25
CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES 1 TECHNICAL WHITEPAPER TRUSTED LEADERS OF SOFTWARE ASSURANCE AND ADVANCED CYBER-SECURITY SOLUTIONS WWW.GRAMMATECH.COM CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

  • Upload
    others

  • View
    35

  • Download
    0

Embed Size (px)

Citation preview

Page 1: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

1 TECHNICAL WHITEPAPER

TRUSTED LEADERS OF SOFTWARE ASSURANCE AND ADVANCED CYBER-SECURITY SOLUTIONSWWW.GRAMMATECH.COM

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

Page 2: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

2 TECHNICAL WHITEPAPER

INTRODUCTION

The Common Weakness Enumeration (CWE™) is a list of software weakness types. Creating the list is a community initiative aimed at creating specific and succinct definitions for each common weakness type.

Every CodeSonar warning report includes the numbers of any CWE weakness IDs that are closely mapped to the warning’s class. (The close mapping for a warning class is the set of categories—including CWE weakness IDs—that most closely match the class, if any).

You can configure CodeSonar to enable and disable warning classes mapped to specific CWE weakness IDs, or use build presets to enable all warning classes that are closely mapped to any CWE weakness IDs. In addition, you can use the CodeSonar search function to find warnings related to specific CWE weakness IDs.

CodeSonar 5.2p0 uses CWE 3.2, published January 3, 2019.

For more information on Common Weakness Enumeration:

https://cwe.mitre.org/data/index.html

The remainder of this document comprises two tables:

• A table showing the close mapping between CodeSonar C and C++ warning classes and CWE weakness IDs.

• A table showing the broad mapping between CodeSonar C and C++ warning classes and CWE weakness IDs. The broad CWE mapping for a CodeSonar warning class combines CWE weakness IDs from four sources:

1. The close CWE mapping for the class.

2. Other CWE weakness IDs that are related to the class in a meaningful way, but not eligible for the close mapping.

3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy.

4. For all CWE weakness IDs from sources 1 and 2, all descendants in the CWE hierarchy.

A separate document, CWE Weakness IDs Mapped to CodeSonar® Java Warning Classes, lists the CodeSonar Java warning classes that are closely and broadly mapped to CWE weakness IDs.

GrammaTech, Inc. is a leading developer of software-assurance tools and advanced cyber-security solutions. GrammaTech helps organizations develop and release high quality software, free of harmful defects that cause system failures, enable data breaches, and increase corporate liabilities in today’s connected world. GrammaTech’s CodeSonar is used by embedded devel-opers worldwide.

CodeSonar and CodeSurfer are registered trademarks of GrammaTech, Inc.© 2020 GrammaTech, Inc. All rights reserved.

Rodney Fleming
Rodney Fleming
CWE 3.4.1, published September 23, 2019.
Page 3: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

3 TECHNICAL WHITEPAPER

CWE CLOSE MAPPING: C/C++ (CODESONAR V5.2P0)

The following table lists the CodeSonar C/C++ warning classes that are closely mapped to CWE weakness IDs.

CWE Weakness ID and Name Closely Mapped CodeSonar C/C++ Classes

CWE-14 Compiler Removal of Code to Clear Buffers Use of memset

CWE-15 External Control of System or Configuration Setting Tainted Configuration Setting

CWE-20 Improper Input Validation Tainted Buffer Access

CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Tainted Filename

CWE-73 External Control of File Name or Path Tainted Filename

CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)

Command InjectionUntrusted Process CreationCommand Injection(Julia warning),CommandInjectionIntoFieldWarning(Julia warning),CommandInjectionWarning(Julia warning),CommandInjectionIntoFieldWarning(Julia warning),CommandInjectionWarning

CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)

SQL Injection

CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’)

LDAP Injection(Julia warning),LDAPAttributeInjectionIntoFieldWarning(Julia warning),LDAPAttributeInjectionWarning(Julia warning),LDAPFilterInjectionIntoFieldWarning(Julia warning),LDAPFilterInjectionWarning(Julia warning),LDAPAttributeInjectionIntoFieldWarning(Julia warning),LDAPAttributeInjectionWarning(Julia warning),LDAPFilterInjectionIntoFieldWarning(Julia warning),LDAPFilterInjectionWarning

CWE-99 Improper Control of Resource Identifiers (‘Resource Injec-tion’)

Tainted FilenameTainted Network AddressUntrusted Network HostUntrusted Network Port

CWE-114 Process Control Library InjectionUntrusted Library Load

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

High Risk LoopTainted Buffer AccessType OverrunType Underrun

Page 4: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

4 TECHNICAL WHITEPAPER

CWE-120 Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)

Buffer OverrunUse of getoptUse of getpassUse of getsUse of getwdUse of OemToAnsiUse of OemToCharUse of recvmsgUse of strcatUse of StrCatChainWUse of strcmpUse of strcpyUse of strlenUse of strtrnsUse of syslogUse of strstr Use of strpbrk Use of strrchr Use of strchr Use of strcoll Use of strtok Use of strspn Use of strcspn

CWE-134 Use of Externally-Controlled Format String Format StringFormat String InjectionUse of FormatMessage

CWE-136 Type Errors Inappropriate Assignment TypeMismatched Operand Types

CWE-170 Improper Null Termination No Space For Null TerminatorUnterminated C String

CWE-187 Partial String Comparison (Julia warning),SuspiciousInheritanceOfEqualsWarning

