DATASHEET
CWE C Enforcement
ENFORCEMENT HELIX QAC 2024.2
Note the CWEs listed are from CWE 4.12
ALL WEAKNESSES
Rule ID | Description |
|---|---|
CWE-14 | Compiler Removal of Code to Clear Buffers |
CWE-20 | Improper Input Validation |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
CWE-121 | Stack-based Buffer Overflow |
CWE-122 | Heap-based Buffer Overflow |
CWE-124 | Buffer Underwrite ('Buffer Underflow') |
CWE-125 | Out-of-bounds Read |
CWE-126 | Buffer Over-read |
CWE-127 | Buffer Under-read |
CWE-128 | Wrap-around Error |
CWE-129 | Improper Validation of Array Index |
CWE-130 | Improper Handling of Length Parameter Inconsistency |
CWE-131 | Incorrect Calculation of Buffer Size |
CWE-134 | Use of Externally-Controlled Format String |
CWE-135 | Incorrect Calculation of Multi-Byte String Length |
CWE-136 | Type Errors |
CWE-170 | Improper Null Termination |
CWE-176 | Improper Handling of Unicode Encoding |
CWE-187 | Partial String Comparison |
CWE-188 | Reliance on Data/Memory Layout |
CWE-190 | Integer Overflow or Wraparound |
CWE-191 | Integer Underflow (Wrap or Wraparound) |
CWE-192 | Integer Coercion Error |
CWE-193 | Off-by-one Error |
CWE-194 | Unexpected Sign Extension |
CWE-195 | Signed to Unsigned Conversion Error |
CWE-196 | Unsigned to Signed Conversion Error |
CWE-197 | Numeric Truncation Error |
CWE-233 | Improper Handling of Parameters |
CWE-234 | Failure to Handle Missing Parameter |
CWE-235 | Improper Handling of Extra Parameters |
CWE-242 | Use of Inherently Dangerous Function |
CWE-243 | Creation of chroot Jail Without Changing Working Directory |
CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
CWE-250 | Execution with Unnecessary Privileges |
CWE-251 | Often Misused: String Management |
CWE-252 | Unchecked Return Value |
CWE-253 | Incorrect Check of Function Return Value |
CWE-259 | Use of Hard-coded Password |
CWE-273 | Improper Check for Dropped Privileges |
CWE-321 | Use of Hard-coded Cryptographic Key |
CWE-324 | Use of a Key Past its Expiration Date |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
CWE-336 | Same seed in Pseudo-Random Number Generator (PRNG) |
CWE-337 | Predictable seed in Pseudo-Random Number Generator (PRNG) |
CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
CWE-369 | Divide By Zero |
CWE-374 | Passing Mutable Objects to an Untrusted Method |
CWE-375 | Returning a Mutable Object to an Untrusted Caller |
CWE-389 | Error Conditions, Return Values, Status Codes |
CWE-391 | Unchecked Error Condition |
CWE-398 | 7PK - Code Quality |
CWE-401 | Missing Release of Memory after Effective Lifetime |
CWE-412 | Unrestricted Externally Accessible Lock |
CWE-413 | Improper Resource Locking |
CWE-416 | Use After Free |
CWE-452 | Initialization and Cleanup Errors |
CWE-456 | Missing Initialization of a Variable |
CWE-457 | Use of Uninitialized Variable |
CWE-465 | Pointer Issues |
CWE-466 | Return of Pointer Value Outside of Expected Range |
CWE-467 | Use of sizeof() on a Pointer Type |
CWE-468 | Incorrect Pointer Scaling |
CWE-469 | Use of Pointer Subtraction to Determine Size |
CWE-474 | Use of Function with Inconsistent Implementations |
CWE-475 | Undefined Behaviour for Input to API |
CWE-476 | NULL Pointer Dereference |
CWE-478 | Missing Default Case in Multiple Condition Expression |
CWE-479 | Signal Handler Use of a Non-reentrant Function |
CWE-480 | Use of Incorrect Operator |
CWE-481 | Assigning instead of Comparing |
CWE-482 | Comparing instead of Assigning |
CWE-483 | Incorrect Block Delimitation |
CWE-484 | Omitted Break Statement in Switch |
CWE-489 | Active Debug Code |
CWE-547 | Use of Hard-coded, Security-relevant Constants |
