CodeSonar Warning Class Significance

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.0p0 Hot Tips

CONFIDENTIAL

CodeSecure Inc

CodeSonar Warning Class Significance

Every warning class is associated with a Significance value that provides a high-level indication of the purpose of the class and the likely severity of vulnerabilities of that class.

About Significance
Using Significance
Warning Classes By Significance

About Significance

Every warning class is associated with one of the following Significance values: security, reliability, redundancy, style, diagnostic. Significance provides a high level indication of the purpose of the class.

Significance is also broadly correlated with the severity of a particular class of warning. For example, most users will consider a code vulnerability that can lead to a security problem to be more severe than a coding style issue. The available Significance values are shown in the table below in order of severity (most-severe first).

Significance Value	Description
security	A security vulnerability.
reliability	A code correctness issue.
redundancy	Redundant code; may indicate a logic error.
style	A violation of one or more coding style guidelines.
diagnostic	The class is purely informative: warnings do not indicate vulnerabilities, they indicate the locations of events or artifacts of interest.

Using Significance

Significance is available in the following contexts.

Web GUI: Display	All tables of warning classes (Analysis:Warnings, Warning Search Results, Warning Cluster) have a Significance column. By default, this column is visible.
Web GUI: Search	Significance is searchable: The warning search language has a significance field-name option. Full-text search (in the warnings domain) includes the significance field. The Advanced Search: Warnings tab includes functionality for selecting significance values of interest.
Creating Custom Warning Classes	All mechanisms for creating a custom warning class require you to specify a Significance value for the new class.
CodeSonar Manual	Significance values for built-in classes are shown in the table below. The individual documentation pages for C/C++ warning classes and Java warning classes, and C# warning classes also note the corresponding Significance values.

Warning Classes By Significance

The following table shows all built-in CodeSonar warning classes, grouped by Significance.

