Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to the Common Weakness Enumeration (CWE)

The Common Weakness Enumeration (CWE) is a category system for software weaknesses and vulnerabilities. It is sustained by a community project with the goals of understanding flaws in software and creating automated tools that can be used to identify, fix, and prevent those flaws.

CCR (Coverage Claims Representation) for PVS-Studio is available here.

C/C++ warnings

Error Code

Error Description

Mapping

V501

Identical sub-expressions to the left and to the right of 'foo' operator.

CWE-570, CWE-571

V502

The '?:' operator may not work as expected. The '?:' operator has a lower priority than the 'foo' operator.

CWE-783

V503

Nonsensical comparison: pointer < 0.

CWE-697

V504

Semicolon ';' is probably missing after the 'return' keyword.

CWE-841

V505

The 'alloca' function is used inside the loop. This can quickly overflow stack.

CWE-770

V506

Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid.

CWE-562

V507

Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid.

CWE-562

V508

The 'new type(n)' pattern was detected. Probably meant: 'new type[n]'.

CWE-480

V509

Exceptions raised inside noexcept functions must be wrapped in a try..catch block.

CWE-248, CWE-703

V510

The 'Foo' function receives class-type variable as Nth actual argument. This is unexpected behavior.

CWE-686

V511

The sizeof() operator returns pointer size instead of array size.

CWE-467

V512

Call of the 'Foo' function will lead to buffer overflow.

CWE-119, CWE-125, CWE-193, CWE-467, CWE-682, CWE-787, CWE-806

V513

Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions.

CWE-676

V514

Potential logical error. Size of a pointer is divided by another value.

CWE-131

V515

The 'delete' operator is applied to non-pointer.

CWE-763

V516

Non-null function pointer is compared to null. Consider inspecting the expression.

CWE-570, CWE-571

V517

Potential logical error. The 'if (A) {...} else if (A) {...}' pattern was detected.

CWE-570

V518

The 'malloc' function allocates suspicious amount of memory calculated by 'strlen(expr)'. Perhaps the correct expression is strlen(expr) + 1.

CWE-131

V519

The 'x' variable is assigned values twice successively. Perhaps this is a mistake.

CWE-563

V520

Comma operator ',' in array index expression.

CWE-480

V521

Expressions that use comma operator ',' are dangerous. Make sure the expression is correct.

CWE-480

V522

Possible null pointer dereference.

CWE-476, CWE-690

V523

The 'then' statement is equivalent to the 'else' statement.

CWE-691

V525

Code contains collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ...

CWE-682

V526

The 'strcmp' function returns 0 if corresponding strings are equal. Consider inspecting the condition for mistakes.

CWE-253

V527

The 'zero' value is assigned to pointer. Probably meant: *ptr = zero.

CWE-351

V528

Pointer is compared with 'zero' value. Probably meant: *ptr != zero.

CWE-697

V529

Suspicious semicolon ';' after 'if/for/while' operator.

CWE-670

V530

Return value of 'Foo' function is required to be used.

CWE-252

V531

The sizeof() operator is multiplied by sizeof(). Consider inspecting the expression.

CWE-131

V532

Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'.

CWE-480

V533

It is possible that a wrong variable is incremented inside the 'for' operator. Consider inspecting 'X'.

CWE-691

V534

It is possible that a wrong variable is compared inside the 'for' operator. Consider inspecting 'X'.

CWE-691

V535

The 'X' variable is used for this loop and outer loops.

CWE-691

V536

Constant value is represented by an octal form.

CWE-682

V537

Potential incorrect use of item 'X'. Consider inspecting the expression.

CWE-682

V539

Iterators are passed as arguments to 'Foo' function. Consider inspecting the expression.

CWE-688

V540

Member 'x' should point to string terminated by two 0 characters.

CWE-628

V541

String is printed into itself. Consider inspecting the expression.

CWE-628

V542

Suspicious type cast: 'Type1' to ' Type2'. Consider inspecting the expression.

CWE-704

V543

It is suspicious that value 'X' is assigned to the variable 'Y' of HRESULT type.

CWE-704

V544

It is suspicious that the value 'X' of HRESULT type is compared with 'Y'.

CWE-253

V545

Conditional expression of 'if' statement is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead.

CWE-253

V546

The 'Foo(Foo)' class member is initialized with itself.

CWE-665

V547

Expression is always true/false.

CWE-570, CWE-571

V548

TYPE X[][] is not equivalent to TYPE **X. Consider inspecting type casting.

CWE-704

V549

The 'first' argument of 'Foo' function is equal to the 'second' argument.

CWE-688

V550

Suspicious precise comparison. Consider using a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon.

CWE-682

V551

Unreachable code under a 'case' label.

CWE-561

V552

A bool type variable is incremented. Perhaps another variable should be incremented instead.

CWE-480

V554

Incorrect use of smart pointer.

CWE-762

V555

Expression of the 'A - B > 0' kind will work as 'A != B'.

CWE-191

V556

Values of different enum types are compared.

CWE-697

V557

Possible array overrun.

CWE-119, CWE-125, CWE-787

V558

Function returns pointer/reference to temporary local object.

CWE-562

V559

Suspicious assignment inside the conditional expression of 'if/while/for' statement.

CWE-481

V560

Part of conditional expression is always true/false.

CWE-570, CWE-571

V561

Consider assigning value to 'foo' variable instead of declaring it anew.

CWE-563

V562

Bool type value is compared with value of N. Consider inspecting the expression.

CWE-563

V563

An 'else' branch may apply to the previous 'if' statement.

CWE-670

V564

The '&' or '|' operator is applied to bool type value. Check for missing parentheses or use the '&&' or '||' operator.

CWE-480

V565

Empty exception handler. Silent suppression of exceptions can hide errors in source code during testing.

CWE-1069, CWE-390, CWE-544

V566

Integer constant is converted to pointer. Check for an error or bad coding style.

CWE-587

V567

Modification of variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior.

CWE-758

V568

It is suspicious that the argument of sizeof() operator is the expression.

CWE-131

V569

Truncation of constant value.

CWE-197

V570

Variable is assigned to itself.

CWE-480

V571

Recurring check. This condition was already verified in previous line.

