA STIG ID | C/C++ Checker Code and Description |
| APP2060.4 | MISRA.EXPANSION.UNSAFE Unsafe macro usage MISRA.INCL.UNSAFE Unsafe header inclusion |
| APP3050 | LA_UNUSED Label unused UNREACH.GEN Unreachable code UNREACH.RETURN Unreachable return VA_UNUSED.GEN Value is never used after assignment VA_UNUSED.INIT Value is never used after initialization |
| APP3080 | SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing |
| APP3100 | SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile |
| APP3120 | CWARN.PASSBYVALUE.EXC Exception object passed by value is too large MISRA.CATCH.BY_VALUE Exception object of class type is caught by value MISRA.DECL.EXCPT.SPEC Function is declared with different exception specifications MISRA.THROW.EMPTY Empty throw expression does not belong to a catch block MISRA.THROW.NULL NULL is thrown explicitly MISRA.THROW.PTR Exception object is a pointer SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure Resource Handling SV.PAIRS.NO_CHECK_GLE Ignored Return Values from GetLastError() SV.RVT.RETVAL_NOTTESTED Ignored return value |
| APP3150.1 | SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| APP3330 | SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| APP3340 | SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function |
| APP3450.1 | SV.LPP.CONST,SV.PIPE.CONST Use of Insecure Macro for Dangerous Functions SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey'Parameter for Registry Manipulation Function SV.PIPE.VAR Use of Insecure Parameter for Dangerous Functions - possible SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of function that manipulates Access Control Lists |
| APP3480.1 | SV.LPP.CONST,SV.PIPE.CONST Use of Insecure Macro for Dangerous Functions SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey'Parameter for Registry Manipulation Function SV.PIPE.VAR Use of Insecure Parameter for Dangerous Functions - possible SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of function that manipulates Access Control Lists |
| APP3480.2 | SV.LPP.CONST,SV.PIPE.CONST Use of Insecure Macro for Dangerous Functions SV.PIPE.VAR Use of Insecure Parameter for Dangerous Functions - possible SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey'Parameter for Registry Manipulation Function SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of function that manipulates Access Control Lists |
| APP3500 | SV.LPP.CONST,SV.PIPE.CONST Use of Insecure Macro for Dangerous Functions SV.PIPE.VAR Use of Insecure Parameter for Dangerous Functions - possible SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey'Parameter for Registry Manipulation Function SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions SV.USAGERULES.PERMISSIONS Use of function that manipulates Access Control Lists |
| APP3510 | ABV.TAINTED Buffer Overflow from Unvalidated Input NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String<br SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index |
| APP3530 | SV.TAINTED.INJECTION Command Injection |
| APP3540.1 | SV.TAINTED.INJECTION Command Injection |
| APP3550 | PRECISION.LOSS Loss of precision PRECISION.LOSS.CALL Loss of Precision during function call |
| APP3560 | SV.FMTSTR.GENERIC Format String Vulnerability SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String SV.TAINTED.INJECTION Command injection |
| APP3570 | NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution SV.EMAIL Unchecked e-mail SV.EXEC Process injection SV.EXEC.DIR Process Injection. Working directory SV.EXEC.ENV Process Injection. Environment Variables SV.FMTSTR.GENERIC Format String Vulnerability SV.TAINTED.INJECTION Command injection |
| APP3590.1 | ABR Buffer Overflow - Array Index Out of Bounds ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds ABV.STACK Buffer Overflow - Local Array Index Out of Bounds ABV.TAINTED Buffer Overflow from Unvalidated Input ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function ABV.UNICODE.FAILED_MAP Buffer overflow: Mapping function failed ABV.UNICODE.NNTS_MAP Buffer overflow in Non-Null Terminated String NNTS.MIGHT Buffer Overflow - Non-null Terminated String NNTS.MUST Buffer Overflow - Non-null Terminated String NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String SV.STRBO.BOUND_COPY Buffer Overflow in Bound String Copy SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINTED.INJECTION Command Injection |
| APP3590.2 | SV.FMTSTR.GENERIC Format String Vulnerability SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf SV.TAINT_NATIVE Tainted data goes to native code SV.TAINTED.INJECTION Command injection SV.USAGERULES.PERMISSIONS Use of function that manipulates Access Control Lists |
| APP3590.3 | ABR Buffer Overflow - Array Index Out of Bounds MISRA.SIGNED_CHAR.NOT_NUMERIC 'signed char' or 'unsigned char' is used for non-numeric value |
| APP3600 | SV.DLLPRELOAD.NONABSOLUTE.DLL Loading File without Use of Absolute Path |
| APP3630.1 | SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access |
| APP3630.2 | MISRA.DEFINE.NOTGLOBAL Define not at the global level MISRA.ONEDEFRULE.VAR Global variable definition in a header file |
| APP3630.4 | CONC.DL Detects deadlock situations SV.LPP.CONST,SV.PIPE.CONST Use of Insecure Macro for Dangerous Functions SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions |
| APP3760 | SV.FMTSTR.GENERIC Format String Vulnerability |
| APP3780 | SV.FMTSTR.GENERIC Format String Vulnerability |
| APP3800 | CONC.DL Detects deadlock situations |
