Broad Mapping: OWASP Top 10 2021

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

Broad Mapping: OWASP Top 10 2021

This table contains broad mappings between the OWASP Top 10 2021 and CodeSonar warning classes.

The close mapping from OWASP Top Ten 2021 members to CodeSonar warning classes is shown in OWASP Top Ten 2021 Checks.

A CSV version of this table is provided in OWASP-2021-mapping-broad.csv

OWASP-2021

C/C++ Warning Classes

Java Warning Classes

C# Warning Classes

Kotlin Warning Classes

Python Warning Classes

OWASP-2021:A1 Broken access control

closely mapped

hierarchy ancestor

closely mapped

hierarchy ancestor

closely mapped

hierarchy ancestor

hierarchy ancestor	Ignored Return Value (detekt) KDoc References Non Public Property (detekt) Serial Version UIDIn Serializable Class (detekt)

hierarchy ancestor	Bad Open Mode (Pylint) Eval Used (Pylint) Exec Used (Pylint)

OWASP-2021:A2 Cryptographic failures

closely mapped

hierarchy ancestor

closely mapped

hierarchy ancestor

closely mapped

Weak Cryptographic Value (C#)

hierarchy ancestor

OWASP-2021:A3 Injection

closely mapped

hierarchy ancestor

closely mapped

hierarchy ancestor

closely mapped

hierarchy ancestor

hierarchy ancestor	No Name Shadowing (detekt)

hierarchy ancestor	Class Variable Slots Conflict (Pylint) Dangerous Default Value (Pylint) Duplicate Argument Name (Pylint) Duplicate Key (Pylint) Eval Used (Pylint) Exec Used (Pylint) Function Redefined (Pylint) Method Hidden (Pylint) Potential Index Error (Pylint) Shadowed Import (Pylint)

OWASP-2021:A4 Insecure design

hierarchy ancestor

hierarchy ancestor	DLL Injection (C#) Exception Information Disclosure (C#) Hardcoded Cryptographic Key (C#) Hardcoded Password (C#) Insecure Cookie (C#) Password in Property File (C#) Tainted Allocation Size (C#) Tainted Bundle (C#) Tainted Message (C#) Tainted Session (C#)

hierarchy ancestor	Ignored Return Value (detekt)

hierarchy ancestor	Deprecated Module (Pylint) Method Cache Max Size None (Pylint) Preferred Module (Pylint)

OWASP-2021:A5 Security misconfiguration

closely mapped	Encryption without Padding Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Hardcoded DNS Name Hardcoded Seed in PRNG Memory Protection Removal Use of XML_ExternalEntityParserCreate
hierarchy ancestor	Ignored Return Value Tainted Configuration Setting Unused Value Use of catch Use of memset Use of throw

closely mapped

Possible XML External Entity Reference (Java)

hierarchy ancestor

closely mapped	Possible XML External Entity Reference (C#)
hierarchy ancestor	Exception Information Disclosure (C#) Generic Exception Handler (C#) Hardcoded Filename (C#) Hardcoded IP Address (C#) Inappropriate Exception Handler (C#) Insecure Cookie (C#) Insecure XSLT Execution (C#)

hierarchy ancestor	Ignored Return Value (detekt) Too Generic Exception Caught (detekt)

hierarchy ancestor	Bare Except (Pylint) Broad Exception Caught (Pylint)

OWASP-2021:A6 Vulnerable and outdated components

closely mapped

closely mapped	Deprecated Cryptography Provider (Java) Deprecated Transfer Protocol (Java)

closely mapped	Deprecated Cryptography Provider (C#) Deprecated Transfer Protocol (C#)

OWASP-2021:A7 Identification and authorization failures

closely mapped	Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Plaintext Storage of Password Use of crypt Weak Cryptography
hierarchy ancestor	Hardcoded DNS Name Null Security Descriptor

closely mapped

hierarchy ancestor

closely mapped

hierarchy ancestor

OWASP-2021:A8 Software and data integrity failures

closely mapped

hierarchy ancestor

closely mapped	Deserializable Class (Java) Deserializing Non-Serializable Class (Java)
hierarchy ancestor	Potential LDAP Poisoning (Java) Reflection Bypasses Member Accessibility (Java) Reflection Modifies Member Accessibility (Java) Serialization Not Disabled (Java) Tainted Data in Vulnerable Method (Java)

closely mapped	Deserializable Class (C#)
hierarchy ancestor	Reflection Bypasses Member Accessibility (C#) Reflection Modifies Member Accessibility (C#)

OWASP-2021:A9 Security logging and monitoring failures

closely mapped	Not Enough Assertions
hierarchy ancestor	Tainted Write

hierarchy ancestor	Tainted Log (Java)

hierarchy ancestor	Tainted Log (C#)