CWE-190 Integer Overflow or Wraparound Addition Overflow of Allocation SizeAddition Overflow of SizeInteger Overflow of Allocation SizeMultiplication Overflow of Allocation SizeMultiplication Overflow of SizeSubtraction Underflow of Allocation SizeSubtraction Underflow of Size

CWE-191 Integer Underflow (Wrap or Wraparound) Subtraction Underflow of Allocation SizeSubtraction Underflow of Size

CWE-192 Integer Coercion Error Cast Alters ValueCoercion Alters ValueTruncation of Allocation SizeTruncation of Size

Page 5: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

5 TECHNICAL WHITEPAPER

CWE-197 Numeric Truncation Error Truncation of Allocation SizeTruncation of Size

CWE-200 Information Exposure Tainted Write

CWE-227 Improper Fulfillment of API Contract (‘API Abuse’) GlobalHandle on GMEM_FIXED MemoryGlobalLock on GMEM_FIXED MemoryGlobalUnlock on GMEM_FIXED MemoryLocalHandle on LMEM_FIXED MemoryLocalLock on LMEM_FIXED MemoryLocalUnlock on LMEM_FIXED MemoryMAX_PATH ExceededNegative file descriptorPool Mismatchcosh on Low Number Arctangent Domain ErrorFloating Point Domain Error

Class is Serializable but its superclass doesn’t define a void constructor cosh on High Number Argument Too Low Undefined Power of Zero Logarithm on Negative Value Floating Point Range Error Raises FE_INVALID sqrt on Negative Value Logarithm on Zero

Class is Serializable but its superclass doesn’t define a void constructor Argument Too High Gamma on Zero

CWE-242 Use of Inherently Dangerous Function Use of getsUse of getwd

CWE-243 Creation of chroot Jail Without Changing Working Directory chroot without chdir

CWE-251 Often Misused: String Management Use of strcatUse of StrCatChainWUse of strcmpUse of strcpyUse of strlenUse of strtrnsUse of strpbrk Use of strrchr Use of strchr Use of strcoll Use of strtok Use of strspn Use of strcspn

Page 6: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

6 TECHNICAL WHITEPAPER

CWE-252 Unchecked Return Value Ignored Return Value

CWE-256 Unprotected Storage of Credentials Plaintext Storage of Password

CWE-269 Improper Privilege Management Use of AddAccessAllowedAceUse of AddAccessDeniedAce

CWE-275 Permission Issues Write to Read Only File

CWE-281 Improper Preservation of Permissions Use of AddAccessAllowedAceUse of AddAccessDeniedAce

CWE-284 Improper Access Control Null Security Descriptor

CWE-311 Missing Encryption of Sensitive Data Plaintext Storage of Password

CWE-325 Missing Required Cryptographic Step Encryption without Padding

CWE-326 Inadequate Encryption Strength Use of cryptWeak Cryptography

CWE-327 Use of a Broken or Risky Cryptographic Algorithm Use of cryptWeak Cryptography

CWE-328 Reversible One-Way Hash Use of cryptWeak Cryptography

CWE-330 Use of Insufficiently Random Values Use of cryptUse of randUse of rand48 FunctionUse of randomWeak Cryptography

CWE-331 Insufficient Entropy Encryption without Padding

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Use of cryptWeak Cryptography

CWE-364 Signal Handler Race Condition Data Race

CWE-366 Race Condition within a Thread Data Race

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition File System Race Condition

CWE-369 Divide By Zero

Divide By Zero

Division By ZeroFloat Division By Zero

CWE-377 Insecure Temporary File Use of GetTempFileNameUse of mkstempUse of mktempUse of tmpfileUse of tmpnam

CWE-390 Detection of Error Condition Without Action Empty if Statement

CWE-391 Unchecked Error Condition Ignored Return Value

CWE-398 Indicator of Poor Code Quality Unused Value

CWE-400 Uncontrolled Resource Consumption (‘Resource Exhaus-tion’)

Excessive Stack DepthPotential Unbounded Loop

CWE-401 Missing Release of Memory after Effective Lifetime (‘Memory Leak’)

Leak

Page 7: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

7 TECHNICAL WHITEPAPER

CWE-411 Resource Locking Problems Double LockDouble UnlockTry-lock that will never succeed

CWE-415 Double Free Double Free

CWE-416 Use After Free Use After Free

CWE-452 Initialization and Cleanup Errors Double Initialization

CWE-457 Use of Uninitialized Variable Uninitialized Variable

CWE-459 Incomplete Cleanup Leak

CWE-465 Pointer Issues High Risk LoopMisaligned ObjectPointer Before Beginning of ObjectPointer Past End of ObjectReturn Pointer to Freed

CWE-474 Use of Function with Inconsistent Implementations Use of gamma

CWE-475 Undefined Behavior for Input to API Overlapping Memory Regions

CWE-476 NULL Pointer Dereference Null Pointer DereferenceUnchecked Parameter Dereference

CWE-477 Use of Obsolete Functions Use of cuseridUse of LoadModuleUse of MoveFileUse of WinExecUse of dremUse of gamma

CWE-478 Missing Default Case in Switch Statement Missing default

CWE-481 Assigning instead of Comparing Assignment in ConditionalAssignment Result in Expression

CWE-484 Omitted Break Statement in Switch Missing break

CWE-485 Insufficient Encapsulation Scope Could Be File StaticScope Could Be Local Static