CWE-558 | Use of getlogin() in Multithreaded Application |
CWE-560 | Use of umask() with chmod-style Argument |
CWE-561 | Dead Code |
CWE-562 | Return of Stack Variable Address |
CWE-563 | Assignment to Variable without Use |
CWE-569 | Expression Issues |
CWE-570 | Expression is Always False |
CWE-571 | Expression is Always True |
CWE-587 | Assignment of a Fixed Address to a Pointer |
CWE-588 | Attempt to Access Child of a Non-structure Pointer |
CWE-597 | Use of Wrong Operator in String Comparison |
CWE-606 | Unchecked Input for Loop Condition |
CWE-628 | Function Call with Incorrectly Specified Arguments |
CWE-665 | Improper Initialization |
CWE-670 | Always-Incorrect Control Flow Implementation |
CWE-674 | Uncontrolled Recursion |
CWE-676 | Use of Potentially Dangerous Function |
CWE-680 | Integer Overflow to Buffer Overflow |
CWE-681 | Incorrect Conversion between Numeric Types |
CWE-682 | Incorrect Calculation |
CWE-685 | Function Call With Incorrect Number of Arguments |
CWE-686 | Function Call With Incorrect Argument Type |
CWE-690 | Unchecked Return Value to NULL Pointer Dereference |
CWE-697 | Insufficient Comparison |
CWE-704 | Incorrect Type Conversion or Cast |
CWE-705 | Incorrect Control Flow Scoping |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior |
CWE-768 | Incorrect Short Circuit Evaluation |
CWE-783 | Operator Precedence Logic Error |
CWE-785 | Use of Path Manipulation Function without Maximum-sized Buffer |
CWE-786 | Access of Memory Location Before Start of Buffer |
CWE-787 | Out-of-bounds Write |
CWE-788 | Access of Memory Location After End of Buffer |
CWE-798 | Use of Hard-coded Credentials |
CWE-805 | Buffer Access with Incorrect Length Value |
CWE-806 | Buffer Access Using Size of Source Buffer |
CWE-823 | Use of Out-of-range Pointer Offset |
CWE-824 | Access of Uninitialized Pointer |
CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') |
CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') |
CWE-908 | Use of Uninitialized Resource |
CWE-909 | Missing Initialization of Resource |
CWE-1155 | SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE) |
CWE-1156 | SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL) |
CWE-1157 | SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP) |
CWE-1158 | SEI CERT C Coding Standard - Guidelines 04. Integers (INT) |
CWE-1159 | SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) |
CWE-1160 | SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR) |
CWE-1161 | SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR) |
CWE-1162 | SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM) |
CWE-1163 | SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO) |
CWE-1165 | SEI CERT C Coding Standard - Guidelines 10. Environment (ENV) |
CWE-1166 | SEI CERT C Coding Standard - Guidelines 11. Signals (SIG) |
CWE-1167 | SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR) |
CWE-1170 | SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC) |
CWE-1171 | SEI CERT C Coding Standard - Guidelines 50. POSIX (POS) |
CWE-658 - Weaknesses in Software Written in C
CWE-ID | Description | Enforced |
|---|---|---|
CWE-14 | Compiler Removal of Code to Clear Buffers | Yes |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | Yes |
CWE-121 | Stack-based Buffer Overflow | Yes |
CWE-122 | Heap-based Buffer Overflow | Yes |
CWE-123 | Write-what-where Condition | No |
CWE-124 | Buffer Underwrite ('Buffer Underflow') | Yes |
CWE-125 | Out-of-bounds Read | Yes |
CWE-126 | Buffer Over-read | Yes |
CWE-127 | Buffer Under-read | Yes |
CWE-128 | Wrap-around Error | Yes |
CWE-129 | Improper Validation of Array Index | Yes |