CWE-571

V572

Object created using 'new' operator is immediately cast to another type. Consider inspecting the expression.

CWE-665

V573

Use of uninitialized variable 'Foo'. The variable was used to initialize itself.

CWE-457

V574

Pointer is used both as an array and as a pointer to single object.

CWE-823

V575

Function receives suspicious argument.

CWE-628

V576

Incorrect format. Consider checking the Nth actual argument of the 'Foo' function.

CWE-628, CWE-685, CWE-686, CWE-687

V577

Label is present inside switch(). Check for typos and consider using the 'default:' operator instead.

CWE-478

V578

Suspicious bitwise operation was detected. Consider inspecting it.

CWE-480

V579

The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument.

CWE-467

V580

Suspicious explicit type casting. Consider inspecting the expression.

CWE-843

V581

Conditional expressions of 'if' statements located next to each other are identical.

CWE-670

V582

Consider reviewing the source code that uses the container.

CWE-119, CWE-125, CWE-787

V583

The '?:' operator, regardless of its conditional expression, always returns the same value.

CWE-783

V584

Same value is present on both sides of the operator. The expression is incorrect or can be simplified.

CWE-480

V585

Attempt to release memory that stores the 'Foo' local variable.

CWE-762

V586

The 'Foo' function is called twice to deallocate the same resource.

CWE-415, CWE-675

V588

Expression of the 'A =+ B' kind is used. Possibly meant: 'A += B'. Consider inspecting the expression.

CWE-480

V589

Expression of the 'A =- B' kind is used. Possibly meant: 'A -= B'. Consider inspecting the expression.

CWE-480

V590

Possible excessive expression or typo. Consider inspecting the expression.

CWE-571

V591

Non-void function must return value.

CWE-393

V593

Expression 'A = B == C' is calculated as 'A = (B == C)'. Consider inspecting the expression.

CWE-783

V594

Pointer to array is out of array bounds.

CWE-823

V595

Pointer was used before its check for nullptr. Check lines: N1, N2.

CWE-476

V596

Object was created but is not used. Check for missing 'throw' keyword.

CWE-390

V597

Compiler may delete 'memset' function call that is used to clear 'Foo' buffer. Use the RtlSecureZeroMemory() function to erase private data.

CWE-14

V598

Memory manipulation function is used to work with a class object containing a virtual table pointer. The result of such an operation may be unexpected.

CWE-665

V599

The virtual destructor is not present, although the 'Foo' class contains virtual functions.

CWE-1079

V600

The 'Foo' pointer is always not equal to NULL. Consider inspecting the condition.

CWE-570, CWE-571

V601

Suspicious implicit type casting.

CWE-704

V602

The '<' operator should probably be replaced with '<<'. Consider inspecting this expression.

CWE-480

V603

Object was created but not used. If you wish to call constructor, use 'this->Foo::Foo(....)'.

CWE-665

V604

Number of iterations in loop equals size of a pointer. Consider inspecting the expression.

CWE-682

V605

Unsigned value is compared to the NN number. Consider inspecting the expression.

CWE-682

V607

Ownerless expression 'Foo'.

CWE-482

V608

Recurring sequence of explicit type casts.

CWE-704

V609

Possible division or mod by zero.

CWE-369

V610

Undefined behavior. Check the shift operator.

CWE-758

V611

Memory allocation and deallocation methods are incompatible.

CWE-590, CWE-762

V612

Unconditional 'break/continue/return/goto' within a loop.

CWE-670

V613

Suspicious pointer arithmetic with 'malloc/new'.

CWE-761

V614

Use of 'Foo' uninitialized variable.

CWE-457, CWE-824

V615

Suspicious explicit conversion from 'float *' type to 'double *' type.

CWE-704

V616

Use of 'Foo' named constant with 0 value in bitwise operation.

CWE-480

V617

Argument of the '|' bitwise operation always contains non-zero value. Consider inspecting the condition.

CWE-480

V618

Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str);

CWE-134

V619

Array is used as pointer to single object.

CWE-480

V620

Expression of sizeof(T)*N kind is summed up with pointer to T type. Consider inspecting the expression.

CWE-682

V621

Loop may execute incorrectly or may not execute at all. Consider inspecting the 'for' operator.

CWE-835

V622

First 'case' operator may be missing. Consider inspecting the 'switch' statement.

CWE-478

V623

Temporary object is created and then destroyed. Consider inspecting the '?:' operator.

CWE-416

V624

Use of constant NN. The resulting value may be inaccurate. Consider using the M_NN constant from <math.h>.

CWE-547

V625

Initial and final values of the iterator are the same. Consider inspecting the 'for' operator.

CWE-691

V626

It's possible that ',' should be replaced by ';'. Consider checking for typos.

CWE-483

V627

Argument of sizeof() is a macro, which expands to a number. Consider inspecting the expression.

CWE-682

V628

It is possible that a line was commented out improperly, thus altering the program's operation logic.

CWE-670

V629

Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. Consider inspecting the expression.

CWE-190

V630

The 'malloc' function is used to allocate memory for an array of objects that are classes containing constructors/destructors.

CWE-665

V631

Defining absolute path to file or directory is considered a poor coding style. Consider inspecting the 'Foo' function call.

CWE-30, CWE-37, CWE-39

V632

Argument is of the 'T' type. Consider inspecting the NN argument of the 'Foo' function.

CWE-686

V633

The '!=' operator should probably be used here. Consider inspecting the expression.

CWE-480

V634

Priority of '+' operation is higher than priority of '<<' operation. Consider using parentheses in the expression.

CWE-783

V635

Length should be probably multiplied by sizeof(wchar_t). Consider inspecting the expression.

CWE-135

V636

Expression was implicitly cast from integer type to real type. Consider using an explicit type cast to avoid overflow or loss of a fractional part.

CWE-682

V637

Use of two opposite conditions. The second condition is always false.

CWE-570

V638

Terminal null is present inside a string. Use of '\0xNN' characters. Probably meant: '\xNN'.

CWE-665

V639

One of closing ')' parentheses is probably positioned incorrectly. Consider inspecting the expression for function call.

CWE-685

V640

Code's operational logic does not correspond with its formatting.

CWE-483

V641

Buffer size is not a multiple of element size.

