*this not returned in copy assignment operator
|
RETURN_NOT_REF_TO_THIS
|
Abnormal termination of exit handler
|
EXIT_ABNORMAL_HANDLER
|
Absorption of float operand
|
FLOAT_ABSORPTION
|
Accessing object with temporary lifetime
|
TEMP_OBJECT_ACCESS
|
Alignment changed after memory reallocation
|
ALIGNMENT_CHANGE
|
Alternating input and output from a stream without flush or positioning call
|
IO_INTERLEAVING
|
Ambiguous declaration syntax
|
MOST_VEXING_PARSE
|
A move operation may throw
|
MOVE_OPERATION_MAY_THROW
|
Arithmetic operation with NULL pointer
|
NULL_PTR_ARITH
|
Array access out of bounds
|
OUT_BOUND_ARRAY
|
Array access with tainted index
|
TAINTED_ARRAY_INDEX
|
Assertion
|
ASSERT
|
Asynchronously cancellable thread
|
ASYNCHRONOUSLY_CANCELLABLE_THREAD
|
Atomic load and store sequence not atomic
|
ATOMIC_VAR_SEQUENCE_NOT_ATOMIC
|
Atomic variable accessed twice in an expression
|
ATOMIC_VAR_ACCESS_TWICE
|
Automatic or thread local variable escaping from a thread
|
LOCAL_ADDR_ESCAPE_THREAD
|
Bad file access mode or status
|
BAD_FILE_ACCESS_MODE_STATUS
|
Bad order of dropping privileges
|
BAD_PRIVILEGE_DROP_ORDER
|
Base class assignment operator not called
|
MISSING_BASE_ASSIGN_OP_CALL
|
Base class destructor not virtual
|
DTOR_NOT_VIRTUAL
|
Bitwise and arithmetic operation on the same data
|
BITWISE_ARITH_MIX
|
Bitwise operation on negative value
|
BITWISE_NEG
|
Blocking operation while holding lock
|
BLOCKING_WHILE_LOCKED
|
Buffer overflow from incorrect string format specifier
|
STR_FORMAT_BUFFER_OVERFLOW
|
Bytewise operations on nontrivial class object
|
MEMOP_ON_NONTRIVIAL_OBJ
|
C++ reference to const-qualified type with subsequent modification
|
WRITE_REFERENCE_TO_CONST_TYPE
|
C++ reference type qualified with const or volatile
|
CV_QUALIFIED_REFERENCE_TYPE
|
Call through non-prototyped function pointer
|
UNPROTOTYPED_FUNC_CALL
|
Call to memset with unintended value
|
MEMSET_INVALID_VALUE
|
Character value absorbed into EOF
|
CHAR_EOF_CONFUSED
|
Closing a previously closed resource
|
DOUBLE_RESOURCE_CLOSE
|
Code deactivated by constant false condition
|
DEACTIVATED_CODE
|
Command executed from externally controlled path
|
TAINTED_PATH_CMD
|
Constant block cipher initialization vector
|
CRYPTO_CIPHER_CONSTANT_IV
|
Constant cipher key
|
CRYPTO_CIPHER_CONSTANT_KEY
|
Const parameter values may cause unnecessary data copies
|
CONST_PARAMETER_VALUE
|
Const return values may cause unnecessary data copies
|
CONST_RETURN_VALUE
|
Const rvalue reference parameter may cause unnecessary data copies
|
CONST_RVALUE_REFERENCE_PARAMETER
|
Const std::move input may cause a more expensive object copy
|
EXPENSIVE_STD_MOVE_CONST_OBJECT
|
Context initialized incorrectly for cryptographic operation
|
CRYPTO_PKEY_INCORRECT_INIT
|
Context initialized incorrectly for digest operation
|
CRYPTO_MD_BAD_FUNCTION
|
Conversion or deletion of incomplete class pointer
