DATASHEET

CWE C and C++ Rule Enforcement (2022)

ENFORCEMENT HELIX QAC 2023.4

CWE enforcement is measured against defined lists of weaknesses which do not all apply to every language.

2022 CWE Top 25 Most Dangerous Software Weaknesses

https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html

Rank	CWE ID	Description	Enforced C	Enforced C++
[1]	CWE-787	Out-of-bounds Write	Yes	Yes
[2]	CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	N/A	N/A
[3]	CWE-89	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)	No	No
[4]	CWE-20	Improper Input Validation	Yes	Yes
[5]	CWE-125	Out-of-bounds Read	Yes	Yes
[6]	CWE-78	Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)	Yes	Yes
[7]	CWE-416	Use After Free	Yes	Yes
[8]	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	No	No
[9]	CWE-352	Cross-Site Request Forgery (CSRF)	N/A	N/A
[10]	CWE-434	Unrestricted Upload of File with Dangerous Type	N/A	N/A
[11]	CWE-476	NULL Pointer Dereference	Yes	Yes
[12]	CWE-502	Deserialization of Untrusted Data	N/A	N/A
[13]	CWE-190	Integer Overflow or Wraparound	Yes	Yes
[14]	CWE-287	Improper Authentication	N/A	N/A
[15]	CWE-798	Use of Hard-coded Credentials	No	No
[16]	CWE-862	Missing Authorization	No	No
[17]	CWE-77	Improper Neutralization of Special Elements used in a Command (‘Command Injection’)	No	No
[18]	CWE-306	Missing Authentication for Critical Function	No	No
[19]	CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer	Yes	Yes
[20]	CWE-276	Incorrect Default Permissions	N/A	N/A
[21]	CWE-918	Server-Side Request Forgery (SSRF)	N/A	N/A
[22]	CWE-362	Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)	Yes	Yes
[23]	CWE-400	Uncontrolled Resource Consumption	No	No
[24]	CWE-611	Improper Restriction of XML External Entity Reference	N/A	N/A
[25]	CWE-94	Improper Control of Generation of Code (‘Code Injection’)	N/A	N/A