CWE-489 Leftover Debug Code Leftover Debug Code

CWE-506 Embedded Malicious Code Hardcoded DNS NameUntrusted Network Host

CWE-511 Logic/Time Bomb Potential Timebomb

CWE-546 Suspicious Comment Comment Suggests Code Unfinished

CWE-557CWE-557

Concurrency Issues Blocking in Critical Section

Concurrency Issues Deadlock

CWE-558 Use of getlogin() in Multithreaded Application Use of getlogin

Page 8: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

8 TECHNICAL WHITEPAPER

CWE-561 Dead Code Unexercised CallUnexercised ComputationUnexercised ConditionalUnexercised Control FlowUnexercised Data FlowUnreachable CallUnreachable ComputationUnreachable ConditionalUnreachable Control FlowUnreachable Data FlowUnused LabelUnused MacroUnused ParameterUnused TagUnused Type

CWE-562 Return of Stack Variable Address Return Pointer to Local

CWE-563 Assignment to Variable without Use (‘Unused Variable’) Unused Value

CWE-570 Expression is Always False Redundant Condition

CWE-571 Expression is Always True Redundant Condition

CWE-587 Assignment of a Fixed Address to a Pointer Coercion: Integer Constant to Pointer

CWE-590 Free of Memory not on the Heap Free Non-Heap VariableFree Null PointerType Mismatch

CWE-605 Multiple Binds to the Same Port Use of SO_REUSEADDR

CWE-610 Externally Controlled Reference to a Resource in Another Sphere

Tainted FilenameTainted Network AddressUntrusted Network HostUntrusted Network Port

CWE-615 Information Exposure Through Comments Commented-out Code

CWE-628 Function Call with Incorrectly Specified Arguments cosh on Low NumberArctangent Domain ErrorFloating Point Domain Errorcosh on High NumberArgument Too LowUndefined Power of ZeroLogarithm on Negative ValueFloating Point Range ErrorRaises FE_INVALIDsqrt on Negative ValueLogarithm on ZeroArgument Too HighGamma on Zero

CWE-662 Improper Synchronization Blocking in Critical Section

CWE-664 Improper Control of a Resource Through its Lifetime Misaligned Object

Page 9: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

9 TECHNICAL WHITEPAPER

CWE-665 Improper Initialization Missing Braces in InitializationOver-initialized ElementPartially Uninitialized AggregatePartially Uninitialized ArrayUninitialized VariableUnspecified Array Size with Designator Initialization

CWE-666 Operation on Resource in Wrong Phase of Lifetime Double CloseSocket In Wrong StateUse After Close

CWE-667 Improper Locking Conflicting Lock OrderMissing Lock ReleaseNested LocksUnknown Lock

CWE-672 Operation on a Resource after Expiration or Release Double CloseUse After CloseUse After Free

CWE-675 Duplicate Operations on Resource Double CloseDouble Initialization

Page 10: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

10 TECHNICAL WHITEPAPER

CWE-676 Use of Potentially Dangerous Function chroot without chdirUse of _execUse of _spawnUse of <fenv.h> Exception Handling FunctionUse of <signal.h>Use of <stdio.h> Input/OutputUse of <stdio.h> Input/Output MacroUse of <tgmath.h>Use of <time.h> Time/Date FunctionUse of <wchar.h> Input/OutputUse of <wchar.h> Input/Output MacroUse of abortUse of AddAccessAllowedAceUse of AddAccessDeniedAceUse of AfxLoadLibraryUse of AfxParseURLUse of atofUse of atoiUse of atolUse of atollUse of bsearchUse of catopenUse of chrootUse of CoLoadLibraryUse of CreateFileUse of CreateProcessUse of CreateThreadUse of cryptUse of cuseridUse of execlpUse of execvpUse of exitUse of FormatMessageUse of getenvUse of getloginUse of getoptUse of getpassUse of GetTempFileNameUse of LoadLibraryUse of LoadModuleUse of longjmpUse of memsetUse of mkstempUse of mktempUse of MoveFileUse of OemToAnsiUse of OemToCharUse of popenUse of qsortUse of randUse of rand48 FunctionUse of randomUse of realpathUse of recvmsgUse of setjmpUse of setuidUse of SHCreateProcessAsUserWUse of ShellExecute

Use of signalUse of strcatUse of StrCatChainWUse of strcmpUse of strcpyUse of strlenUse of strtrnsUse of syslogUse of systemUse of t_openUse of tmpfileUse of tmpnamUse of ttynameUse of vforkUse of WinExecWeak CryptographyUse of strstr Use of strpbrk Use of strrchr Use of strchr Use of strcoll Use of strtok Use of strspn Use of strcspn

Continued...