|
INCOMPLETE_CLASS_PTR
|
Copy constructor not called in initialization list
|
MISSING_COPY_CTOR_CALL
|
Copy of overlapping memory
|
OVERLAPPING_COPY
|
Copy operation modifying source operand
|
COPY_MODIFYING_SOURCE
|
Critical data member is not private
|
CRITICAL_DATA_MEMBER_DECLARED_PUBLIC
|
C string from string::c_str() compared to pointer
|
STD_STRING_C_STR_COMPARED_TO_POINTER
|
Data race
|
DATA_RACE
|
Data race on adjacent bit fields
|
DATA_RACE_BIT_FIELDS
|
Data race through standard library function call
|
DATA_RACE_STD_LIB
|
Dead code
|
DEAD_CODE
|
Deadlock
|
DEADLOCK
|
Deallocation of previously deallocated pointer
|
DOUBLE_DEALLOCATION
|
Declaration mismatch
|
DECL_MISMATCH
|
Declaration of catch for generic exception
|
CATCH_FOR_GENERIC_EXCEPTION
|
Declaration of throw for generic exception
|
THROW_FOR_GENERIC_EXCEPTION
|
Delete of void pointer
|
DELETE_OF_VOID_PTR
|
Destination buffer overflow in string manipulation
|
STRLIB_BUFFER_OVERFLOW
|
Destination buffer underflow in string manipulation
|
STRLIB_BUFFER_UNDERFLOW
|
Destruction of locked mutex
|
DESTROY_LOCKED
|
Deterministic random output from constant seed
|
RAND_SEED_CONSTANT
|
Double lock
|
DOUBLE_LOCK
|
Double unlock
|
DOUBLE_UNLOCK
|
Duplicated code
|
DUPLICATED_CODE
|
Empty destructors may cause unnecessary data copies
|
EMPTY_DESTRUCTOR_DEFINED
|
Environment pointer invalidated by previous operation
|
INVALID_ENV_POINTER
|
Errno not checked
|
ERRNO_NOT_CHECKED
|
Errno not reset
|
MISSING_ERRNO_RESET
|
Exception caught by value
|
EXCP_CAUGHT_BY_VALUE
|
Exception handler hidden by previous handler
|
EXCP_HANDLER_HIDDEN
|
Execution of a binary from a relative path can be controlled by an external actor
|
RELATIVE_PATH_CMD
|
Execution of externally controlled command
|
TAINTED_EXTERNAL_CMD
|
Expensive member initialization
|
EXPENSIVE_MEMBER_INITIALIZATION
|
Expensive std::function type definition
|
EXPENSIVE_STD_FUNCTION
|
Expensive unused object
|
EXPENSIVE_UNUSED_OBJECT
|
Expensive use of map instead of set
|
EXPENSIVE_USE_OF_MAP_INSTEAD_OF_SET
|
Expensive use of std::any_cast
|
EXPENSIVE_ANY_CAST
|
Expensive allocation in loop
|
EXPENSIVE_ALLOC_IN_LOOP
|
Expensive constant std::string construction
|
EXPENSIVE_CONSTANT_STD_STRING
|
Expensive copy in a range-based for loop iteration
|
EXPENSIVE_RANGE_BASED_FOR_LOOP_ITERATION
|
Expensive dynamic cast
|
EXPENSIVE_DYNAMIC_CAST
|
Expensive local variable copy
|
EXPENSIVE_LOCAL_VARIABLE
|
Expensive logical operation
|
EXPENSIVE_LOGICAL_OPERATION
|
Expensive pass by value
|
EXPENSIVE_PASS_BY_VALUE
|
Expensive post-increment operation
|
EXPENSIVE_POST_INCREMENT
|
Expensive return by value
|
EXPENSIVE_RETURN_BY_VALUE
|
Expensive return caused by unnecessary std::move
|
EXPENSIVE_RETURN_STD_MOVE
|
Expensive return of a const object
|
EXPENSIVE_RETURN_CONST_OBJECT
|
Expensive use of a standard algorithm when a more efficient method exists