CWE-704

V642

Function result is saved inside the 'byte' type variable. Significant bits may be lost. This may break the program's logic.

CWE-197

V643

Suspicious pointer arithmetic. Value of 'char' type is added to a string pointer.

CWE-480

V644

Suspicious function declaration. Consider creating a 'T' type object.

CWE-664

V645

Function call may lead to buffer overflow. Bounds should not contain size of a buffer, but a number of characters it can hold.

CWE-193, CWE-787

V646

The 'else' keyword may be missing. Consider inspecting the program's logic.

CWE-670

V647

Value of 'A' type is assigned to a pointer of 'B' type.

CWE-587

V648

Priority of '&&' operation is higher than priority of '||' operation.

CWE-783

V649

Two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless.

CWE-561

V650

Type casting is used 2 times in a row. The '+' operation is executed. Probably meant: (T1)((T2)a + b).

CWE-468

V651

Suspicious operation of 'sizeof(X)/sizeof(T)' kind, where 'X' is of the 'class' type.

CWE-682

V652

Operation is executed 3 or more times in a row.

CWE-480

V653

Suspicious string consisting of two parts is used for initialization. Comma may be missing.

CWE-665

V654

Condition of a loop is always true/false.

CWE-834

V655

Strings were concatenated but not used. Consider inspecting the expression.

CWE-480

V656

Variables are initialized through the call to the same function. It's probably an error or un-optimized code.

CWE-665

V657

Function always returns the same value of NN. Consider inspecting the function.

CWE-393

V658

Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly.

CWE-190

V660

Program contains an unused label and function call: 'CC:AA()'. Probably meant: 'CC::AA()'.

CWE-480

V662

Different containers are used to set up initial and final values of iterator. Consider inspecting the loop expression.

CWE-758

V663

Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the 'cin.fail()' function call to the conditional expression.

CWE-834

V664

Pointer is dereferenced on the initialization list before its check for null inside the body of a constructor function.

CWE-476

V666

Value may not correspond with the length of a string passed with YY argument. Consider inspecting the NNth argument of the 'Foo' function.

CWE-805

V667

The 'throw' operator does not have any arguments and is not located within the 'catch' block.

CWE-480

V668

Possible meaningless check for null, as memory was allocated using 'new' operator. Memory allocation will lead to an exception.

CWE-570, CWE-571

V670

Uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class.

CWE-457

V671

The 'swap' function may interchange a variable with itself.

CWE-687

V673

More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

CWE-190

V674

Expression contains a suspicious mix of integer and real types.

CWE-682

V676

Incorrect comparison of BOOL type variable with TRUE.

CWE-253

V678

Object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function.

CWE-688

V679

The 'X' variable was not initialized. This variable is passed by reference to the 'Foo' function in which its value will be used.

CWE-457

V680

The 'delete A, B' expression only destroys the 'A' object. Then the ',' operator returns a resulting value from the right side of the expression.

CWE-401

V681

The language standard does not define order in which 'Foo' functions are called during evaluation of arguments.

CWE-758

V683

The 'i' variable should probably be incremented instead of the 'n' variable. Consider inspecting the loop expression.

CWE-190

V684

Value of variable is not modified. It is possible that '1' should be present instead of '0'. Consider inspecting the expression.

CWE-682

V685

The expression contains a comma. Consider inspecting the return statement.

CWE-480

V686

Pattern A || (A && ...) was detected. The expression is excessive or contains a logical error.

CWE-571

V687

Size of array calculated by sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]).

CWE-682

V689

Destructor of 'Foo' class is not declared as virtual. A smart pointer may not destroy an object correctly.

CWE-404

V692

Inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, use a string ending with a null terminator in the first place.

CWE-788

V693

It is possible that 'i < X.size()' should be used instead of 'X.size()'. Consider inspecting conditional expression of the loop.

CWE-835

V694

The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.

CWE-571

V695

Range intersections are possible within conditional expressions.

CWE-561, CWE-670

V696

The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false.

CWE-670

V697

Number of elements in the allocated array equals the size of a pointer in bytes.

CWE-682

V698

Functions of strcmp() kind can return any values, not only -1, 0, or 1.

CWE-253

V699

It is possible that 'foo = bar == baz ? .... : ....' should be used here instead of 'foo = bar = baz ? .... : ....'. Consider inspecting the expression.

CWE-481

V700

It is suspicious that variable is initialized through itself. Consider inspecting the 'T foo = foo = x;' expression.

CWE-480

V701

Possible realloc() leak: when realloc() fails to allocate memory, original pointer is lost. Consider assigning realloc() to a temporary pointer.

CWE-401

V702

Classes should always be derived from std::exception (and alike) as 'public'.

CWE-544

V704

The expression is always false on newer compilers. Avoid using 'this == 0' comparison.

CWE-570, CWE-571

V705

It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.

CWE-691

V706

Suspicious division: sizeof(X) / Value. Size of every element in X array is not equal to divisor.

CWE-682

V708

Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior.

CWE-758

V709

Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'.

CWE-682

V712

Compiler may optimize out this loop or make it infinite. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-835

V713

Pointer was used in the logical expression before its check for nullptr in the same logical expression.

CWE-476

V714

Variable is not passed into foreach loop by reference, but its value is changed inside of the loop.

CWE-563

V715

The 'while' operator has empty body. This pattern is suspicious.

CWE-691

V716

Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT).

CWE-704

V717

It is suspicious to cast object of base class V to derived class U.

CWE-843

V721

The VARIANT_BOOL type is used incorrectly. The true value (VARIANT_TRUE) is defined as -1.

CWE-665, CWE-697

V722

Abnormality within similar comparisons. It is possible that a typo is present inside the expression.

CWE-697

V723

Function returns a pointer to the internal string buffer of a local object, which will be destroyed.

CWE-416

V724

Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'.

CWE-197

V725

Dangerous cast of 'this' to 'void*' type in the 'Base' class, as it is followed by a subsequent cast to 'Class' type.

CWE-704

V726

Attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function.

CWE-761

V727

Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'.

CWE-783

V728

Excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'x' and '!x'.

CWE-570

V730

Not all members of a class are initialized inside the constructor.

CWE-457

V731

The variable of char type is compared with pointer to string.