Page 11: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

11 TECHNICAL WHITEPAPER

CWE-680 Integer Overflow to Buffer Overflow Addition Overflow of Allocation SizeAddition Overflow of SizeInteger Overflow of Allocation SizeMultiplication Overflow of Allocation SizeMultiplication Overflow of SizeSubtraction Underflow of Allocation SizeSubtraction Underflow of SizeTruncation of Allocation SizeTruncation of Size

CWE-682 Incorrect Calculation Negative Shift AmountShift Amount Exceeds Bit Width

CWE-686 Function Call With Incorrect Argument Type Array Parameter MismatchGlobalHandle on GMEM_FIXED MemoryGlobalLock on GMEM_FIXED MemoryGlobalUnlock on GMEM_FIXED MemoryImplicit Function DeclarationLocalHandle on LMEM_FIXED MemoryLocalLock on LMEM_FIXED MemoryLocalUnlock on LMEM_FIXED MemoryNegative Character ValueType Mismatch

CWE-690 Unchecked Return Value to NULL Pointer Dereference Null Pointer DereferenceNull Test After Dereference

CWE-691 Insufficient Control Flow Management Use of longjmpUse of setjmp

CWE-696 Incorrect Behavior Order Null Test After Dereference

CWE-704 Incorrect Type Conversion or Cast Cast Alters ValueCast Removes const QualifierCast Removes volatile QualifierCast: Arithmetic Type/Void PointerCast: Non-integer Arithmetic Type/Object PointerCast: Object PointersCoercion Alters ValueConversion from Function PointerConversion to Function PointerConversion: Pointer to IncompleteConversion: Pointer/IntegerConversion: Void Pointer to Object PointerDangerous Function CastExpression Value Widened by AssignmentExpression Value Widened by Other OperandInappropriate Cast TypeInappropriate Cast Type: Expression

Non-Boolean argument formatted using %b format specifierVarargs Function Cast

Page 12: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

12 TECHNICAL WHITEPAPER

CWE-710 Coding Standards Violation ## Follows # OperatorBasic Numerical Type UsedCode Before #includeCondition Contains Side EffectsConditional CompilationDynamic Allocation After InitializationFunction PointerFunction Pointer ConversionFunction Too LongGlobal Variable Declared with Different TypesGoto StatementInconsistent Enumerator InitializationLibrary Function OverrideLock/Unlock MismatchMacro Defined in Function BodyMacro Does Not End With } or )Macro Does Not Start With { or (Macro Name is C KeywordMacro Undefined in Function BodyMacro Uses # OperatorMacro Uses ## OperatorMacro Uses [] OperatorMacro Uses -> OperatorMacro Uses Unary * OperatorMultiple Declarations of a GlobalMultiple Declarations On LineMultiple Statements On LineNested Function DeclarationNo Matching #endifNo Matching #ifNon-distinct Identifiers: External NamesNon-distinct Identifiers: Macro/MacroNon-distinct Identifiers: Macro/OtherNon-distinct Identifiers: Nested ScopeNon-distinct Identifiers: Same ScopeNon-unique Identifiers: External NameNon-unique Identifiers: Internal NameNon-unique Identifiers: TagNon-unique Identifiers: TypedefNot All Warnings Are EnabledNot Enough AssertionsPointer Type Inside TypedefRecursionRecursive MacroTask Delay FunctionToo Many DereferencesToo Many ParametersToo Much Indirection in DeclarationUnbalanced ParenthesisUse of #undefUse of longjmpUse of setjmpUse of <stdlib.h> Allocator/Deallocator Macro Use of <stdlib.h> Allocator/DeallocatorVariadic MacroWarnings Not Treated As Errors

Page 13: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

13 TECHNICAL WHITEPAPER

CWE-758 Reliance on Undefined, Unspecified, or Implementation-De-fined Behavior

Missing Return StatementMissing Return ValueNegative Shift AmountShift Amount Exceeds Bit WidthUninitialized VariableUse of <signal.h>Use of <stdio.h> Input/OutputUse of <stdio.h> Input/Output MacroUse of <tgmath.h>Use of <time.h> Time/Date FunctionUse of <wchar.h> Input/OutputUse of <wchar.h> Input/Output MacroUse of abortUse of atofUse of atoiUse of atolUse of atollUse of bsearchUse of exitUse of getenv

CWE-761 Free of Pointer not at Start of Buffer Misaligned ObjectPool MismatchType Mismatch

CWE-762 Mismatched Memory Management Routines Type Mismatch

CWE-763 Release of Invalid Pointer or Reference Misaligned Object

CWE-764CWE-764

Multiple Locks of a Critical Resource Double LockLocked Twice

CWE-765 Multiple Unlocks of a Critical Resource Double Unlock

CWE-771 Missing Reference to Active Allocated Resource Leak

CWE-772 Missing Release of Resource after Effective Lifetime Leak

CWE-773 Missing Reference to Active File Descriptor or Handle Leak

CWE-775 Missing Release of File Descriptor or Handle after Effective Lifetime

Leak

CWE-780 Use of RSA Algorithm without OAEP Encryption without Padding

CWE-785 Use of Path Manipulation Function without Maximum-sized Buffer

Use of realpath

CWE-786 Access of Memory Location Before Start of Buffer Buffer Underrun

CWE-788 Access of Memory Location After End of Buffer Buffer Overrun

Page 14: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

14 TECHNICAL WHITEPAPER

CWE-789 Uncontrolled Memory Allocation Tainted Allocation Size

CWE-798 Use of Hard-coded Credentials Hardcoded AuthenticationHardcoded Crypto KeyHardcoded Crypto Salt

CWE-823 Use of Out-of-range Pointer Offset Pointer Arithmetic

CWE-832 Unlock of a Resource that is not Locked Missing Lock Acquisition

CWE-835 Loop with Unreachable Exit Condition (‘Infinite Loop’) Potential Unbounded Loop

CWE-843 Access of Resource Using Incompatible Type (‘Type Confu-sion’)