|
EXPENSIVE_USE_OF_STD_ALGORITHM
|
Expensive use of container's count method
|
EXPENSIVE_CONTAINER_COUNT
|
Expensive use of container's insertion method
|
EXPENSIVE_CONTAINER_INSERTION
|
Expensive use of container's size method
|
EXPENSIVE_CONTAINER_EMPTINESS_CHECK
|
Expensive use of map's bracket operator to insert or assign a value
|
EXPENSIVE_MAP_INSERT_OR_ASSIGN
|
Expensive use of non-member std::string operator+() instead of a simple append
|
EXPENSIVE_STD_STRING_APPEND
|
Expensive use of std::string methods instead of more efficient overload
|
EXPENSIVE_USE_OF_STD_STRING_METHODS
|
Expensive use of std::string with empty string literal
|
UNNECESSARY_EMPTY_STRING_LITERAL
|
Expensive use of string functions from the C standard library
|
EXPENSIVE_USE_OF_C_STRING_API
|
Expensive use of substr() to shorten a std::string
|
EXPENSIVE_STD_STRING_RESIZE
|
File access between time of check and use (TOCTOU)
|
TOCTOU
|
File descriptor exposure to child process
|
FILE_EXPOSURE_TO_CHILD
|
File does not compile
|
file_does_not_compile
|
File manipulation after chroot() without chdir("/")
|
CHROOT_MISUSE
|
Float conversion overflow
|
FLOAT_CONV_OVFL
|
Float division by zero
|
FLOAT_ZERO_DIV
|
Floating point comparison with equality operators
|
BAD_FLOAT_OP
|
Float overflow
|
FLOAT_OVFL
|
Format string specifiers and arguments mismatch
|
STRING_FORMAT
|
Function called from signal handler not asynchronous-safe
|
SIG_HANDLER_ASYNC_UNSAFE
|
Function called from signal handler not asynchronous-safe (strict)
|
SIG_HANDLER_ASYNC_UNSAFE_STRICT
|
Function pointer assigned with absolute address
|
FUNC_PTR_ABSOLUTE_ADDR
|
Function that can spuriously fail not wrapped in loop
|
SPURIOUS_FAILURE_NOT_WRAPPED_IN_LOOP
|
Function that can spuriously wake up not wrapped in loop
|
SPURIOUS_WAKEUP_NOT_WRAPPED_IN_LOOP
|
Hard-coded buffer size
|
HARD_CODED_BUFFER_SIZE
|
Hard-coded loop boundary
|
HARD_CODED_LOOP_BOUNDARY
|
Hard-coded object size used to manipulate memory
|
HARD_CODED_MEM_SIZE
|
Hard-coded sensitive data
|
HARD_CODED_SENSITIVE_DATA
|
Host change using externally controlled elements
|
TAINTED_HOSTID
|
Improper array initialization
|
IMPROPER_ARRAY_INIT
|
Improper erase-remove idiom
|
STD_REMOVE_WITHOUT_ERASE
|
Inappropriate I/O operation on device files
|
INAPPROPRIATE_IO_ON_DEVICE
|
Incompatible padding for RSA algorithm operation
|
CRYPTO_RSA_BAD_PADDING
|
Incompatible types prevent overriding
|
VIRTUAL_FUNC_HIDING
|
Inconsistent cipher operations
|
CRYPTO_CIPHER_BAD_FUNCTION
|
Incorrect data type passed to va_arg
|
VA_ARG_INCORRECT_TYPE
|
Incorrect key for cryptographic algorithm
|
CRYPTO_PKEY_INCORRECT_KEY
|
Incorrectly indented statement
|
INCORRECT_INDENTATION
|
Incorrect order of network connection operations
|
BAD_NETWORK_CONNECT_ORDER
|
Incorrect test registration or definition
|
PSTUNIT_MISUSE_REGISTRATION
|
Incorrect use of mocking API
|
