DATASHEET

CWE C and C++ Rule Enforcement (2021)

ENFORCEMENT HELIX QAC 2024.2

CWE enforcement is measured against defined lists of weaknesses which do not all apply to every language.

2021 CWE Top 25 Most Dangerous Software Weaknesses

https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html

Rank	CWE ID	Description	Enforced C	Enforced C++
[1]	CWE-787	Out-of-bounds Write	Yes	Yes
[2]	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	N/A	N/A
[3]	CWE-125	Out-of-bounds Read	Yes	Yes
[4]	CWE-20	Improper Input Validation	Yes	Yes
[5]	CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)	Yes	Yes
[6]	CWE-89	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	Yes	Yes
[7]	CWE-416	Use After Free	Yes	Yes
[8]	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	No	No
[9]	CWE-352	Cross-Site Request Forgery (CSRF)	N/A	N/A
[10]	CWE-434	Unrestricted Upload of File with Dangerous Type	N/A	N/A
[11]	CWE-306	Missing Authentication for Critical Function	No	No
[12]	CWE-190	Integer Overflow or Wraparound	Yes	Yes
[13]	CWE-502	Deserialization of Untrusted Data	N/A	N/A
[14]	CWE-287	Improper Authentication	N/A	N/A
[15]	CWE-476	NULL Pointer Dereference	Yes	Yes
[16]	CWE-798	Use of Hard-coded Credentials	Yes	Yes
[17]	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Yes	Yes
[18]	CWE-862	Missing Authorization	No	No
[19]	CWE-276	Incorrect Default Permissions	N/A	N/A
[20]	CWE-200	Exposure of Sensitive Information to an Unauthorized Actor	No	No
[21]	CWE-522	Insufficiently Protected Credentials	No	No
[22]	CWE-732	Incorrect Permission Assignment for Critical Resource	No	No
[23]	CWE-611	Improper Restriction of XML External Entity Reference	N/A	N/A
[24]	CWE-918	Server-Side Request Forgery (SSRF)	N/A	N/A
[25]	CWE-77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	No	No