GlobalHandle on GMEM_FIXED MemoryGlobalLock on GMEM_FIXED MemoryGlobalUnlock on GMEM_FIXED MemoryLocalHandle on LMEM_FIXED MemoryLocalLock on LMEM_FIXED MemoryLocalUnlock on LMEM_FIXED MemoryType Mismatch

CWE-863 Incorrect Authorization Use of cuserid

CWE-863 Incorrect Authorization Use of getlogin

CWE-908 Use of Uninitialized Resource Uninitialized Variable

CWE-1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters

Too Many Parameters

CWE-1126 Declaration of Variable with Unnecessarily Wide Scope Scope Could Be File StaticScope Could Be Local Static

CWE-1127 Compilation with Insufficient Warnings or Errors Not All Warnings Are EnabledWarnings Not Treated As Errors

CWE-1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)

Preprocessing Directives in Macro ArgumentMacro Does Not Start With { or (Macro Does Not End With } or )Macro Uses # Operator## Follows # OperatorMacro Uses ## Operator

Page 15: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

15 TECHNICAL WHITEPAPER

CWE-1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)

Non-unique Identifiers: External NameVariable Declared with Different TypesNon-distinct Identifiers: External NamesOctal ConstantIncomplete Function PrototypeDeclaration of Reserved NameScope Could Be File StaticInconsistent Object DeclarationsInconsistent Function DeclarationsNon-unique Identifiers: TagNon-distinct Identifiers: Macro/MacroNon-unique Identifiers: Internal NamePointer Type Inside TypedefScope Could Be Local StaticNon-unique Identifiers: TypedefCast Removes const QualifierTypographically Ambiguous IdentifiersReturn Pointer to LocalNon-distinct Identifiers: Macro/OtherConfusing Literal SuffixLibrary Function OverrideNon-distinct Identifiers: Same ScopeMultiple Declarations On LineNon-distinct Identifiers: Nested Scope

Page 16: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

16 TECHNICAL WHITEPAPER

CWE-1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)

Pointer ArithmeticEmpty while StatementRisky Integer PromotionIgnored Return ValueUse of <stdarg.h> FeatureEmpty if StatementAssignment Result in ExpressionArray Parameter MismatchNull Pointer DereferenceCast Removes const QualifierEmpty switch StatementInappropriate Operand TypeUninitialized VariableEmpty for StatementUnchecked Parameter DereferenceCondition Contains Side EffectsSide Effects in sizeofMissing ParenthesesAssignment in ConditionalRestrict Qualifier UsedEmpty Branch Statement

CWE-1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT) Negative Character ValueFloat Division By ZeroTruncation of SizeUntrusted Network HostNegative Shift AmountUntrusted Network PortTainted Network AddressCast Alters ValueSubtraction Underflow of Allocation SizeCast: Arithmetic Type/Void PointerInappropriate Operand TypeInconsistent Enumerator InitializationBit-field Signedness Not ExplicitCoercion: Integer Constant to PointerExpression Value Widened by Other OperandDivision By ZeroCoercion Alters ValueConversion: Pointer/IntegerTainted Allocation SizeTainted Buffer AccessShift Amount Exceeds Bit WidthExpression Value Widened by AssignmentTruncation of Allocation Size

Page 17: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

17 TECHNICAL WHITEPAPER

CWE-1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)

cosh on Low NumberArctangent Domain ErrorFloating Point Domain Errorcosh on High NumberFloat-typed Loop CounterArgument Too LowUndefined Power of ZeroLogarithm on Negative ValueFloating Point Range ErrorRaises FE_INVALIDsqrt on Negative ValueLogarithm on ZeroMismatched Operand TypesArgument Too HighGamma on Zero

CWE-1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) Type UnderrunBuffer UnderrunBuffer OverrunPointer Past End of ObjectType OverrunTainted Buffer AccessDeclaration of Flexible Array MemberPointer Before Beginning of Object

Page 18: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

18 TECHNICAL WHITEPAPER

CWE-1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)

Use of strcmpNegative Character ValueNon-const String LiteralUntrusted Library LoadFormat String InjectionUse of strlenCommand InjectionBuffer OverrunNo Space For Null TerminatorLDAP InjectionUse of strcatSQL InjectionLibrary InjectionUntrusted Process CreationType OverrunUse of OemToAnsiUse of strtrnsUse of OemToCharUse of strcpyUnterminated C StringUse of StrCatChainWUse of strstr Use of strpbrk Use of strrchr Use of strchr Use of strcoll Use of strtok Use of strspn Use of strcspn

CWE-1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)

LeakAddition Overflow of Allocation SizeMultiplication Overflow of Allocation SizeFree Non-Heap VariableInteger Overflow of Allocation SizeUse After FreeDouble Free

Page 19: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

19 TECHNICAL WHITEPAPER

CWE-1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)

LeakFile System Race ConditionUse of tmpnamUse of CreateFileFormat String InjectionUse of GetTempFileNameUse of mkstempUse of mktempUse of tmpfileTainted FilenameFormat StringUse After Close

CWE-1164 Irrelevant Code Function Call Has No EffectOver-initialized ElementUseless AssignmentRedundant ConditionTry-lock that will never succeedUnused Variable

CWE-1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)

Use of System

CWE-1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) Data raceUse of signal

CWE-1167 SEI CERT C Coding Standard - Guidelines 12. Error Han-dling (ERR)

Ignored Return ValueUse of atollUse of atoiUse of atofUse of atol

CWE-1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)