PSTUNIT_MISUSE_MOCKING
|
Incorrect use of test fixtures
|
PSTUNIT_MISUSE_FIXTURES
|
Incorrect use of test setup/teardown API
|
PSTUNIT_MISUSE_SETUP_TEARDOWN
|
Incorrect pointer scaling
|
BAD_PTR_SCALING
|
Incorrect syntax of flexible array member size
|
FLEXIBLE_ARRAY_MEMBER_INCORRECT_SIZE
|
Incorrect type data passed to va_start
|
VA_START_INCORRECT_TYPE
|
Incorrect use of offsetof in C++
|
OFFSETOF_MISUSE
|
Incorrect use of va_start
|
VA_START_MISUSE
|
Incorrect value forwarding
|
INCORRECT_VALUE_FORWARDING
|
Inefficient string length computation
|
INEFFICIENT_BASIC_STRING_LENGTH
|
Inefficient use of for loop
|
PREFER_RANGE_BASED_FOR_LOOPS
|
Inefficient use of sprintf
|
inefficient_sprintf
|
Infinite loop
|
INFINITE_LOOP
|
Information leak via structure padding
|
PADDING_INFO_LEAK
|
Inline constraint not respected
|
INLINE_CONSTRAINT_NOT_RESPECTED
|
Integer constant overflow
|
INT_CONSTANT_OVFL
|
Integer conversion overflow
|
INT_CONV_OVFL
|
Integer division by zero
|
INT_ZERO_DIV
|
Integer overflow
|
INT_OVFL
|
Integer precision exceeded
|
INT_PRECISION_EXCEEDED
|
Invalid assumptions about memory organization
|
INVALID_MEMORY_ASSUMPTION
|
Invalid deletion of pointer
|
BAD_DELETE
|
Invalid file position
|
INVALID_FILE_POS
|
Invalid free of pointer
|
BAD_FREE
|
Invalid iterator usage
|
INVALID_ITERATOR_USAGE
|
Invalid scientific notation format
|
INVALID_NOTATION_ON_E_CONSTANT
|
Invalid use of == operator
|
BAD_EQUAL_EQUAL_USE
|
Invalid use of = operator
|
BAD_EQUAL_USE
|
Invalid use of standard library floating point routine
|
FLOAT_STD_LIB
|
Invalid use of standard library integer routine
|
INT_STD_LIB
|
Invalid use of standard library memory routine
|
MEM_STD_LIB
|
Invalid use of standard library routine
|
OTHER_STD_LIB
|
Invalid use of standard library string routine
|
STR_STD_LIB
|
Invalid va_list argument
|
INVALID_VA_LIST_ARG
|
Join or detach of a joined or detached thread
|
DOUBLE_JOIN_OR_DETACH
|
Lambda used as typeid operand
|
LAMBDA_TYPE_MISUSE
|
LDAP injection
|
LDAP_INJECTION
|
Library loaded from externally controlled path
|
TAINTED_PATH_LIB
|
Line with more than one statement
|
MORE_THAN_ONE_STATEMENT
|
Load of library from a relative path can be controlled by an external actor
|
RELATIVE_PATH_LIB
|
Loop bounded with tainted value
|
TAINTED_LOOP_BOUNDARY
|
Macro terminated with a semicolon
|
SEMICOLON_TERMINATED_MACRO
|
Macro with multiple statements
|
MULTI_STMT_MACRO
|
Member not initialized in constructor
|
NON_INIT_MEMBER
|
Memory allocation with tainted size
|
TAINTED_MEMORY_ALLOC_SIZE
|
Memory comparison of float-point values
|
MEMCMP_FLOAT
|
Memory comparison of padding data
|
MEMCMP_PADDING_DATA
|
Memory comparison of strings
|
MEMCMP_STRINGS
|
Memory leak
|
MEM_LEAK
|
Method not const
|
METHOD_NOT_CONST
|
Mismatch between data length and size
|
DATA_LENGTH_MISMATCH
|
Mismatched alloc/dealloc functions on Windows
|
WIN_MISMATCH_DEALLOC