CWE-665

V732

Unary minus operator does not modify a bool type value.

CWE-480

V733

It is possible that macro expansion resulted in incorrect evaluation order.

CWE-783

V736

The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array.

CWE-758

V737

It is possible that ',' comma is missing at the end of the string.

CWE-665

V738

Temporary anonymous object is used.

CWE-672

V739

EOF should not be compared with a value of the 'char' type. Consider using the 'int' type.

CWE-20

V741

Use of the throw (a, b); pattern. It is possible that type name was omitted: throw MyException(a, b);.

CWE-480

V742

Function receives an address of a 'char' type variable instead of pointer to a buffer.

CWE-170

V743

The memory areas must not overlap. Use 'memmove' function.

CWE-475

V744

Temporary object is immediately destroyed after being created. Consider naming the object.

CWE-664

V745

A 'wchar_t *' type string is incorrectly converted to 'BSTR' type string.

CWE-704

V747

Suspicious expression inside parentheses. A function name may be missing.

CWE-480

V748

Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function.

CWE-762

V749

Destructor of the object will be invoked a second time after leaving the object's scope.

CWE-675

V752

Creating an object with placement new requires a buffer of large size.

CWE-788

V753

The '&=' operation always sets a value of 'Foo' variable to zero.

CWE-682

V755

Copying from potentially tainted data source. Buffer overflow is possible.

CWE-123

V757

It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'.

CWE-690

V758

Reference was invalidated because of destruction of the temporary object returned by the function.

CWE-416

V759

Violated order of exception handlers. Exception caught by handler for base class.

CWE-703

V762

Consider inspecting virtual function arguments. See NN argument of function 'Foo' in derived class and base class.

CWE-670

V764

Possible incorrect order of arguments passed to function.

CWE-683

V765

Compound assignment expression 'X += X + N' is suspicious. Consider inspecting it for a possible error.

CWE-682

V766

An item with the same key has already been added.

CWE-462

V768

Variable is of enum type. It is suspicious that it is used as a variable of a Boolean-type.

CWE-570, CWE-571

V769

The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used.

CWE-119

V770

Possible use of left shift operator instead of comparison operator.

CWE-480

V772

Calling the 'delete' operator for a void pointer will cause undefined behavior.

CWE-758

V773

Function exited without releasing the pointer/handle. A memory/resource leak is possible.

CWE-401, CWE-775

V774

Pointer was used after the memory was released.

CWE-416

V775

It is suspicious that the BSTR data type is compared using a relational operator.

CWE-1023

V776

Potentially infinite loop. The variable in the loop exit condition does not change its value between iterations.

CWE-835

V777

Dangerous widening type conversion from an array of derived-class objects to a base-class pointer.

CWE-468

V778

Two similar code fragments. Perhaps, it is a typo and 'X' variable should be used instead of 'Y'.

CWE-682

V779

Unreachable code was detected. It is possible that an error is present.

CWE-561

V781

Value of a variable is checked after it is used. Possible error in program's logic. Check lines: N1, N2.

CWE-129, CWE-20, CWE-789

V782

It is pointless to compute the distance between the elements of different arrays.

CWE-469

V783

Possible dereference of invalid iterator 'X'.

CWE-119

V784

The size of the bit mask is less than the size of the first operand. This will cause the loss of the higher bits.

CWE-197

V785

Constant expression in switch statement.

CWE-691

V786

Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B].

CWE-197

V788

Review captured variable in lambda expression.

CWE-457

V789

Iterators for the container, used in the range-based for loop, become invalid upon a function call.

CWE-672

V791

The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.

CWE-691

V792

The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead.

CWE-691

V793

It is suspicious that the result of the statement is a part of the condition. Perhaps, this statement should have been compared with something else.

CWE-691

V796

A 'break' statement is probably missing in a 'switch' statement.

CWE-484

V797

The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos.

CWE-253

V798

The size of the dynamic array can be less than the number of elements in the initializer.

CWE-789

V1001

Variable is assigned but not used by the end of the function.

CWE-563

V1002

Class that contains pointers, constructor and destructor is copied by the automatically generated operator= or copy constructor.

CWE-665

V1004

Pointer was used unsafely after its check for nullptr.

CWE-119, CWE-476, CWE-628

V1005

The resource was acquired using 'X' function but was released using incompatible 'Y' function.

CWE-404

V1006

Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur.

CWE-675

V1007

Value from the uninitialized optional is used. It may be an error.

CWE-457

V1008

No more than one iteration of the loop will be performed. Consider inspecting the 'for' operator.

CWE-691

V1009

Check the array initialization. Only the first element is initialized explicitly.

CWE-665

V1010

Unchecked tainted data is used in expression.

CWE-134, CWE-138, CWE-20, CWE-78

V1012

The expression is always false. Overflow check is incorrect.

CWE-192

V1013

Suspicious subexpression in a sequence of similar comparisons.

CWE-670

V1014

Structures with members of real type are compared byte-wise.

CWE-682

V1015

Suspicious simultaneous use of bitwise and logical operators.

CWE-480

V1016

The value is out of range of enum values. This causes unspecified or undefined behavior.

CWE-681

V1017

Variable of the 'string_view' type references a temporary object, which will be removed after evaluation of an expression.

CWE-416

V1018

Usage of a suspicious mutex wrapper. It is probably unused, uninitialized, or already locked.

CWE-413, CWE-833

V1019

Compound assignment expression is used inside condition.

CWE-480

V1020

Function exited without performing epilogue actions. It is possible that there is an error.

CWE-772

V1021

The variable is assigned the same value on several loop iterations.

CWE-835

V1022

Exception was thrown by pointer. Consider throwing it by value instead.

CWE-755

V1023

A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception.

CWE-460

V1024

Potential use of invalid data. The stream is checked for EOF before reading from it but is not checked after reading.

CWE-20

V1025

New variable with default value is created instead of 'std::unique_lock' that locks on the mutex.

CWE-820

V1026

The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

CWE-190

V1027

Pointer to an object of the class is cast to unrelated class.

CWE-704

V1028

Possible overflow. Consider casting operands, not the result.

CWE-190

V1029

Numeric Truncation Error. Return value of function is written to N-bit variable.

CWE-197

V1032

Pointer is cast to a more strictly aligned pointer type.