LocalHandle on LMEM_FIXED MemoryType MismatchPool MismatchLocalLock on LMEM_FIXED MemoryCast Alters ValueLocalUnlock on LMEM_FIXED MemoryGlobalHandle on GMEM_FIXED MemoryGlobalLock on GMEM_FIXED MemoryUnchecked Parameter DereferenceCoercion Alters ValueGlobalUnlock on GMEM_FIXED Memory

CWE-1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)

Use of tmpnamUse of randBlocking in Critical SectionData RaceMissing Lock ReleaseConflicting Lock OrderUse of ttynameUse of signalMissing Lock Acquisition

Page 20: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

20 TECHNICAL WHITEPAPER

CWE-1170 SEI CERT C Coding Standard - Guidelines 48. Miscella-neous (MSC)

Use of cuseridFunction Call Has No EffectMissing Return StatementEmpty while StatementUnused MacroUnreachable Data FlowPotential Unbounded LoopNot Enough AssertionsUse of randNot All Warnings Are EnabledUnexercised CallUse of setjmpEmpty if StatementUnexercised ComputationUnexercised Control FlowUse of memsetHardcoded Crypto KeyUnreachable ConditionalHardcoded Crypto SaltUnexercised ConditionalEmpty switch StatementHardcoded AuthenticationUse of longjmpUseless AssignmentUse of WinExecUnused TagEmpty for StatementRedundant ConditionUnexercised Data FlowUnused LabelPlaintext Storage of PasswordUse of LoadModuleMissing breakUse of gammaMisplaced caseUnused ValueUnreachable CallUse of MoveFileUnused VariableUnreachable ComputationEmpty Branch StatementUnreachable Control Flow

CWE-1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) Blocking in Critical SectionData RaceUse of chrootConflicting Lock OrderUse of vforkchroot without chdir

Page 21: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

21 TECHNICAL WHITEPAPER

CWE-1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)

Use of CoLoadLibraryUse of CreateProcessUse of LoadLibraryUse of AfxLoadLibraryUse of CreateThread

Page 22: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

22 TECHNICAL WHITEPAPER

CWE IDS BROADLY MAPPED TO ONE OR MORE CODESONAR C/C++ WARNING CLASSES (CODESONAR V5.2P0)

The following table lists the CWE IDs that are broadly mapped to one or more CodeSonar C/C++ warning classes.

CWE:2CWE:5CWE:6CWE:8CWE:9CWE:11CWE:13CWE:14CWE:15CWE:19CWE:20CWE:21CWE:22CWE:23CWE:24CWE:25CWE:26CWE:27CWE:28CWE:29CWE:30CWE:31CWE:32CWE:33CWE:34CWE:35CWE:36CWE:37CWE:38CWE:39CWE:40CWE:41CWE:42CWE:43CWE:44CWE:45CWE:46CWE:47CWE:48CWE:49CWE:50

CWE:51CWE:52CWE:53CWE:54CWE:55CWE:56CWE:57CWE:58CWE:59CWE:61CWE:62CWE:64CWE:65CWE:66CWE:67CWE:69CWE:72CWE:73CWE:74CWE:75CWE:76CWE:77CWE:78CWE:79CWE:80CWE:81CWE:82CWE:83CWE:84CWE:85CWE:86CWE:87CWE:88CWE:89CWE:90CWE:91CWE:93CWE:94CWE:95CWE:96CWE:97

CWE:98CWE:99CWE:102CWE:103CWE:104CWE:105CWE:106CWE:107CWE:108CWE:109CWE:110CWE:111CWE:112CWE:113CWE:114CWE:116CWE:117CWE:118CWE:119CWE:120CWE:121CWE:122CWE:123CWE:124CWE:125CWE:126CWE:127CWE:128CWE:129CWE:130CWE:131CWE:133CWE:134CWE:135CWE:136CWE:137CWE:138CWE:140CWE:141CWE:142CWE:143

CWE:144CWE:145CWE:146CWE:147CWE:148CWE:149CWE:150CWE:151CWE:152CWE:153CWE:154CWE:155CWE:156CWE:157CWE:158CWE:159CWE:160CWE:161CWE:162CWE:163CWE:164CWE:165CWE:166CWE:167CWE:168CWE:170CWE:171CWE:174CWE:178CWE:179CWE:180CWE:181CWE:187CWE:188CWE:189CWE:190CWE:191CWE:192CWE:193CWE:194CWE:195

CWE:196CWE:197CWE:198CWE:199CWE:200CWE:201CWE:202CWE:203CWE:204CWE:205CWE:206CWE:207CWE:208CWE:209CWE:210CWE:211CWE:212CWE:213CWE:214CWE:215CWE:216CWE:219CWE:220CWE:221CWE:222CWE:223CWE:224CWE:226CWE:227CWE:241CWE:242CWE:243CWE:244CWE:245CWE:246CWE:248CWE:250CWE:251CWE:252CWE:253CWE:254

CWE:255CWE:256CWE:257CWE:258CWE:259CWE:260CWE:261CWE:262CWE:263CWE:264CWE:265CWE:266CWE:267CWE:268CWE:269CWE:270CWE:271CWE:272CWE:273CWE:274CWE:275CWE:276CWE:277CWE:278CWE:279CWE:280CWE:281CWE:282CWE:283CWE:284CWE:285CWE:286CWE:287CWE:288CWE:289CWE:290CWE:291CWE:293CWE:294CWE:295CWE:296