|
Missing blinding for RSA algorithm
|
CRYPTO_RSA_NO_BLINDING
|
Missing block cipher initialization vector
|
CRYPTO_CIPHER_NO_IV
|
Missing break of switch case
|
MISSING_SWITCH_BREAK
|
Missing byte reordering when transferring data
|
MISSING_BYTESWAP
|
Missing call to container's reserve method
|
MISSING_CONTAINER_RESERVE
|
Missing case for switch condition
|
MISSING_SWITCH_CASE
|
Missing certification authority list
|
CRYPTO_SSL_NO_CA
|
Missing cipher algorithm
|
CRYPTO_CIPHER_NO_ALGORITHM
|
Missing cipher data to process
|
CRYPTO_CIPHER_NO_DATA
|
Missing cipher final step
|
CRYPTO_CIPHER_NO_FINAL
|
Missing cipher key
|
CRYPTO_CIPHER_NO_KEY
|
Missing constexpr specifier
|
MISSING_CONSTEXPR
|
Missing data for encryption, decryption or signing operation
|
CRYPTO_PKEY_NO_DATA
|
Missing explicit keyword
|
MISSING_EXPLICIT_KEYWORD
|
Missing final step after hashing update operation
|
CRYPTO_MD_NO_FINAL
|
Missing hash algorithm
|
CRYPTO_MD_NO_ALGORITHM
|
Missing lock
|
BAD_UNLOCK
|
Missing null in string array
|
MISSING_NULL_CHAR
|
Missing or double initialization of thread attribute
|
BAD_THREAD_ATTRIBUTE
|
Missing overload of allocation or deallocation function
|
MISSING_OVERLOAD_NEW_DELETE_PAIR
|
Missing padding for RSA algorithm
|
CRYPTO_RSA_NO_PADDING
|
Missing parameters for key generation
|
CRYPTO_PKEY_NO_PARAMS
|
Missing peer key
|
CRYPTO_PKEY_NO_PEER
|
Missing private key
|
CRYPTO_PKEY_NO_PRIVATE_KEY
|
Missing private key for X.509 certificate
|
CRYPTO_SSL_NO_PRIVATE_KEY
|
Missing public key
|
CRYPTO_PKEY_NO_PUBLIC_KEY
|
Missing reset of a freed pointer
|
MISSING_FREED_PTR_RESET
|
Missing return statement
|
MISSING_RETURN
|
Missing salt for hashing operation
|
CRYPTO_MD_NO_SALT
|
Missing unlock
|
BAD_LOCK
|
Missing virtual inheritance
|
MISSING_VIRTUAL_INHERITANCE
|
Missing X.509 certificate
|
CRYPTO_SSL_NO_CERTIFICATE
|
Misuse of a FILE object
|
FILE_OBJECT_MISUSE
|
Misuse of errno
|
ERRNO_MISUSE
|
Misuse of errno in a signal handler
|
SIG_HANDLER_ERRNO_MISUSE
|
Misuse of narrow or wide character string
|
NARROW_WIDE_STR_MISUSE
|
Misuse of readlink()
|
READLINK_MISUSE
|
Misuse of return value from nonreentrant standard function
|
NON_REENTRANT_STD_RETURN
|
Misuse of sign-extended character value
|
CHARACTER_MISUSE
|
Misuse of structure with flexible array member
|
FLEXIBLE_ARRAY_MEMBER_STRUCT_MISUSE
|
Modification of internal buffer returned from nonreentrant standard function
|
WRITE_INTERNAL_BUFFER_RETURNED_FROM_STD_FUNC
|
Move operation on const object
|
MOVE_CONST_OBJECT
|
Move operation uses copy
|
MOVE_OPERATION_USES_COPY
|
Multiple mutexes used with same condition variable
|
MULTI_MUTEX_WITH_ONE_COND_VAR
|
Multiple threads waiting on same condition variable
|
SIGNALED_COND_VAR_NOT_UNIQUE
|
No data added into context
|
CRYPTO_MD_NO_DATA
|
Noexcept function exits with exception
|
NOEXCEPT_FUNCTION_THROWS
|
Non-compliance with AUTOSAR specification
