CWE Coding Standard
Introduction
Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weakness types that have security ramifications. “Weaknesses” are flaws, faults, bugs, vulnerabilities, or other errors in software or hardware implementation, code, design, or architecture that if left unaddressed could result in systems, networks, or hardware being vulnerable to attack.
-
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'):
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && (issue.Type=="bufferAccessOutOfBounds" || issue.Type=="possibleBufferAccessOutOfBounds"
|| issue.Type=="insecureCmdLineArgs"|| issue.Type=="invalidscanf") select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Divide By Zero:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="zerodiv" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Unchecked Error Condition:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="zerodiv" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Declaration of Catch for Generic Exception:
This coding standard is computed with the following query:
warnif count > 0
from m in Methods where !m.IsEntryPoint
&& m.IsUsing("Keywords.generic_catch".AllowNoMatch()) select m -
Improper Release of Memory Before Removing Last Reference ('Memory Leak'):
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && (issue.Type=="memleak" || issue.Type=="memleakOnRealloc"
|| issue.Type=="publicAllocationError"|| issue.Type=="leakNoVarFunctionCall") select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Double Free:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="deallocDealloc" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Use of Uninitialized Variable:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="uninitvar"
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 10.ToMinutes().ToDebt(),
Severity =Severity.High
} -
Incomplete Cleanup:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="resourceLeak" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
NULL Pointer Dereferenced:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="nullPointer" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Use of Obsolete Functions:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CLang" && issue.Type=="warn_deprecated" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Comparing instead of Assigning:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="CLang" && issue.Type=="warn_unused_comparison" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Omitted Break Statement in Switch:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_unannotated_fallthrough" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Dead Code:
This coding standard is computed with the following query:
warnif count > 0
from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_unreachable" select
new { issue,issue.FilePath,Line=issue.BeginLine} -
Assignment to Variable without Use ('Unused Variable'):
This coding standard is computed with the following query:
warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="unreadVariable"
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 2.ToMinutes().ToDebt(),
Severity =Severity.Low
} -
Expression is Always False:
This coding standard is computed with the following query:
warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="knownConditionTrueFalse" && issue.Description.Contains("always false")
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 2.ToMinutes().ToDebt(),
Severity =Severity.Low
} -
Expression is Always True:
This coding standard is computed with the following query:
warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="knownConditionTrueFalse" && issue.Description.Contains("always true")
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 2.ToMinutes().ToDebt(),
Severity =Severity.Low
} -
Function Call with Incorrectly Specified Arguments:
This coding standard is computed with the following query:
warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="preprocessorErrorDirective" && issue.Description.Contains("Wrong number")
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 2.ToMinutes().ToDebt(),
Severity =Severity.Low
} -
Use of Potentially Dangerous Function:
This coding standard is computed with the following query:
warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="dangerousUsageStrtol"
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 2.ToMinutes().ToDebt(),
Severity =Severity.Low
} -
Operator Precedence Logic Error:
This coding standard is computed with the following query:
warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && (issue.Type=="clarifyCalculation" || issue.Type=="clarifyCondition")
select new { issue, issue.FilePath, Line = issue.BeginLine ,
Debt = 2.ToMinutes().ToDebt(),
Severity =Severity.Low
}