CWE:297CWE:298CWE:299CWE:300CWE:301CWE:302CWE:303CWE:304CWE:305CWE:306CWE:307CWE:308CWE:309CWE:310CWE:311CWE:312CWE:313CWE:314CWE:315CWE:316CWE:317CWE:318CWE:319CWE:320CWE:321CWE:322CWE:323CWE:324CWE:325CWE:326CWE:327CWE:328CWE:329CWE:330CWE:331CWE:332CWE:333CWE:334CWE:335CWE:336CWE:337

Page 23: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

23 TECHNICAL WHITEPAPER

CWE:338CWE:339CWE:340CWE:341CWE:342CWE:343CWE:344CWE:345CWE:346CWE:349CWE:350CWE:355CWE:356CWE:358CWE:359CWE:361CWE:362CWE:363CWE:364CWE:365CWE:366CWE:367CWE:368CWE:369CWE:370CWE:371CWE:372CWE:374CWE:375CWE:376CWE:377CWE:378CWE:379CWE:382CWE:383CWE:384CWE:385CWE:386CWE:387CWE:388CWE:389CWE:390CWE:391CWE:392

CWE:393CWE:395CWE:396CWE:397CWE:398CWE:399CWE:400CWE:401CWE:402CWE:403CWE:404CWE:405CWE:406CWE:407CWE:408CWE:409CWE:410CWE:411CWE:412CWE:413CWE:414CWE:415CWE:416CWE:417CWE:419CWE:420CWE:421CWE:422CWE:424CWE:425CWE:426CWE:427CWE:428CWE:430CWE:431CWE:432CWE:433CWE:434CWE:435CWE:438CWE:440CWE:441CWE:442CWE:446

CWE:447CWE:448CWE:449CWE:451CWE:452CWE:453CWE:454CWE:455CWE:456CWE:457CWE:459CWE:460CWE:462CWE:464CWE:465CWE:466CWE:467CWE:468CWE:469CWE:470CWE:471CWE:472CWE:473CWE:474CWE:475CWE:476CWE:477CWE:478CWE:479CWE:480CWE:481CWE:482CWE:483CWE:484CWE:485CWE:486CWE:487CWE:488CWE:489CWE:490CWE:491CWE:492CWE:493CWE:494

CWE:495CWE:496CWE:497CWE:498CWE:499CWE:500CWE:501CWE:502CWE:506CWE:507CWE:508CWE:509CWE:510CWE:511CWE:512CWE:514CWE:515CWE:520CWE:521CWE:522CWE:523CWE:524CWE:525CWE:526CWE:527CWE:528CWE:529CWE:530CWE:531CWE:532CWE:535CWE:536CWE:537CWE:538CWE:539CWE:540CWE:541CWE:543CWE:546CWE:547CWE:548CWE:549CWE:550CWE:551

CWE:552CWE:553CWE:554CWE:555CWE:556CWE:557CWE:558CWE:559CWE:560CWE:561CWE:562CWE:563CWE:564CWE:565CWE:566CWE:567CWE:568CWE:569CWE:570CWE:571CWE:572CWE:573CWE:574CWE:575CWE:576CWE:577CWE:578CWE:579CWE:580CWE:581CWE:582CWE:583CWE:584CWE:585CWE:586CWE:587CWE:588CWE:589CWE:590CWE:591CWE:593CWE:594CWE:595CWE:596

CWE:597CWE:598CWE:599CWE:600CWE:601CWE:602CWE:603CWE:605CWE:606CWE:607CWE:608CWE:609CWE:610CWE:611CWE:612CWE:613CWE:614CWE:615CWE:617CWE:618CWE:619CWE:620CWE:621CWE:622CWE:623CWE:624CWE:626CWE:627CWE:628CWE:629CWE:635CWE:636CWE:637CWE:638CWE:639CWE:640CWE:641CWE:642CWE:643CWE:645CWE:647CWE:648CWE:651CWE:652

CWE:653CWE:654CWE:655CWE:656CWE:657CWE:662CWE:663CWE:664CWE:665CWE:666CWE:667CWE:668CWE:669CWE:670CWE:671CWE:672CWE:673CWE:674CWE:675CWE:676CWE:680CWE:681CWE:682CWE:683CWE:684CWE:685CWE:686CWE:687CWE:688CWE:689CWE:690CWE:691CWE:692CWE:693CWE:694CWE:695CWE:696CWE:697CWE:698CWE:699CWE:700CWE:703CWE:704CWE:705

Page 24: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

24 TECHNICAL WHITEPAPER

CWE:706CWE:707CWE:708CWE:710CWE:711CWE:712CWE:713CWE:714CWE:715CWE:717CWE:718CWE:719CWE:720CWE:721CWE:722CWE:723CWE:724CWE:725CWE:726CWE:727CWE:728CWE:729CWE:730CWE:731CWE:732CWE:733CWE:734CWE:735CWE:736CWE:737CWE:738CWE:739CWE:740CWE:741CWE:742CWE:743CWE:744CWE:745CWE:746CWE:747CWE:748CWE:749CWE:750CWE:751CWE:752CWE:753