|
autosar_lib_non_compliance
|
Non-initialized pointer
|
NON_INIT_PTR
|
Non-initialized variable
|
NON_INIT_VAR
|
Nonsecure hash algorithm
|
CRYPTO_MD_WEAK_HASH
|
Nonsecure parameters for key generation
|
CRYPTO_PKEY_WEAK_PARAMS
|
Nonsecure RSA public exponent
|
CRYPTO_RSA_LOW_EXPONENT
|
Nonsecure SSL/TLS protocol
|
CRYPTO_SSL_WEAK_PROTOCOL
|
Null pointer
|
NULL_PTR
|
Object slicing
|
OBJECT_SLICING
|
Opening previously opened resource
|
DOUBLE_RESOURCE_OPEN
|
Operator new not overloaded for possibly overaligned class
|
MISSING_OVERLOAD_NEW_FOR_ALIGNED_OBJ
|
Overlapping assignment
|
OVERLAPPING_ASSIGN
|
Partially accessed array
|
PARTIALLY_ACCESSED_ARRAY
|
Partial override of overloaded virtual functions
|
PARTIAL_OVERRIDE
|
Partially duplicated code
|
ALMOST_DUPLICATED_CODE
|
Plain text password stored in file system
|
PLAIN_TEXT_PASSWORD_IN_FILESYSTEM
|
Pointer access out of bounds
|
OUT_BOUND_PTR
|
Pointer dereference with tainted offset
|
TAINTED_PTR_OFFSET
|
Pointer or reference to destroyed temporary object
|
POINTER_TO_TEMPORARY_OBJECT
|
Pointer or reference to stack variable leaving scope
|
LOCAL_ADDR_ESCAPE
|
Pointer to non-initialized value converted to const pointer
|
NON_INIT_PTR_CONV
|
Possible copy-paste error
|
COPY_PASTE_ERROR
|
Possible invalid operation on boolean operand
|
INVALID_OPERATION_ON_BOOLEAN
|
Possible misuse of sizeof
|
SIZEOF_MISUSE
|
Possibly inappropriate data type for switch expression
|
INAPPROPRIATE_TYPE_IN_SWITCH
|
Possibly unintended evaluation of expression because of operator precedence rules
|
OPERATOR_PRECEDENCE
|
Precision loss in integer to float conversion
|
INT_TO_FLOAT_PRECISION_LOSS
|
Predefined macro used as an object
|
MACRO_USED_AS_OBJECT
|
Predictable block cipher initialization vector
|
CRYPTO_CIPHER_PREDICTABLE_IV
|
Predictable cipher key
|
CRYPTO_CIPHER_PREDICTABLE_KEY
|
Predictable random output from predictable seed
|
RAND_SEED_PREDICTABLE
|
Preprocessor directive in macro argument
|
PRE_DIRECTIVE_MACRO_ARG
|
Privilege drop not verified
|
MISSING_PRIVILEGE_DROP_CHECK
|
Public static field is not const
|
PUBLIC_STATIC_FIELD_NOT_CONST
|
Qualifier removed in conversion
|
QUALIFIER_MISMATCH
|
Redundant expression in sizeof operand
|
SIZEOF_USELESS_OP
|
Reference to un-named temporary
|
LOCAL_REF_TO_UNNAMED_TEMPORARY
|
Resource injection
|
RESOURCE_INJECTION
|
Resource leak
|
RESOURCE_LEAK
|
Returned value of a sensitive function not checked
|
RETURN_NOT_CHECKED
|
Return from computational exception signal handler
|
SIG_HANDLER_COMP_EXCP_RETURN
|
Return of non const handle to encapsulated data member
|
BREAKING_DATA_ENCAPSULATION
|
Right operand of shift operation outside allowed bounds
|
SHIFT_OVFL
|
Self assignment not tested in operator
|
MISSING_SELF_ASSIGN_TEST
|
Semicolon on same line as if, for or while statement
|
SEMICOLON_CTRL_STMT_SAME_LINE
|
Sensitive data printed out
