A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://docs.gitlab.com/user/application_security/sast/advanced_sast_coverage/ below:

GitLab Advanced SAST CWE coverage

CWE-15 External Control of System or Configuration Setting dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-23 Relative Path Traversal dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-73 External Control of File Name or Path dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-76 Improper Neutralization of Equivalent Special Elements dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’) dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-88 Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (‘LDAP Injection’) check-circle Yes dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-91 XML Injection (aka Blind XPath Injection) dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-94 Improper Control of Generation of Code (‘Code Injection’) dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (‘Eval Injection’) dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes check-circle Yes CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Request/Response Splitting’) dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-116 Improper Encoding or Escaping of Output dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-117 Improper Output Neutralization for Logs dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-118 Incorrect Access of Indexable Resource (‘Range Error’) dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-125 Out-of-bounds Read dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-155 Improper Neutralization of Wildcards or Matching Symbols dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-180 Incorrect Behavior Order: Validate Before Canonicalize dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-182 Collapse of Data into Unsafe Value dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-185 Incorrect Regular Expression dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes CWE-190 Integer Overflow or Wraparound dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-191 Integer Underflow (Wrap or Wraparound) dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-208 Observable Timing Discrepancy dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-209 Generation of Error Message Containing Sensitive Information dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-242 Use of Inherently Dangerous Function dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-256 Plaintext Storage of a Password dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-272 Least Privilege Violation dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-276 Incorrect Default Permissions dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-295 Improper Certificate Validation check-circle Yes dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-297 Improper Validation of Certificate with Host Mismatch dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-306 Missing Authentication for Critical Function dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-311 Missing Encryption of Sensitive Data dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-319 Cleartext Transmission of Sensitive Information dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No CWE-322 Key Exchange without Entity Authentication dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-323 Reusing a Nonce, Key Pair in Encryption dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-326 Inadequate Encryption Strength dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes check-circle Yes CWE-327 Use of a Broken or Risky Cryptographic Algorithm check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No CWE-328 Use of Weak Hash dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No CWE-346 Origin Validation Error dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-347 Improper Verification of Cryptographic Signature dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-348 Use of Less Trusted Source dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-352 Cross-Site Request Forgery (CSRF) check-circle Yes dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes check-circle Yes CWE-358 Improperly Implemented Security Check for Standard dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-369 Divide By Zero dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-377 Insecure Temporary File dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-409 Improper Handling of Highly Compressed Data (Data Amplification) dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-470 Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’) dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-489 Active Debug Code dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes dotted-circle No CWE-501 Trust Boundary Violation dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-502 Deserialization of Untrusted Data check-circle Yes dotted-circle No check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-521 Weak Password Requirements check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-522 Insufficiently Protected Credentials dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-552 Files or Directories Accessible to External Parties dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-554 ASP.NET Misconfiguration: Not Using Input Validation Framework check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-598 Use of GET Request Method With Sensitive Query Strings dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No CWE-599 Missing Validation of OpenSSL Certificate dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-601 URL Redirection to Untrusted Site (‘Open Redirect’) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-606 Unchecked Input for Loop Condition dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-611 Improper Restriction of XML External Entity Reference check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No CWE-613 Insufficient Session Expiration dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-614 Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes dotted-circle No dotted-circle No CWE-639 Authorization Bypass Through User-Controlled Key dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-643 Improper Neutralization of Data within XPath Expressions (‘XPath Injection’) check-circle Yes dotted-circle No check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-704 Incorrect Type Conversion or Cast dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-732 Incorrect Permission Assignment for Critical Resource dotted-circle No check-circle Yes check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-749 Exposed Dangerous Method or Function dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-754 Improper Check for Unusual or Exceptional Conditions dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-757 Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-770 Allocation of Resources Without Limits or Throttling dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-776 Improper Restriction of Recursive Entity References in DTDs (‘XML Entity Expansion’) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-780 Use of RSA Algorithm without OAEP dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-787 Out-of-bounds Write dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-798 Use of Hard-coded Credentials dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-913 Improper Control of Dynamically-Managed Code Resources dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-918 Server-Side Request Forgery (SSRF) check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-942 Permissive Cross-domain Policy with Untrusted Domains dotted-circle No check-circle Yes check-circle Yes check-circle Yes dotted-circle No check-circle Yes dotted-circle No CWE-943 Improper Neutralization of Special Elements in Data Query Logic dotted-circle No check-circle Yes check-circle Yes check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-1004 Sensitive Cookie Without ‘HttpOnly’ Flag check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes check-circle Yes CWE-1021 Improper Restriction of Rendered UI Layers or Frames dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No dotted-circle No CWE-1104 Use of Unmaintained Third Party Components dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-1204 Generation of Weak Initialization Vector (IV) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-1275 Sensitive Cookie with Improper SameSite Attribute dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes check-circle Yes dotted-circle No CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No CWE-1327 Binding to an Unrestricted IP Address dotted-circle No check-circle Yes dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No CWE-1333 Inefficient Regular Expression Complexity dotted-circle No dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes check-circle Yes CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine dotted-circle No dotted-circle No dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No CWE-1390 Weak Authentication dotted-circle No dotted-circle No check-circle Yes dotted-circle No dotted-circle No check-circle Yes dotted-circle No

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4