Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Classification of PVS-Studio warnings a…

Classification of PVS-Studio warnings according to the OWASP Application Security Verification Standard (ASVS)

The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications.

C/C++ warnings

Error Code

Error Description

Mapping

V5001

It is highly probable that the semicolon ';' is missing after 'return' keyword.

OWASP-11.1.1

V5002

An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.

OWASP-7.4.2

V5003

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5004

Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.

OWASP-5.4.3

V5005

A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.

OWASP-5.4.3

V5006

More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.

OWASP-5.4.3

V5007

Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.

OWASP-5.4.3

V5008

Classes should always be derived from std::exception (and alike) as 'public'.

OWASP-7.4.2

V5009

Unchecked tainted data is used in expression.

OWASP-5.1.3, OWASP-5.2.2, OWASP-5.3.8, OWASP-5.4.2

V5010

The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.

OWASP-5.4.3

V5011

Possible overflow. Consider casting operands, not the result.

OWASP-5.4.3

V5012

Potentially unsafe double-checked locking.

OWASP-1.11.3, OWASP-11.1.6

V5013

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

C# warnings

Error Code

Error Description

Mapping

V5601

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4

V5602

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5603

The original exception object was swallowed. Stack of original exception could be lost.

OWASP-11.1.8

V5604

Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.

OWASP-1.11.3, OWASP-11.1.6

V5605

Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.

OWASP-1.11.3, OWASP-11.1.6

V5606

An exception handling block does not contain any code.

OWASP-7.4.2

V5607

Exception classes should be publicly accessible.

OWASP-7.4.2

V5608

Possible SQL injection. Potentially tainted data is used to create SQL command.

OWASP-5.3.4, OWASP-5.3.5

V5609

Possible path traversal vulnerability. Potentially tainted data is used as a path.

OWASP-12.3.1

V5610

Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script.

OWASP-5.3.3

V5611

Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization.

OWASP-1.5.2, OWASP-5.5.3

V5612

Do not use old versions of SSL/TLS protocols as it may cause security issues.

OWASP-9.1.3

V5613

Use of outdated cryptographic algorithm is not recommended.

OWASP-2.9.3, OWASP-8.3.7

V5614

Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data.

OWASP-5.5.2

V5616

Possible command injection. Potentially tainted data is used to create OS command.

OWASP-5.3.8

V5617

Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time.

OWASP-3.3.2

V5618

Possible server-side request forgery. Potentially tainted data is used in the URL.

OWASP-12.6.1, OWASP-5.2.6

V5619

Possible log injection. Potentially tainted data is written into logs.

OWASP-7.3.1

V5620

Possible LDAP injection. Potentially tainted data is used in a search filter.

OWASP-5.3.7

V5621

Error message contains potentially sensitive data that may be exposed.

OWASP-8.3.5

V5622

Possible XPath injection. Potentially tainted data is used in the XPath expression.

OWASP-5.3.10

V5623

Possible open redirect vulnerability. Potentially tainted data is used in the URL.

OWASP-5.1.5

V5625

Referenced package contains vulnerability.

OWASP-9.1.3

V5627

Possible NoSQL injection. Potentially tainted data is used to create query.

OWASP-5.3.4

V5628

Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file.

OWASP-5.1.4

Java warnings

Error Code

Error Description

Mapping

V5301

An exception handling block does not contain any code.

OWASP-7.4.2

V5302

Exception classes should be publicly accessible.

OWASP-7.4.2

V5303

The object was created but it is not being used. The 'throw' keyword could be missing.

OWASP-11.1.8

V5304

Unsafe double-checked locking.

OWASP-1.11.3

V5305

Storing credentials inside source code can lead to security issues.

OWASP-2.10.4