|
SENSITIVE_DATA_PRINT
|
Sensitive heap memory not cleared before release
|
SENSITIVE_HEAP_NOT_CLEARED
|
Server certificate common name not checked
|
CRYPTO_SSL_HOSTNAME_NOT_CHECKED
|
Shared data access within signal handler
|
SIG_HANDLER_SHARED_OBJECT
|
Shift of a negative value
|
SHIFT_NEG
|
Side effect in arguments to unsafe macro
|
SIDE_EFFECT_IN_UNSAFE_MACRO_ARG
|
Side effect of expression ignored
|
SIDE_EFFECT_IGNORED
|
Signal call from within signal handler
|
SIG_HANDLER_CALLING_SIGNAL
|
Signal call in multithreaded program
|
SIGNAL_USE_IN_MULTITHREADED_PROGRAM
|
Sign change integer conversion overflow
|
SIGN_CHANGE
|
SQL injection
|
SQL_INJECTION
|
Standard function call with incorrect arguments
|
STD_FUNC_ARG_MISMATCH
|
Static uncalled function
|
UNCALLED_FUNC
|
std::endl may cause an unnecessary flush
|
STD_ENDL_USE
|
std::move called on an unmovable type
|
STD_MOVE_UNMOVABLE_TYPE
|
std::string_view initialized with dangling pointer
|
DANGLING_STRING_VIEW
|
Stream argument with possibly unintended side effects
|
STREAM_WITH_SIDE_EFFECT
|
Subtraction or comparison between pointers to different arrays
|
PTR_TO_DIFF_ARRAY
|
Tainted division operand
|
TAINTED_INT_DIVISION
|
Tainted modulo operand
|
TAINTED_INT_MOD
|
Tainted NULL or non-null-terminated string
|
TAINTED_STRING
|
Tainted sign change conversion
|
TAINTED_SIGN_CHANGE
|
Tainted size of variable length array
|
TAINTED_VLA_SIZE
|
Tainted source used with sensitive function
|
TAINTED_SOURCE_USE_CUSTOM
|
Tainted string format
|
TAINTED_STRING_FORMAT
|
Thread-specific memory leak
|
THREAD_MEM_LEAK
|
Throw argument expression calls new
|
THROW_EXPRESSION_CALLS_NEW
|
Throw argument raises unexpected exception
|
THROW_ARGUMENT_EXPRESSION_THROWS
|
TLS/SSL connection method not set
|
CRYPTO_SSL_NO_ROLE
|
TLS/SSL connection method set incorrectly
|
CRYPTO_SSL_BAD_ROLE
|
Too many va_arg calls for current argument list
|
TOO_MANY_VA_ARG_CALLS
|
Typedef mismatch
|
TYPEDEF_MISMATCH
|
Umask used with chmod-style arguments
|
BAD_UMASK
|
Uncaught exception
|
UNCAUGHT_EXCEPTION
|
Uncaught exception
|
UNCAUGHT_EXCEPTION
|
Uncertain memory cleaning
|
UNCERTAIN_MEMORY_CLEANING
|
Uncleared sensitive data in stack
|
SENSITIVE_STACK_NOT_CLEARED
|
Universal character name from token concatenation
|
PRE_UCNAME_JOIN_TOKENS
|
Unmodified variable not const-qualified
|
UNMODIFIED_VAR_NOT_CONST
|
Unnamed namespace in header file
|
UNNAMED_NAMESPACE_IN_HEADER
|
Unnecessary construction before reassignment
|
UNNECESSARY_CONSTRUCTION_BEFORE_ASSIGNMENT
|
Unnecessary implementation of a special member function
|
UNNECESSARY_IMPL_OF_SPECIAL_MEMBER_FUNCTION
|
Unnecessary reference to parameter
|
EXPENSIVE_PASS_BY_REFERENCE
|
Unnecessary padding
|
UNNECESSARY_STRUCT_PADDING
|
Unnecessary use of std::string::c_str() or equivalent string methods
|
EXPENSIVE_C_STR_STD_STRING_CONSTRUCTION
|
Unprotected dynamic memory allocation