CWE-843

V1034

Do not use real-type variables as loop counters.

CWE-834

V1036

Potentially unsafe double-checked locking.

CWE-609

V1037

Two or more case-branches perform the same actions.

CWE-691

V1038

It is suspicious that a char or string literal is added to a pointer.

CWE-468

V1041

Class member is initialized with dangling reference.

CWE-825

V1042

This file is marked with copyleft license, which requires you to open the derived source code.

CWE-1177

V1044

Loop break conditions do not depend on the number of iterations.

CWE-834

V1045

The DllMain function throws an exception. Consider wrapping the throw operator in a try..catch block.

CWE-248, CWE-703

V1046

Unsafe usage of the 'bool' and integer types together in the operation '&='.

CWE-682

V1047

Lifetime of the lambda is greater than lifetime of the local variable captured by reference.

CWE-672

V1048

Variable 'foo' was assigned the same value.

CWE-1164

V1050

Uninitialized class member is used when initializing the base class.

CWE-457

V1051

It is possible that an assigned variable should be checked in the next condition. Consider checking for typos.

CWE-754

V1055

The 'sizeof' expression returns the size of the container type, not the number of elements. Consider using the 'size()' function.

CWE-131

V1057

Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time.

CWE-337

V1058

Nonsensical comparison of two different functions' addresses.

CWE-1025

V1063

The modulo by 1 operation is meaningless. The result will always be zero.

CWE-682

V1064

The left operand of integer division is less than the right one. The result will always be zero.

CWE-682

V1065

Expression can be simplified: check similar operands.

CWE-682

V1066

The 'SysFreeString' function should be called only for objects of the 'BSTR' type.

CWE-762

V1067

Throwing from exception constructor may lead to unexpected behavior.

CWE-755

V1070

Signed value is converted to an unsigned one with subsequent expansion to a larger type in ternary operator.

CWE-681

V1072

Buffer needs to be securely cleared on all execution paths.

CWE-212

V1073

Check the following code block after the 'if' statement. Consider checking for typos.

CWE-483

V1076

Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor.

CWE-94

V1077

Constructor contains potentially uninitialized members.

CWE-457

V1080

Call of 'std::is_constant_evaluated' function always returns the same value.

CWE-570, CWE-571

V1081

Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior.

CWE-190

V1083

Signed integer overflow in arithmetic expression. This leads to undefined behavior.

CWE-190

V1084

The expression is always true/false. The value is out of range of enum values.

CWE-1024

V1085

Negative value is implicitly converted to unsigned integer type in arithmetic expression.

CWE-190

V1086

Call of the 'Foo' function will lead to buffer underflow.

CWE-119, CWE-467, CWE-682

V1087

Upper bound of case range is less than its lower bound. This case may be unreachable.

CWE-670

V1088

No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues.

CWE-821

V1090

The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'.

CWE-248

V1091

The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior.

CWE-704

V1095

Usage of potentially invalid handle. The value should be non-negative.

CWE-775

V1098

The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved object can be destroyed even if there is no insertion.

CWE-826

V1099

Using the function of uninitialized derived class while initializing the base class will lead to undefined behavior.

CWE-908

V1100

Unreal Engine. Declaring a pointer to a type derived from 'UObject' in a class that is not derived from 'UObject' is dangerous. The pointer may start pointing to an invalid object after garbage collection.

CWE-826

V1101

Changing the default argument of a virtual function parameter in a derived class may result in unexpected behavior.

CWE-665

V1103

The values of padding bytes are unspecified. Comparing objects with padding using 'memcmp' may lead to unexpected result.

CWE-188

V1104

Priority of the 'M' operator is higher than that of the 'N' operator. Possible missing parentheses.

CWE-783

V2001

Consider using the extended version of the 'foo' function here.

CWE-477

V2002

Consider using the 'Ptr' version of the 'foo' function here.

CWE-477

V2003

Explicit conversion from 'float/double' type to signed integer type.

CWE-681

V2004

Explicit conversion from 'float/double' type to unsigned integer type.

CWE-681

V2007

This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake.

CWE-480

V2008

Cyclomatic complexity: NN. Consider refactoring the 'Foo' function.

CWE-407

V2013

Consider inspecting the correctness of handling the N argument in the 'Foo' function.

CWE-704

V2016

Consider inspecting the function call. The function was annotated as dangerous.

CWE-1177

V2509

MISRA. The function with the 'abort/exit/getenv/system' name should not be used.

CWE-676

V2510

MISRA. The function with the 'qsort/bsearch' name should not be used.

CWE-676

V2511

MISRA. Memory allocation and deallocation functions should not be used.

CWE-676

V2512

MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used.

CWE-676

V2513

MISRA. Unbounded functions performing string operations should not be used.

CWE-676

V2599

MISRA. The standard signal handling functions should not be used.

CWE-676

V2600

MISRA. The standard input/output functions should not be used.

CWE-676

V2619

MISRA. Typedef names should be unique across all name spaces.

CWE-676

V5001

OWASP. It is highly probable that the semicolon ';' is missing after 'return' keyword.

CWE-841

V5002

OWASP. An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.

CWE-1069, CWE-390, CWE-544

V5003

OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V5004

OWASP. Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

CWE-190

V5005

OWASP. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

CWE-190

V5006

OWASP. More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

CWE-190

V5007

OWASP. Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.

CWE-190

V5008

OWASP. Classes should always be derived from std::exception (and alike) as 'public'.

CWE-544

V5009

OWASP. Unchecked tainted data is used in expression.

CWE-134, CWE-138, CWE-20, CWE-78

V5010

OWASP. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

CWE-190

V5011

OWASP. Possible overflow. Consider casting operands, not the result.

CWE-190

V5012

OWASP. Potentially unsafe double-checked locking.

CWE-609

V5013

OWASP. Storing credentials inside source code can lead to security issues.

CWE-259, CWE-798

C# warnings

Error Code

Error Description

Mapping

V3001

There are identical sub-expressions to the left and to the right of the 'foo' operator.

CWE-570, CWE-571

V3003

The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.

CWE-570

V3004

The 'then' statement is equivalent to the 'else' statement.

CWE-691

V3006

The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V3007

Odd semicolon ';' after 'if/for/while' operator.

