DATASHEET
CWE C and C++ Rule Enforcement (2020)
ENFORCEMENT HELIX QAC 2024.2
CWE enforcement is measured against defined lists of weaknesses which do not all apply to every language.
2020 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
Rank | CWE ID | Description | Enforced C | Enforced C++ |
|---|---|---|---|---|
[1] | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | N/A | N/A | |
[2] | Out-of-bounds Write | Yes | Yes | |
[3] | Improper Input Validation | Yes | Yes | |
[4] | Out-of-bounds Read | Yes | Yes | |
[5] | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes | Yes | |
[6] | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) | Yes | Yes | |
[7] | Exposure of Sensitive Information to an Unauthorized Actor | No | No | |
[8] | Use After Free | Yes | Yes | |
[9] | Cross-Site Request Forgery (CSRF) | N/A | N/A | |
[10] | Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) | Yes | Yes | |
[11] | Integer Overflow or Wraparound | Yes | Yes | |
[12] | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | No | No | |
[13] | NULL Pointer Dereference | Yes | Yes | |
[14] | Improper Authentication | N/A | N/A | |
[15] | Unrestricted Upload of File with Dangerous Type | N/A | N/A | |
[16] | Incorrect Permission Assignment for Critical Resource | No | No | |
[17] | Improper Control of Generation of Code (‘Code Injection’) | N/A | N/A | |
[18] | Insufficiently Protected Credentials | No | No | |
[19] | Improper Restriction of XML External Entity Reference | N/A | N/A | |
[20] | Use of Hard-coded Credentials | Yes | Yes | |
[21] | Deserialization of Untrusted Data | N/A | N/A | |
[22] | Improper Privilege Management | No | No | |
[23] | Uncontrolled Resource Consumption | No | No | |
[24] | Missing Authentication for Critical Function | No | No | |
[25] | Missing Authorization | No | No |