|
UNPROTECTED_MEMORY_ALLOCATION
|
Unreachable code
|
UNREACHABLE
|
Unreliable cast of function pointer
|
FUNC_CAST
|
Unreliable cast of pointer
|
PTR_CAST
|
Unsafe call to a system function
|
UNSAFE_SYSTEM_CALL
|
Unsafe conversion between pointer and integer
|
BAD_INT_PTR_CAST
|
Unsafe conversion from string to numerical value
|
UNSAFE_STR_TO_NUMERIC
|
Unsafe standard encryption function
|
UNSAFE_STD_CRYPT
|
Unsafe standard function
|
UNSAFE_STD_FUNC
|
Unsigned integer constant overflow
|
UINT_CONSTANT_OVFL
|
Unsigned integer conversion overflow
|
UINT_CONV_OVFL
|
Unsigned integer overflow
|
UINT_OVFL
|
Unsupported syntax used with test authoring API
|
PSTUNIT_UNSUPPORTED_SYNTAX
|
Unused variable
|
UNUSED_VARIABLE
|
Unused parameter
|
UNUSED_PARAMETER
|
Useless if
|
USELESS_IF
|
Useless Include
|
USELESS_INCLUDE
|
Useless preprocessor conditional directive
|
USELESS_PREPROC_CONDITION
|
Use of a forbidden C/C++ keyword
|
FORBIDDEN_KEYWORD
|
Use of a forbidden function
|
FORBIDDEN_FUNC
|
Use of a forbidden macro
|
FORBIDDEN_MACRO
|
Use of automatic variable as putenv-family function argument
|
PUTENV_AUTO_VAR
|
Use of dangerous standard function
|
DANGEROUS_STD_FUNC
|
Use of externally controlled environment variable
|
TAINTED_ENV_VARIABLE
|
Use of indeterminate string
|
INDETERMINATE_STRING
|
Use of memset with size argument zero
|
MEMSET_INVALID_SIZE
|
Use of new or make_unique instead of more efficient make_shared
|
MISSING_MAKE_SHARED
|
Use of non-secure temporary file
|
NON_SECURE_TEMP_FILE
|
Use of obsolete standard function
|
OBSOLETE_STD_FUNC
|
Use of path manipulation function without maximum sized buffer checking
|
PATH_BUFFER_OVERFLOW
|
Use of plain char type for numerical value
|
BAD_PLAIN_CHAR_USE
|
Use of previously closed resource
|
CLOSED_RESOURCE_USE
|
Use of previously freed pointer
|
FREED_PTR
|
Use of setjmp/longjmp
|
SETJMP_LONGJMP_USE
|
Use of signal to kill thread
|
THREAD_KILLED_WITH_SIGNAL
|
Useless capture
|
USELESS_CAPTURE
|
Use of tainted pointer
|
TAINTED_PTR
|
Use of tainted pointer
|
TAINTED_PTR
|
Use of undefined thread ID
|
UNDEFINED_THREAD_ID
|
Variable length array with nonpositive size
|
NON_POSITIVE_VLA_SIZE
|
Variable shadowing
|
VAR_SHADOWING
|
Vulnerable path manipulation
|
PATH_TRAVERSAL
|
Vulnerable permission assignments
|
DANGEROUS_PERMISSIONS
|
Vulnerable pseudo-random number generator
|
VULNERABLE_PRNG
|
Weak cipher algorithm
|
CRYPTO_CIPHER_WEAK_CIPHER
|
Weak cipher mode
|
CRYPTO_CIPHER_WEAK_MODE
|
Weak padding for RSA algorithm
|
CRYPTO_RSA_WEAK_PADDING
|
Write without a further read
|
USELESS_WRITE
|
Writing to const qualified object
|
CONSTANT_OBJECT_WRITE
|
Writing to read-only resource
|
READ_ONLY_RESOURCE_WRITE
|
Wrong allocated object size for cast
|
OBJECT_SIZE_MISMATCH
|
Wrong type used in sizeof
|
PTR_SIZEOF_MISMATCH
|
X.509 peer certificate not checked
|
CRYPTO_SSL_CERT_NOT_CHECKED
|