CWE-691

V3008

The 'x' variable is assigned values twice successively. Perhaps this is a mistake.

CWE-563

V3009

It's odd that this method always returns one and the same value of NN.

CWE-393

V3010

The return value of function 'Foo' is required to be utilized.

CWE-252

V3011

Two opposite conditions were encountered. The second condition is always false.

CWE-570

V3012

The '?:' operator, regardless of its conditional expression, always returns one and the same value.

CWE-783

V3014

It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'.

CWE-691

V3015

It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'.

CWE-691

V3016

The variable 'X' is being used for this loop and for the outer loop.

CWE-691

V3018

Consider inspecting the application's logic. It's possible that 'else' keyword is missing.

CWE-670

V3019

It is possible that an incorrect variable is compared with null after type conversion using 'as' keyword.

CWE-697

V3020

An unconditional 'break/continue/return/goto' within a loop.

CWE-670

V3021

There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless.

CWE-561

V3022

Expression is always true/false.

CWE-570, CWE-571

V3023

Consider inspecting this expression. The expression is excessive or contains a misprint.

CWE-571

V3024

An odd precise comparison. Consider using a comparison with defined precision: Math.Abs(A - B) < Epsilon or Math.Abs(A - B) > Epsilon.

CWE-682

V3025

Incorrect format. Consider checking the N format items of the 'Foo' function.

CWE-685

V3026

The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant.

CWE-1339

V3027

The variable was utilized in the logical expression before it was verified against null in the same logical expression.

CWE-476

V3028

Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.

CWE-691

V3030

Recurring check. This condition was already verified in previous line.

CWE-571

V3032

Waiting on this expression is unreliable, as compiler may optimize some of the variables. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-835

V3033

It is possible that this 'else' branch must apply to the previous 'if' statement.

CWE-670

V3034

Consider inspecting the expression. Probably the '!=' should be used here.

CWE-480

V3035

Consider inspecting the expression. Probably the '+=' should be used here.

CWE-480

V3036

Consider inspecting the expression. Probably the '-=' should be used here.

CWE-480

V3038

The argument was passed to method several times. It is possible that another argument should be passed instead.

CWE-687

V3039

Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style.

CWE-39

V3040

The expression contains a suspicious mix of integer and real types.

CWE-682

V3041

The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part.

CWE-682

V3042

Possible NullReferenceException. The '?.' and '.' operators are used for accessing members of the same object.

CWE-476

V3043

The code's operational logic does not correspond with its formatting.

CWE-483

V3051

An excessive type cast or check. The object is already of the same type.

CWE-704

V3052

The original exception object was swallowed. Stack of original exception could be lost.

CWE-390

V3054

Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-609

V3055

Suspicious assignment inside the condition expression of 'if/while/for' operator.

CWE-481

V3056

Consider reviewing the correctness of 'X' item's usage.

CWE-682

V3057

Function receives an odd argument.

CWE-628

V3058

An item with the same key has already been added.

CWE-462

V3060

A value of variable is not modified. Consider inspecting the expression. It is possible that other value should be present instead of '0'.

CWE-682

V3063

A part of conditional expression is always true/false if it is evaluated.

CWE-570, CWE-571

V3064

Division or mod division by zero.

CWE-369

V3066

Possible incorrect order of arguments passed to method.

CWE-683

V3067

It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.

CWE-691

V3069

It's possible that the line was commented out improperly, thus altering the program's operation logics.

CWE-670

V3070

Uninitialized variables are used when initializing the 'A' variable.

CWE-457

V3076

Comparison with 'double.NaN' is meaningless. Use 'double.IsNaN()' method instead.

CWE-570, CWE-571

V3080

Possible null dereference.

CWE-476

V3082

The 'Thread' object is created but is not started. It is possible that a call to 'Start' method is missing.

CWE-563

V3083

Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

CWE-367

V3089

Initializer of a field marked by [ThreadStatic] attribute will be called once on the first accessing thread. The field will have default value on different threads.

CWE-665

V3090

Unsafe locking on an object.

CWE-662, CWE-833

V3092

Range intersections are possible within conditional expressions.

CWE-670

V3093

The operator evaluates both operands. Perhaps a short-circuit operator should be used instead.

CWE-480

V3095

The object was used before it was verified against null. Check lines: N1, N2.

CWE-476

V3098

The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false.

CWE-670

V3099

Not all the members of type are serialized inside 'GetObjectData' method.

CWE-684

V3100

NullReferenceException is possible. Unhandled exceptions in destructor lead to termination of runtime.

CWE-476

V3105

The 'a' variable was used after it was assigned through null-conditional operator. NullReferenceException is possible.

CWE-690

V3106

Possibly index is out of bound.

CWE-125, CWE-787

V3108

It is not recommended to return null or throw exceptions from 'ToString()' method.

CWE-684

V3110

Possible infinite recursion.

CWE-674

V3112

An abnormality within similar comparisons. It is possible that a typo is present inside the expression.

CWE-697

V3113

Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator.

CWE-190

V3114

IDisposable object is not disposed before method returns.

CWE-404

V3115

It is not recommended to throw exceptions from 'Equals(object obj)' method.

CWE-684

V3116

Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all.

CWE-835

V3120

Potentially infinite loop. The variable from the loop exit condition does not change its value between iterations.

CWE-835

V3122

Uppercase (lowercase) string is compared with a different lowercase (uppercase) string.

CWE-570

V3123

Perhaps the '??' operator works in a different way than it was expected. Its priority is lower than priority of other operators in its left part.

CWE-783

V3125

The object was used after it was verified against null. Check lines: N1, N2.

CWE-476

V3127

Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'.

CWE-682

V3128

The field (property) is used before it is initialized in constructor.

CWE-665

V3131

The expression is checked for compatibility with the type 'A', but is casted to the 'B' type.

CWE-704

V3132

A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'.

CWE-665

V3133

Postfix increment/decrement is senseless because this variable is overwritten.

CWE-682

V3134

Shift by N bits is greater than the size of type.

CWE-128

V3135

The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.

CWE-691

V3136

Constant expression in switch statement.

CWE-691

V3137

The variable is assigned but is not used by the end of the function.

