# This file was generated from template 'codesonar/presets/owasp2017.conf.in' # # Configuration settings required by one or more OWASP Top 10, 2017 checks. # # This part of this file was generated from 'cso_wcmanifest.py' # # At least one of the classes enabled by this preset requires unnormalized C ASTs RETAIN_UNNORMALIZED_C_AST = Yes # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Accessing File in Permissive Mode (Java)" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Addition Overflow of Allocation Size" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Addition Overflow of Size" # OWASP-2017:A1: Injection # OWASP-2017:A3: Sensitive data exposure WARNING_FILTER += allow class="Android Message Injection (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A3: Sensitive data exposure WARNING_FILTER += allow class="Android URL Injection (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Anonymous LDAP Authentication (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Anonymous LDAP Authentication (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Bad Open Mode (Pylint)" # OWASP-2017:A8: Insecure deserialization # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Buffer Overrun" # OWASP-2017:A8: Insecure deserialization # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Buffer Underrun" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Certificate Added to Root Store (C#)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Certificate Added to Root Store (Java)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Class Enables Debug Features (C#)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Class Enables Debug Features (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (Ada)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Ada)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Java)" # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Commented-out Code" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Ada)" # OWASP-2017:A1: Injection # OWASP-2017:A7: Cross site scripting (XSS) # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (C#)" # OWASP-2017:A1: Injection # OWASP-2017:A7: Cross site scripting (XSS) # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A7: Cross site scripting (XSS) # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (C#)" # OWASP-2017:A1: Injection # OWASP-2017:A7: Cross site scripting (XSS) # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Risky Default Cipher (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Risky Default Cipher (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Cipher (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Cipher (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Hash (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Hash (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DLL Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DLL Injection (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DOS Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DOS Injection (Java)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Call (C#)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Call (Java)" # OWASP-2017:A10: Insufficient logging and monitoring # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Warning (C#)" # OWASP-2017:A10: Insufficient logging and monitoring # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Warning (Java)" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Cryptography Provider (C#)" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Cryptography Provider (Java)" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Method (Pylint)" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Module (Pylint)" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Deprecated Transfer Protocol (C#)" # OWASP-2017:A6: Security misconfiguration # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Deprecated Transfer Protocol (Java)" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Deserializable Class (C#)" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Deserializable Class (Java)" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Deserializing Non-Serializable Class (Java)" # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Disabled Input Validation (C#)" # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Encryption without Padding" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Eval Used (Pylint)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Exec Used (Pylint)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Python # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Forgotten Debug Statement (Pylint)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String Injection" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String Injection (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Fragment Injection (Java)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Authentication" # OWASP-2017:A5: Broken access control # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Crypto Key" # OWASP-2017:A5: Broken access control # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Crypto Salt" # OWASP-2017:A6: Security misconfiguration WARNING_FILTER += allow class="Hardcoded DNS Name" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Filename (C#)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Filename (Java)" # OWASP-2017:A6: Security misconfiguration WARNING_FILTER += allow class="Hardcoded IP Address (C#)" # OWASP-2017:A6: Security misconfiguration WARNING_FILTER += allow class="Hardcoded IP Address (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Password (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Password (Java)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Seed in PRNG" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hostname in Condition (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hostname in Condition (Java)" # OWASP-2017:A2: Broken authentication WARNING_FILTER += allow class="Inadequate Salt (C#)" # OWASP-2017:A2: Broken authentication WARNING_FILTER += allow class="Inadequate Salt (Java)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Cookie (C#)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Cookie (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Key Derivation (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Key Derivation (Java)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure XSLT Execution (C#)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure XSLT Execution (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure verifier Override for Hostname (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure verify Override for Certificate (Java)" # OWASP-2017:A8: Insecure deserialization # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Integer Overflow of Allocation Size" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="JavaScript Enabled (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="JavaScript File Access from File URLs (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="KDoc References Non Public Property (detekt)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LDAP Authentication Disabled (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LDAP Injection" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Library Injection" # OWASP-2017:A6: Security misconfiguration WARNING_FILTER += allow class="Memory Protection Removal" # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Method Disables Security Setting (C#)" # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Method Disables Security Setting (Java)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Method Enables Debug Features (C#)" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Method Enables Debug Features (Java)" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Method Should be final (C#)" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Method Should be final (Java)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Authentication Annotation (C#)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Authentication Annotation (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Call to super (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing JavaScript Entry Point (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing JavaScript Execution (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing isValidFragment Override (Java)" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Multiplication Overflow of Size" # OWASP-2017:A10: Insufficient logging and monitoring WARNING_FILTER += allow class="Not Enough Assertions" # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Not Implemented Declaration (detekt)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Security Descriptor" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="OS Command Injection (Ada)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Open Redirect (C#)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Open Redirect (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Password in Property File (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Password in Property File (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Permissive File Mode (Java)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Plaintext Storage of Password" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Pointer Arithmetic" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Pointer Before Beginning of Object" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Pointer Past End of Object" # OWASP-2017:A4: XML external entities # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Possible XML External Entity Reference (C#)" # OWASP-2017:A4: XML external entities # OWASP-2017:A6: Security misconfiguration # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Possible XML External Entity Reference (Java)" # OWASP-2017:A3: Sensitive data exposure # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Redundant Condition" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Injection (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Algorithm (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Algorithm (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Field (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Field (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Algorithm (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Algorithm (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Field (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Field (Java)" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky JavaScript Interface (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Ada)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Java)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Security Annotation Conflict (C#)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Security Annotation Conflict (Java)" # OWASP-2017:A3: Sensitive data exposure WARNING_FILTER += allow class="Sensitive Data Cached (Java)" # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Static Field Too Visible (Java)" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" # OWASP-2017:A8: Insecure deserialization WARNING_FILTER += allow class="Subtraction Underflow of Size" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted @Trusted Value (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted @Trusted Value (Java)" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Tainted Allocation Size" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Allocation Size (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Allocation Size (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A8: Insecure deserialization # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Buffer Access" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Bundle (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Bundle (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A6: Security misconfiguration WARNING_FILTER += allow class="Tainted Configuration Setting" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Control (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Control (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Data in Vulnerable Method (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Environment Variable" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Expression Evaluation (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Expression Evaluation (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Tainted Filename" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Ada # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Filename (Ada)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted HTTP Response (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted HTTP Response (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Hardware Device Property (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Hardware Device Property (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Attribute (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Attribute (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Filter (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Filter (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A10: Insufficient logging and monitoring # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Log (C#)" # OWASP-2017:A1: Injection # OWASP-2017:A10: Insufficient logging and monitoring # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Log (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Message (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Message (Java)" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Tainted Network Address" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Network Address (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Network Address (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Path (C#)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Path (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Regular Expression (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Regular Expression (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Resource (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Resource (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Session (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Session (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted URL (C#)" # OWASP-2017:A1: Injection # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted URL (Java)" # OWASP-2017:A1: Injection # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A5: Broken access control # OWASP-2017:A7: Cross site scripting (XSS) WARNING_FILTER += allow class="Tainted Write" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XAML (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XAML (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XML (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XML (Java)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Xpath (C#)" # OWASP-2017:A1: Injection # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Xpath (Java)" # OWASP-2017:A8: Insecure deserialization # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Overrun" # OWASP-2017:A8: Insecure deserialization # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Underrun" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Universal JavaScript Access to File URLs (Java)" # OWASP-2017:A2: Broken authentication WARNING_FILTER += allow class="Unsafe Base64 Encoding (C#)" # OWASP-2017:A2: Broken authentication WARNING_FILTER += allow class="Unsafe Base64 Encoding (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unsafe Session Expiration Time (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unsafe Session Expiration Time (Java)" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Untrusted Library Load" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Untrusted Network Host" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Untrusted Network Port" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Untrusted Process Creation" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of AddAccessAllowedAce" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of AddAccessDeniedAce" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of AfxLoadLibrary" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of CoLoadLibrary" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of CreateFile" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of CreateProcess" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of CreateThread" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of FormatMessage" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of GetTempFileName" # OWASP-2017:A5: Broken access control # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of Hardware ID (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of Insecure verify for Certificate (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of Insecure verify for Hostname (Java)" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of LoadLibrary" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of LoadModule" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of MoveFile" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of OemToAnsi" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of OemToChar" # OWASP-2017:A4: XML external entities WARNING_FILTER += allow class="Use of XML_ExternalEntityParserCreate" # OWASP-2017:A2: Broken authentication # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of crypt" # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Use of cuserid" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of drem" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of gamma" # OWASP-2017:A5: Broken access control WARNING_FILTER += allow class="Use of getlogin" # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of gets" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of mkstemp" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of mktemp" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of rand" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of rand48 Function" # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of random" # OWASP-2017:A1: Injection WARNING_FILTER += allow class="Use of system" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of tmpfile" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of tmpfile_s" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of tmpnam" # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Use of tmpnam_s" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Cryptographic Value (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Cryptographic Value (Java)" # OWASP-2017:A2: Broken authentication # OWASP-2017:A3: Sensitive data exposure # OWASP-2017:A5: Broken access control # OWASP-2017:A9: Using components with known vulnerabilities WARNING_FILTER += allow class="Weak Cryptography" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm Field (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm Field (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Field (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Field (Java)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Value (C#)" # OWASP-2017:A2: Broken authentication # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Value (Java)" # # The remainder of this file was generated from template 'codesonar/presets/owasp2017.conf.in' #