CWE-130 | Improper Handling of Length Parameter Inconsistency | Yes |
CWE-131 | Incorrect Calculation of Buffer Size | Yes |
CWE-134 | Use of Externally-Controlled Format String | Yes |
CWE-135 | Incorrect Calculation of Multi-Byte String Length | Yes |
CWE-170 | Improper Null Termination | Yes |
CWE-188 | Reliance on Data/Memory Layout | Yes |
CWE-191 | Integer Underflow (Wrap or Wraparound) | Yes |
CWE-192 | Integer Coercion Error | Yes |
CWE-194 | Unexpected Sign Extension | Yes |
CWE-195 | Signed to Unsigned Conversion Error | Yes |
CWE-196 | Unsigned to Signed Conversion Error | Yes |
CWE-197 | Numeric Truncation Error | Yes |
CWE-242 | Use of Inherently Dangerous Function | Yes |
CWE-243 | Creation of chroot Jail Without Changing Working Directory | Yes |
CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Yes |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Yes |
CWE-364 | Signal Handler Race Condition | No |
CWE-366 | Race Condition within a Thread | No |
CWE-374 | Passing Mutable Objects to an Untrusted Method | Yes |
CWE-375 | Returning a Mutable Object to an Untrusted Caller | Yes |
CWE-401 | Missing Release of Memory after Effective Lifetime | Yes |
CWE-415 | Double Free | No |
CWE-416 | Use After Free | Yes |
CWE-457 | Use of Uninitialized Variable | Yes |
CWE-460 | Improper Cleanup on Thrown Exception | No |
CWE-462 | Duplicate Key in Associative List (Alist) | No |
CWE-463 | Deletion of Data Structure Sentinel | No |
CWE-464 | Addition of Data Structure Sentinel | No |
CWE-466 | Return of Pointer Value Outside of Expected Range | Yes |
CWE-467 | Use of sizeof() on a Pointer Type | Yes |
CWE-468 | Incorrect Pointer Scaling | Yes |
CWE-469 | Use of Pointer Subtraction to Determine Size | Yes |
CWE-474 | Use of Function with Inconsistent Implementations | Yes |
CWE-476 | NULL Pointer Dereference | Yes |
CWE-478 | Missing Default Case in Multiple Condition Expression | Yes |
CWE-479 | Signal Handler Use of a Non-reentrant Function | Yes |
CWE-480 | Use of Incorrect Operator | Yes |
CWE-481 | Assigning instead of Comparing | Yes |
CWE-482 | Comparing instead of Assigning | Yes |
CWE-483 | Incorrect Block Delimitation | Yes |
CWE-484 | Omitted Break Statement in Switch | Yes |
CWE-495 | Private Data Structure Returned From A Public Method | No |
CWE-496 | Public Data Assigned to Private Array-Typed Field | No |
CWE-558 | Use of getlogin() in Multithreaded Application | Yes |
CWE-560 | Use of umask() with chmod-style Argument | Yes |
CWE-562 | Return of Stack Variable Address | Yes |
CWE-587 | Assignment of a Fixed Address to a Pointer | Yes |
CWE-676 | Use of Potentially Dangerous Function | Yes |
CWE-685 | Function Call With Incorrect Number of Arguments | Yes |
CWE-688 | Function Call With Incorrect Variable or Reference as Argument | No |
CWE-689 | Permission Race Condition During Resource Copy | No |
CWE-690 | Unchecked Return Value to NULL Pointer Dereference | Yes |
CWE-704 | Incorrect Type Conversion or Cast | Yes |
CWE-733 | Compiler Optimization Removal or Modification of Security-critical Code | NSE |
CWE-762 | Mismatched Memory Management Routines | No |
CWE-781 | Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code | No |
CWE-782 | Exposed IOCTL with Insufficient Access Control | No |
CWE-783 | Operator Precedence Logic Error | Yes |
CWE-785 | Use of Path Manipulation Function without Maximum-sized Buffer | Yes |
CWE-787 | Out-of-bounds Write | Yes |
CWE-789 | Memory Allocation with Excessive Size Value | No |
CWE-805 | Buffer Access with Incorrect Length Value | Yes |
CWE-806 | Buffer Access Using Size of Source Buffer | Yes |
CWE-839 | Numeric Range Comparison Without Minimum Check | No |
CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Yes |
CWE-910 | Use of Expired File Descriptor | No |
CWE-911 | Improper Update of Reference Count | No |
CWE-1325 | Improperly Controlled Sequential Memory Allocation | No |
CWE-1335 | Incorrect Bitwise Shift of Integer | No |
CWE-1341 | Multiple Releases of Same Resource or Handle | No |
CWE-1154 - Weaknesses Addressed by the SEI CERT C Coding Standard
Rule ID | Description | Enforced |
|---|---|---|
CWE-1155 - Rule 01. Preprocessors (PRE) | Yes | |
CWE-1156 - Rule 02. Declarations and Initialization(DCL) | Yes | |
CWE-562 | Return of Stack Variable Address | Yes |
CWE-1157 - Rule 03. Expressions (EXP) | Yes | |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes |
CWE-125 | Out-of-bounds Read | Yes |
CWE-476 | NULL Pointer Dereference | Yes |
CWE-480 | Use of Incorrect Operator | Yes |
CWE-481 | Assigning instead of Comparing | Yes |
CWE-628 | Function Call with Incorrectly Specified Arguments | Yes |
CWE-685 | Function Call With Incorrect Number of Arguments | Yes |
CWE-686 | Function Call With Incorrect Argument Type | Yes |
CWE-690 | Unchecked Return Value to NULL Pointer Dereference | Yes |
CWE-704 | Incorrect Type Conversion or Cast | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-843 | Access of Resource Using Incompatible Type ('Type Confusion') | Yes |
CWE-908 | Use of Uninitialized Resource | Yes |
CWE-1158 - Rule 04. Integers (INT) | Yes | |
CWE-131 | Incorrect Calculation of Buffer Size | Yes |
CWE-190 | Integer Overflow or Wraparound | Yes |
CWE-191 | Integer Underflow (Wrap or Wraparound) | Yes |
CWE-192 | Integer Coercion Error | Yes |
CWE-194 | Unexpected Sign Extension | Yes |
CWE-195 | Signed to Unsigned Conversion Error | Yes |
CWE-197 | Numeric Truncation Error | Yes |
CWE-369 | Divide By Zero | Yes |
CWE-587 | Assignment of a Fixed Address to a Pointer | Yes |
CWE-680 | Integer Overflow to Buffer Overflow | Yes |
CWE-681 | Incorrect Conversion between Numeric Types | Yes |
CWE-682 | Incorrect Calculation | Yes |
CWE-704 | Incorrect Type Conversion or Cast | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-1159 - Rule 05. Floating Point (FLP) | Yes | |
CWE-197 | Numeric Truncation Error | Yes |
CWE-391 | Unchecked Error Condition | Yes |
CWE-681 | Incorrect Conversion between Numeric Types | Yes |
CWE-682 | Incorrect Calculation | Yes |
CWE-1160 - Rule 06. Arrays(ARR) | Yes | |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes |
CWE-121 | Stack-based Buffer Overflow | Yes |
CWE-123 | Write-what-where Condition | No |
CWE-125 | Out-of-bounds Read | Yes |
CWE-129 | Improper Validation of Array Index | Yes |
CWE-468 | Incorrect Pointer Scaling | Yes |
CWE-469 | Use of Pointer Subtraction to Determine Size | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-786 | Access of Memory Location Before Start of Buffer | Yes |
CWE-805 | Buffer Access with Incorrect Length Value | Yes |
CWE-1161 - Rule 07. Characters and String (STR) | Yes | |
CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer | Yes |
CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | Yes |
CWE-121 | Stack-based Buffer Overflow | Yes |
CWE-122 | Heap-based Buffer Overflow | Yes |
CWE-123 | Write-what-where Condition | No |
CWE-125 | Out-of-bounds Read | Yes |
CWE-170 | Improper Null Termination | Yes |
CWE-676 | Use of Potentially Dangerous Function | Yes |
CWE-704 | Incorrect Type Conversion or Cast | Yes |
CWE-1162 - Rule 08. Memory management (MEM) | Yes | |
CWE-131 | Incorrect Calculation of Buffer Size | Yes |
CWE-190 | Integer Overflow or Wraparound | Yes |
CWE-401 | Missing Release of Memory after Effective Lifetime | Yes |