CWE-563

V3142

Unreachable code detected. It is possible that an error is present.

CWE-561

V3145

Unsafe dereference of a WeakReference target. The object could have been garbage collected before the 'Target' property was accessed.

CWE-476

V3146

Possible null dereference. A method can return default null value.

CWE-476

V3147

Non-atomic modification of volatile variable.

CWE-567

V3148

Casting potential 'null' value to a value type can lead to NullReferenceException.

CWE-476

V3149

Dereferencing the result of 'as' operator can lead to NullReferenceException.

CWE-476

V3151

Potential division by zero. Variable was used as a divisor before it was compared to zero. Check lines: N1, N2.

CWE-369

V3152

Potential division by zero. Variable was compared to zero before it was used as a divisor. Check lines: N1, N2.

CWE-369

V3153

Dereferencing the result of null-conditional access operator can lead to NullReferenceException.

CWE-476

V3154

The 'a % b' expression always evaluates to 0.

CWE-682

V3155

The expression is incorrect or it can be simplified.

CWE-682

V3156

The argument of the method is not expected to be null.

CWE-628

V3157

Suspicious division. Absolute value of the left operand is less than the right operand.

CWE-682

V3158

Suspicious division. Absolute values of both operands are equal.

CWE-682

V3159

Modified value of the operand is not used after the increment/decrement operation.

CWE-563

V3160

Argument of incorrect type is passed to the 'Enum.HasFlag' method.

CWE-686

V3161

Comparing value type variables with 'ReferenceEquals' is incorrect because compared values will be boxed.

CWE-686

V3163

An exception handling block does not contain any code.

CWE-1069, CWE-390, CWE-544

V3164

Exception classes should be publicly accessible.

CWE-544

V3165

The expression of the 'char' type is passed as an argument of the 'A' type whereas similar overload with the string parameter exists.

CWE-628

V3166

Calling the 'SingleOrDefault' method may lead to 'InvalidOperationException'.

CWE-628

V3168

Awaiting on expression with potential null value can lead to throwing of 'NullReferenceException'.

CWE-476

V3170

Both operands of the '??' operator are identical.

CWE-670

V3172

The 'if/if-else/for/while/foreach' statement and code block after it are not related. Inspect the program's logic.

CWE-483

V3174

Suspicious subexpression in a sequence of similar comparisons.

CWE-670

V3175

Locking operations must be performed on the same thread. Using 'await' in a critical section may lead to a lock being released on a different thread.

CWE-667

V3176

The '&=' or '|=' operator is redundant because the right operand is always true/false.

CWE-570, CWE-571

V3177

Logical literal belongs to second operator with a higher priority. It is possible literal was intended to belong to '??' operator instead.

CWE-783

V3178

Calling method or accessing property of potentially disposed object may result in exception.

CWE-672

V3179

Calling element access method for potentially empty collection may result in exception.

CWE-628

V3180

The 'HasFlag' method always returns 'true' because the value '0' is passed as its argument.

CWE-687

V3181

The result of '&' operator is '0' because one of the operands is '0'.

CWE-682

V3182

The result of '&' operator is always '0'.

CWE-480

V3183

Code formatting implies that the statement should not be a part of the 'then' branch that belongs to the preceding 'if' statement.

CWE-670

V3184

The argument's value is greater than the size of the collection. Passing the value into the 'Foo' method will result in an exception.

CWE-687

V3185

An argument containing a file path could be mixed up with another argument. The other function parameter expects a file path instead.

CWE-628

V3186

The arguments violate the bounds of collection. Passing these values into the method will result in an exception.

CWE-687

V3190

Concurrent modification of a variable may lead to errors.

CWE-821

V3192

Type member is used in the 'GetHashCode' method but is missing from the 'Equals' method.

CWE-697

V3193

Data processing results are potentially used before asynchronous output reading is complete. Consider calling 'WaitForExit' overload with no arguments before using the data.

CWE-366

V3194

Calling 'OfType' for collection will return an empty collection. It is not possible to cast collection elements to the type parameter.

CWE-704

V3195

Collection initializer implicitly calls 'Add' method. Using it on member with default value of null will result in null dereference exception.

CWE-476

V4001

Unity Engine. Boxing inside a frequently called method may decrease performance.

CWE-1235

V5601

OWASP. Storing credentials inside source code can lead to security issues.

CWE-259, CWE-798

V5602

OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V5603

OWASP. The original exception object was swallowed. Stack of original exception could be lost.

CWE-390

V5604

OWASP. Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

CWE-609

V5605

OWASP. Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

CWE-367

V5606

OWASP. An exception handling block does not contain any code.

CWE-1069, CWE-390, CWE-544

V5607

OWASP. Exception classes should be publicly accessible.

CWE-544

V5608

OWASP. Possible SQL injection. Potentially tainted data is used to create SQL command.

CWE-89

V5609

OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path.

CWE-22

V5610

OWASP. Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.

CWE-79

V5611

OWASP. Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

CWE-502

V5612

OWASP. Do not use old versions of SSL/TLS protocols as it may cause security issues.

CWE-326

V5613

OWASP. Use of outdated cryptographic algorithm is not recommended.

CWE-327, CWE-328

V5614

OWASP. Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.

CWE-611

V5615

OWASP. Potential XEE vulnerability. Insecure XML parser is used to process potentially tainted data.

CWE-776

V5616

OWASP. Possible command injection. Potentially tainted data is used to create OS command.

CWE-77, CWE-78, CWE-88

V5617

OWASP. Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time.

CWE-613

V5618

OWASP. Possible server-side request forgery. Potentially tainted data is used in the URL.

CWE-918

V5619

OWASP. Possible log injection. Potentially tainted data is written into logs.

CWE-117

V5620

OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter.

CWE-90

V5621

OWASP. Error message contains potentially sensitive data that may be exposed.

CWE-209

V5622

OWASP. Possible XPath injection. Potentially tainted data is used in the XPath expression.

CWE-643

V5623

OWASP. Possible open redirect vulnerability. Potentially tainted data is used in the URL.

CWE-601

V5624

OWASP. Use of potentially tainted data in configuration may lead to security issues.

CWE-15

V5625

OWASP. Referenced package contains vulnerability.

