# This file was generated from template 'codesonar/presets/cwe2022.conf.in' # # Configuration settings required by warning classes closely mapped to # one or more of the 2022 CWE Top 25 Most Dangerous Software Weaknesses. # # This part of this file was generated from 'cso_wcmanifest.py' # # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Actual Parameter Element may be null (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" # CWE:190: Integer Overflow or Wraparound WARNING_FILTER += allow class="Addition Overflow of Allocation Size" # CWE:190: Integer Overflow or Wraparound WARNING_FILTER += allow class="Addition Overflow of Size" # CWE:190: Integer Overflow or Wraparound # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Base Type Overflow/Underflow (Ada)" # CWE:20: Improper Input Validation # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast Alters Value" # CWE:190: Integer Overflow or Wraparound # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast: int Computation to long (C#)" # CWE:190: Integer Overflow or Wraparound # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast: int Computation to long (Java)" # CWE:400: Uncontrolled Resource Consumption # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Closeable Not Stored (C#)" # CWE:400: Uncontrolled Resource Consumption # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Closeable Not Stored (Java)" # CWE:94: Improper Control of Generation of Code ('Code Injection') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (Ada)" # CWE:94: Improper Control of Generation of Code ('Code Injection') # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (C#)" # CWE:94: Improper Control of Generation of Code ('Code Injection') # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (Java)" # CWE:20: Improper Input Validation # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Coercion Alters Value" # CWE:78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection" # CWE:77: Improper Neutralization of Special Elements used in a Command ('Command Injection') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Ada)" # CWE:78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (C#)" # CWE:78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Java)" # CWE:79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Ada)" # CWE:79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (C#)" # CWE:79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Java)" # CWE:79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (C#)" # CWE:79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" # CWE:362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') WARNING_FILTER += allow class="Data Race" # CWE:502: Deserialization of Untrusted Data WARNING_FILTER += allow class="Deserializable Class (Java)" # CWE:20: Improper Input Validation WARNING_FILTER += allow class="Disabled Input Validation (C#)" # CWE:94: Improper Control of Generation of Code ('Code Injection') # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Eval Used (Pylint)" # CWE:400: Uncontrolled Resource Consumption WARNING_FILTER += allow class="Excessive Stack Depth" # CWE:94: Improper Control of Generation of Code ('Code Injection') # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Exec Used (Pylint)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Field Element may be null (deep) (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Field may be null (deep) (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Field may be null (deep) (Java)" # CWE:798: Use of Hard-coded Credentials # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Authentication" # CWE:798: Use of Hard-coded Credentials # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Crypto Key" # CWE:798: Use of Hard-coded Credentials # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Crypto Salt" # CWE:119: Improper Restriction of Operations within the Bounds of a Memory Buffer WARNING_FILTER += allow class="High Risk Loop" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hostname in Condition (C#)" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hostname in Condition (Java)" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Ineffective Cleansing of Fragment Taint (Java)" # CWE:400: Uncontrolled Resource Consumption # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inefficient Instantiation (Java)" # CWE:611: Improper Restriction of XML External Entity Reference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure XSLT Execution (C#)" # CWE:611: Improper Restriction of XML External Entity Reference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure XSLT Execution (Java)" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure verifier Override for Hostname (Java)" # CWE:190: Integer Overflow or Wraparound # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Integer Overflow of Allocation Size" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Method Should Not Return null (C#)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Method Should Not Return null (Java)" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Authentication Annotation (C#)" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Authentication Annotation (Java)" # CWE:190: Integer Overflow or Wraparound WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" # CWE:190: Integer Overflow or Wraparound WARNING_FILTER += allow class="Multiplication Overflow of Size" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Check on Mutable Property (detekt)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Parameter Dereference (C#)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Parameter Dereference (Java)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference (Ada)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference (C#)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference (Java)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Null Pointer Dereference (deep) (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" # CWE:78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="OS Command Injection (Ada)" # CWE:611: Improper Restriction of XML External Entity Reference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Possible XML External Entity Reference (C#)" # CWE:611: Improper Restriction of XML External Entity Reference # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Possible XML External Entity Reference (Java)" # CWE:787: Out-of-bounds Write # CWE:125: Out-of-bounds Read # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Potential Index Error (Pylint)" # CWE:400: Uncontrolled Resource Consumption WARNING_FILTER += allow class="Potential Unbounded Loop" # CWE:400: Uncontrolled Resource Consumption # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Potential Unbounded Loop (Ada)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Return Value may Contain null Element (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Return Value may be null (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Return Value may be null (Java)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Array (C#)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Array (Java)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Boolean (Java)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Optional (Java)" # CWE:89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection" # CWE:89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Ada)" # CWE:89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (C#)" # CWE:89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Java)" # CWE:502: Deserialization of Untrusted Data WARNING_FILTER += allow class="Serialization Not Disabled (Java)" # CWE:190: Integer Overflow or Wraparound WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" # CWE:190: Integer Overflow or Wraparound WARNING_FILTER += allow class="Subtraction Underflow of Size" # CWE:20: Improper Input Validation # CWE:119: Improper Restriction of Operations within the Bounds of a Memory Buffer # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Buffer Access" # CWE:22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') WARNING_FILTER += allow class="Tainted Filename" # CWE:22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Filename (Ada)" # CWE:22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Path (C#)" # CWE:22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Path (Java)" # CWE:119: Improper Restriction of Operations within the Bounds of a Memory Buffer # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Overrun" # CWE:190: Integer Overflow or Wraparound # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Range Overflow/Underflow (Ada)" # CWE:119: Improper Restriction of Operations within the Bounds of a Memory Buffer # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Underrun" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Unchecked Parameter Dereference" language=c # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unchecked Parameter Dereference (C#)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unchecked Parameter Dereference (Java)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" # CWE:476: NULL Pointer Dereference # This check is enabled by default for the language(s) Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unsafe Call on Nullable Type (detekt)" # CWE:78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') WARNING_FILTER += allow class="Untrusted Process Creation" # CWE:416: Use After Free # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use After Free" # CWE:416: Use After Free # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use After Free (Ada)" # CWE:287: Improper Authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of Insecure verify for Hostname (Java)" # CWE:20: Improper Input Validation # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="improper input validation (Ada)" # CWE:362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="mismatched protected access (Ada)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="null Passed to Method (deep) (C#)" # CWE:476: NULL Pointer Dereference WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" # CWE:918: Server-Side Request Forgery (SSRF) # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="server side request forgery (Ada)" # CWE:362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="unprotected access (Ada)" # CWE:362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="unprotected shared access (Ada)" # # The remainder of this file was generated from template 'codesonar/presets/cwe2022.conf.in' #