CWE:754CWE:755CWE:758CWE:759CWE:760CWE:761CWE:762CWE:763CWE:764CWE:765CWE:766CWE:767CWE:768CWE:770CWE:771CWE:772CWE:773CWE:774CWE:775CWE:776CWE:778CWE:779CWE:780CWE:781CWE:782CWE:783CWE:784CWE:785CWE:786CWE:787CWE:788CWE:789CWE:790CWE:791CWE:792CWE:793CWE:794CWE:795CWE:796CWE:797CWE:798CWE:799CWE:800CWE:801CWE:802CWE:803

CWE:804CWE:805CWE:806CWE:807CWE:808CWE:809CWE:810CWE:811CWE:812CWE:813CWE:815CWE:816CWE:817CWE:818CWE:820CWE:821CWE:822CWE:823CWE:824CWE:825CWE:826CWE:827CWE:828CWE:829CWE:830CWE:831CWE:832CWE:833CWE:834CWE:835CWE:836CWE:837CWE:840CWE:841CWE:842CWE:843CWE:844CWE:845CWE:846CWE:847CWE:848CWE:849CWE:850CWE:851CWE:852CWE:853

CWE:854CWE:855CWE:857CWE:858CWE:859CWE:860CWE:861CWE:862CWE:863CWE:864CWE:865CWE:866CWE:867CWE:868CWE:871CWE:872CWE:873CWE:874CWE:875CWE:876CWE:877CWE:878CWE:879CWE:880CWE:882CWE:883CWE:884CWE:885CWE:886CWE:887CWE:888CWE:889CWE:890CWE:891CWE:892CWE:893CWE:894CWE:895CWE:896CWE:897CWE:898CWE:899CWE:900CWE:901CWE:902CWE:903

CWE:904CWE:905CWE:906CWE:907CWE:908CWE:909CWE:910CWE:911CWE:912CWE:913CWE:914CWE:915CWE:916CWE:917CWE:918CWE:920CWE:921CWE:922CWE:923CWE:925CWE:926CWE:927CWE:928CWE:929CWE:930CWE:931CWE:932CWE:933CWE:934CWE:935CWE:939CWE:940CWE:941CWE:942CWE:943CWE:944CWE:945CWE:946CWE:947CWE:949CWE:950CWE:954CWE:957CWE:958CWE:959CWE:960

CWE:961CWE:962CWE:963CWE:964CWE:966CWE:969CWE:970CWE:971CWE:972CWE:973CWE:974CWE:975CWE:976CWE:977CWE:978CWE:979CWE:980CWE:981CWE:982CWE:983CWE:984CWE:985CWE:986CWE:987CWE:988CWE:989CWE:990CWE:991CWE:992CWE:994CWE:995CWE:997CWE:998CWE:1000CWE:1001CWE:1002CWE:1003CWE:1004CWE:1005CWE:1006CWE:1007CWE:1008CWE:1009CWE:1010CWE:1011CWE:1012

CWE:1013CWE:1014CWE:1015CWE:1019CWE:1020CWE:1021CWE:1022CWE:1023CWE:1025CWE:1026CWE:1027CWE:1028CWE:1029CWE:1030CWE:1031CWE:1033CWE:1037CWE:1038CWE:1041CWE:1042CWE:1043CWE:1044CWE:1045CWE:1046CWE:1047CWE:1048CWE:1049CWE:1050CWE:1051CWE:1052CWE:1053CWE:1054CWE:1055CWE:1056CWE:1057CWE:1058CWE:1059CWE:1060CWE:1061CWE:1062CWE:1063CWE:1064CWE:1065CWE:1066CWE:1067CWE:1068

Page 25: CWE WEAKNESS IDS - GrammaTech › sites › default › files › CWE-mapping.pdf3. For all CWE weakness IDs from sources 1 and 2, all ancestors in the CWE hierarchy. 4. For all CWE

CWE WEAKNESS IDS MAPPED TO CODESONAR® C/C++ WARNING CLASSES

25 TECHNICAL WHITEPAPER

CWE:1069CWE:1070CWE:1071CWE:1072CWE:1073CWE:1074CWE:1075CWE:1076CWE:1078CWE:1079CWE:1080CWE:1082CWE:1083CWE:1084CWE:1085CWE:1086CWE:1087CWE:1088CWE:1089CWE:1090CWE:1091CWE:1092CWE:1093CWE:1094CWE:1095CWE:1096CWE:1097CWE:1098CWE:1099CWE:1100CWE:1101CWE:1102CWE:1103CWE:1104CWE:1105CWE:1106CWE:1107CWE:1108CWE:1109CWE:1110CWE:1111CWE:1112CWE:1113CWE:1114CWE:1115CWE:1116CWE:1117

CWE:1118CWE:1119CWE:1120CWE:1121CWE:1122CWE:1123CWE:1124CWE:1125CWE:1126CWE:1127CWE:1128CWE:1129CWE:1130CWE:1131CWE:1133CWE:1134CWE:1135CWE:1136CWE:1137CWE:1139CWE:1140CWE:1141CWE:1142CWE:1143CWE:1144CWE:1145CWE:1147CWE:1148CWE:1149CWE:1150CWE:1152CWE:1154CWE:1155CWE:1156CWE:1157CWE:1158CWE:1159CWE:1160CWE:1161CWE:1162CWE:1163CWE:1164CWE:1165CWE:1166CWE:1167CWE:1168CWE:1169

CWE:1170CWE:1171CWE:1172CWE:1173CWE:1174CWE:1176CWE:1177CWE:1187CWE:1188CWE:1200