CWE-1035, CWE-1352

V5626

OWASP. Possible ReDoS vulnerability. Potentially tainted data is processed by regular expression that contains an unsafe pattern.

CWE-1333

V5627

OWASP. Possible NoSQL injection. Potentially tainted data is used to create query.

CWE-943

V5628

OWASP. Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file.

CWE-22, CWE-641, CWE-99

Java warnings

Error Code

Error Description

Mapping

V5301

OWASP. An exception handling block does not contain any code.

CWE-1069

V5302

OWASP. Exception classes should be publicly accessible.

CWE-544

V5303

OWASP. The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V5304

OWASP. Unsafe double-checked locking.

CWE-609

V5305

OWASP. Storing credentials inside source code can lead to security issues.

CWE-259, CWE-798

V6001

There are identical sub-expressions to the left and to the right of the 'foo' operator.

CWE-570, CWE-571

V6003

The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.

CWE-570

V6004

The 'then' statement is equivalent to the 'else' statement.

CWE-691

V6006

The object was created but it is not being used. The 'throw' keyword could be missing.

CWE-390

V6007

Expression is always true/false.

CWE-570, CWE-571

V6008

Potential null dereference.

CWE-476, CWE-690

V6009

Function receives an odd argument.

CWE-628

V6010

The return value of function 'Foo' is required to be utilized.

CWE-252

V6011

The expression contains a suspicious mix of integer and real types.

CWE-682

V6012

The '?:' operator, regardless of its conditional expression, always returns one and the same value.

CWE-783

V6013

Comparison of arrays, strings, collections by reference. Possibly an equality comparison was intended.

CWE-595

V6014

It's odd that this method always returns one and the same value of NN.

CWE-393

V6015

Consider inspecting the expression. Probably the '!='/'-='/'+=' should be used here.

CWE-480

V6018

Constant expression in switch statement.

CWE-691

V6019

Unreachable code detected. It is possible that an error is present.

CWE-561

V6020

Division or mod division by zero.

CWE-369

V6021

The value is assigned to the 'x' variable but is not used.

CWE-563

V6024

The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false.

CWE-670

V6025

Possibly index is out of bound.

CWE-125, CWE-787

V6029

Possible incorrect order of arguments passed to method.

CWE-683

V6030

The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead.

CWE-691

V6031

The variable 'X' is being used for this loop and for the outer loop.

CWE-691

V6033

An item with the same key has already been added.

CWE-462

V6034

Shift by N bits is inconsistent with the size of type.

CWE-758

V6036

The value from the uninitialized optional is used.

CWE-457

V6037

An unconditional 'break/continue/return/goto' within a loop.

CWE-670

V6038

Comparison with 'double.NaN' is meaningless. Use 'double.isNaN()' method instead.

CWE-570, CWE-571

V6039

There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless.

CWE-561

V6040

The code's operational logic does not correspond with its formatting.

CWE-483

V6041

Suspicious assignment inside the conditional expression of 'if/while/do...while' statement.

CWE-481

V6042

The expression is checked for compatibility with type 'A', but is cast to type 'B'.

CWE-704

V6043

Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.

CWE-691

V6044

Postfix increment/decrement is senseless because this variable is overwritten.

CWE-682

V6046

Incorrect format. Consider checking the N format items of the 'Foo' function.

CWE-628, CWE-685, CWE-686

V6047

It is possible that this 'else' branch must apply to the previous 'if' statement.

CWE-670

V6048

This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake.

CWE-480

V6050

Class initialization cycle is present.

CWE-665

V6051

Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions.

CWE-584

V6054

Classes should not be compared by their name.

CWE-486

V6057

Consider inspecting this expression. The expression is excessive or contains a misprint.

CWE-571

V6058

Comparing objects of incompatible types.

CWE-1024

V6059

Odd use of special character in regular expression. Possibly, it was intended to be escaped.

CWE-185

V6060

The reference was used before it was verified against null.

CWE-476

V6061

The used constant value is represented by an octal form.

CWE-682

V6062

Possible infinite recursion.

CWE-674

V6063

Odd semicolon ';' after 'if/for/while' operator.

CWE-670

V6064

Suspicious invocation of Thread.run().

CWE-572

V6067

Two or more case-branches perform the same actions.

CWE-691

V6070

Unsafe synchronization on an object.

CWE-662

V6072

Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'.

CWE-682

V6073

It is not recommended to return null or throw exceptions from 'toString' / 'clone' methods.

CWE-684

V6074

Non-atomic modification of volatile variable.

CWE-567

V6075

The signature of method 'X' does not conform to serialization requirements.

CWE-684

V6077

A suspicious label is present inside a switch(). It is possible that these are misprints and 'default:' label should be used instead.

CWE-478

V6079

Value of variable is checked after use. Potential logical error is present. Check lines: N1, N2.

CWE-129

V6080

Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition.

CWE-697

V6082

Unsafe double-checked locking.

CWE-609

V6085

An abnormality within similar comparisons. It is possible that a typo is present inside the expression.

CWE-697

V6086

Suspicious code formatting. 'else' keyword is probably missing.

CWE-670

V6089

It's possible that the line was commented out improperly, thus altering the program's operation logics.

CWE-670

V6090

Field 'A' is being used before it was initialized.

CWE-665

V6093

Automatic unboxing of a variable may cause NullPointerException.

CWE-476

V6094

The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part.

CWE-682

V6096

An odd precise comparison. Consider using a comparison with defined precision: Math.abs(A - B) < Epsilon or Math.abs(A - B) > Epsilon.

CWE-682

V6099

The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead.

CWE-691

V6100

An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' method.

CWE-688

V6101

compareTo()-like methods can return not only the values -1, 0 and 1, but any values.

CWE-253

V6102

Inconsistent synchronization of a field. Consider synchronizing the field on all usages.

CWE-662

V6103

Ignored InterruptedException could lead to delayed thread shutdown.

CWE-391

V6105

Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator.

CWE-190

V6106

Casting expression to 'X' type before implicitly casting it to other type may be excessive or incorrect.

CWE-704

V6107

The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant.

CWE-547

V6108

Do not use real-type variables in 'for' loop counters.

CWE-834

V6109

Potentially predictable seed is used in pseudo-random number generator.

CWE-336, CWE-337