CWE-404 | Improper Resource Shutdown or Release | No |
CWE-415 | Double Free | No |
CWE-416 | Use After Free | Yes |
CWE-459 | Incomplete Cleanup | No |
CWE-467 | Use of sizeof() on a Pointer Type | Yes |
CWE-590 | Free of Memory not on the Heap | No |
CWE-666 | Operation on Resource in Wrong Phase of Lifetime | No |
CWE-672 | Operation on a Resource after Expiration or Release | No |
CWE-680 | Integer Overflow to Buffer Overflow | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-771 | Missing Reference to Active Allocated Resource | No |
CWE-772 | Missing Release of Resource after Effective Lifetime | No |
CWE-789 | Memory Allocation with Excessive Size Value | No |
CWE-1163- Rule 09. Input Output (FIO) | Yes | |
CWE-20 | Improper Input Validation | Yes |
CWE-67 | Improper Handling of Windows Device Names | No |
CWE-134 | Use of Externally-Controlled Format String | Yes |
CWE-197 | Numeric Truncation Error | Yes |
CWE-241 | Improper Handling of Unexpected Data Type | No |
CWE-404 | Improper Resource Shutdown or Release | No |
CWE-459 | Incomplete Cleanup | No |
CWE-664 | Improper Control of a Resource Through its Lifetime | No |
CWE-666 | Operation on Resource in Wrong Phase of Lifetime | No |
CWE-672 | Operation on a Resource after Expiration or Release | No |
CWE-685 | Function Call With Incorrect Number of Arguments | Yes |
CWE-686 | Function Call With Incorrect Argument Type | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-771 | Missing Reference to Active Allocated Resource | No |
CWE-772 | Missing Release of Resource after Effective Lifetime | No |
CWE-773 | Missing Reference to Active File Descriptor or Handle | No |
CWE-775 | Missing Release of File Descriptor or Handle after Effective Lifetime | No |
CWE-910 | Use of Expired File Descriptor | No |
CWE-1165 - Rule 10. Environment (ENV) | Yes | |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Yes |
CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | Yes |
CWE-676 | Use of Potentially Dangerous Function | Yes |
CWE-705 | Incorrect Control Flow Scoping | Yes |
CWE-1166 - Rule 11. Signals (SIG) | Yes | |
CWE-479 | Signal Handler Use of a Non-reentrant Function | Yes |
CWE-662 | Improper Synchronization | No |
CWE-1167 - Rule 12. Error Handling (ERR) | Yes | |
CWE-252 | Unchecked Return Value | Yes |
CWE-253 | Incorrect Check of Function Return Value | Yes |
CWE-391 | Unchecked Error Condition | Yes |
CWE-456 | Missing Initialization of a Variable | Yes |
CWE-676 | Use of Potentially Dangerous Function | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-1169 - Rule 14. Concurrency (CON) | No | |
CWE-330 | Use of Insufficiently Random Values | No |
CWE-366 | Race Condition within a Thread | No |
CWE-377 | Insecure Temporary File | No |
CWE-667 | Improper Locking | No |
CWE-676 | Use of Potentially Dangerous Function | Yes |
CWE-1170 - Rule 48. Miscellaneous (MISC) | No | |
CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | Yes |
CWE-330 | Use of Insufficiently Random Values | No |
CWE-331 | Insufficient Entropy | No |
CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | Yes |
CWE-676 | Use of Potentially Dangerous Function | Yes |
CWE-758 | Reliance on Undefined, Unspecified, or Implementation-Defined Behavior | Yes |
CWE-1171 - Rule 50. POSIX(POS) | Yes | |
CWE-242 | Use of Inherently Dangerous Function | Yes |
CWE-252 | Unchecked Return Value | Yes |
CWE-253 | Incorrect Check of Function Return Value | Yes |
CWE-273 | Improper Check for Dropped Privileges | Yes |
CWE-363 | Race Condition Enabling Link Following | No |
CWE-391 | Unchecked Error Condition | Yes |
CWE-667 | Improper Locking | No |
CWE-696 | Incorrect Behavior Order | No |