diagnostic
redundancy
reliability
security
style

Significance	Warning Classes
Significance	C/C++	Java	C#
diagnostic	Essential Type Diagnostic Signal Handler Entry Point Thread Entry Point Unexercised Call Unexercised Computation Unexercised Conditional Unexercised Control Flow Unexercised Data Flow
redundancy	Empty Branch Statement Empty for Statement Empty if Statement Empty switch Statement Empty while Statement Explicit Zero Alignment Free Null Pointer Missing Non-default Association in C Generic Redundant Condition Selection in C Generic not Expanded from Macro Parameters Unreachable Call Unreachable Catch Unreachable Computation Unreachable Conditional Unreachable Control Flow Unreachable Data Flow Unused Value Useless Assignment
reliability	Arctangent Domain Error Argument Too High Argument Too Low Array Parameter Mismatch Array to Pointer Conversion on Temporary Object Bit-field in Union Blocking in Critical Section Cast Removes const Qualifier Cast Removes volatile Qualifier Cast: Non-integer Arithmetic Type/Object Pointer Cast: Virtual Base to Derived Comparison of Unrelated Pointers Conflicting Lock Order Copy-Paste Error Dangerous Function Cast Data Race Deadlock Direct Access to Field of C Atomic Object Division By Zero Double Close Double Initialization Double Lock Double Unlock File Open for Both Read and Write Float Division By Zero Float Multiplication Overflow Gamma on Zero Global Variable Declared with Different Types GlobalHandle on GMEM_FIXED Memory GlobalLock on GMEM_FIXED Memory GlobalUnlock on GMEM_FIXED Memory Ignored Return Value Inappropriate Argument to <tgmath.h> Macro Inappropriate Argument to Integer Constant Macro Inappropriate C Atomic Initialization Inappropriate Comparison of Virtual Member Function Inappropriate Storage Duration Inconsistent Alignment Specifications Inconsistent Function Declarations Inconsistent Object Declarations Inconsistent Types of Arguments to <tgmath.h> Macro Indeterminate Order of Evaluation Initialization Cycle Input After Output Without Positioning Invalid Preprocessor Directive Leak Local Variable Passed to Thread LocalHandle on LMEM_FIXED Memory LocalLock on LMEM_FIXED Memory LocalUnlock on LMEM_FIXED Memory Locked Twice Logarithm on Negative Value Logarithm on Zero Missing Return Statement Missing Return Value Multiple Accesses of Atomic Negative file descriptor Non-void noreturn Null Pointer Dereference Null Test After Dereference Output After Input Without Positioning Over-initialized Element Read Past Null Terminator Risky Atomic Memory Order Socket In Wrong State Specialization after Use Static Array Parameter Subtraction of Unrelated Pointers Try-lock that will never succeed Type Qualifier on Function Type Undefined Power of Zero Unknown Lock Unordered Initialization Use of <stdarg.h> Feature Use of <stdint.h> Small Integer Constant Macro Use of Condition Variable Signal Use of Condition Variable Wait Use of fork Use of gamma Use of pthread_kill Use of setlocale Use of std::locale::global Virtual Call in Constructor Virtual Call in Destructor Void C Atomic Write to Read Only File cosh on High Number cosh on Low Number delete with Non-Virtual Destructor sizeof Array Parameter sqrt on Negative Value	== Always Fails Because Types Always Different (Java) Abs on random (Java) Actual Parameter Element may be null (Java) Ambiguous Call from Inner Class (Java) Android Leak (Java) Approximate e Constant (Java) Approximate pi Constant (Java) Array Parameter Empty (Java) Assertion Contains Side Effects (Java) Assignment in Conditional (Java) Asymmetric compareTo (Java) Bitwise AND on Boolean (Java) Bitwise AND on Boolean Constant (Java) Bitwise OR on Boolean (Java) Bitwise OR on Boolean Constant (Java) Blocking in Critical Section (Java) Broad Throws Clause (Java) Call Might Return Null (Java) Cast: Integer to Floating Point (Java) Cast: int Computation to long (Java) Class Enables Debug Features (Java) Clone Call to Super is Missing (Java) Closeable Not Closed (Java) Closeable Not Stored (Java) Comparison to Class Names (Java) Comparison to Empty String (Java) Copy-Paste Error Debug Call (Java) Debug Warning (Java) Defines equals but not hashCode (Java) Defines hashCode but not equals (Java) Double-Checked Locking (Java) Empty Branch Statement (Java) Empty Exception Handler (Java) Empty jar File Archived (Java) Empty zip File Archived (Java) Explicit Finalize (Java) Field Element may be null (deep) (Java) Field Never Read (Java) Field Never Written (Java) Field Too Visible (Java) Field may be null (deep) (Java) Floating Point Equality (Java) Generic Exception Handler (Java) Hardcoded Filename (Java) Ignored Return Value (Java) Ignored Return Value for Pure Function (Java) Impossible Client Side Locking (Java) Impossible reference comparison (Java) Inappropriate Exception Handler (Java) Inappropriate Instanceof (Java) Inefficient Bitwise AND (Java) Inefficient Bitwise OR (Java) Inefficient Box-Unbox (Java) Inefficient Instantiation (Java) Inner Class Should be Static (Java) Insecure Class Loader (Java) Instanceof Always False (Java) Instanceof Always True (Java) Lambda Parameter may be null (Java) Method Enables Debug Features (Java) Method Names Differ Only in Case (Java) Method Should Not Return null (Java) Method Should be final (Java) Method Should be private (Java) Missing Call to super (Java) Missing Equals Override (Java) Missing JavaScript Entry Point (Java) Missing JavaScript Execution (Java) Missing Serial Version Field (Java) Missing isValidFragment Override (Java) Missing synchronized Statement (Java) Mutable Constant Field (Java) Mutable Enumeration (Java) Mutable Public Static Final Array (Java) Non-Object compareTo Parameter (Java) Non-overriding Method Signature (Java) Nonserializable Field (Java) Nonserializable Field Element (Java) Nonserializable Outer Class (Java) Null Parameter Dereference (Java) Null Pointer Dereference (Java) Null Pointer Dereference (deep) (Java) Potential Infinite Recursion (Java) Redundant Call for Integral Argument (Java) Redundant Call for String Argument (Java) Redundant Condition (Java) Redundant Implements Clause (Java) Reflection Bypasses Member Accessibility (Java) Reflection Modifies Member Accessibility (Java) Return Value may Contain null Element (Java) Return Value may be null (Java) Return null Array (Java) Return null Boolean (Java) Return null Optional (Java) Risky Class Cast (Java) Risky array store (Java) Serialization Not Disabled (Java) Shadowed Identifier (Java) Should Use == Instead of equals() (Java) Should Use equals() Instead of == (Java) Single-use Random Number Generator (Java) Static Field Assigned Non-Static (Java) Static Field Too Visible (Java) Synchronization on Interned String (Java) Synchronization on static (Java) Synchronous Call to Thread Body (Java) Unchecked Parameter Dereference (Java) Unchecked Parameter Dereference (deep) (Java) Unchecked Parameter Element Dereference (deep) (Java) Unexpected Serial Version Field (Java) Unguarded Field (Java) Unguarded Method (Java) Unguarded Parameter (Java) Unnecessary Field (Java) Unnecessary Instantiation for GetClass (Java) Unreachable Instruction (Java) Unused Class (Java) Unused Field (Java) Unused Method (Java) Unused Object (Java) Unused Value: Actual Parameter (Java) Unused Value: Variable (Java) Unused Value: Write to Parameter (Java) Useless Assignment (Java) Useless Assignment to Default (Java) Useless Class Cast (Java) Useless Synchronization (Java) Useless null Test (Java) Useless null Test of Field (Java) Useless null Test of Parameter (Java) Useless null Test of Return Value (Java) Useless volatile Modifier (Java) clone Non-cloneable (Java) clone Subclass of Non-clonable (Java) clone not final (Java) compareTo in Non-Comparable Class (Java) compareTo without equals (Java) compareTo/equals mismatch (Java) equals Always Fails (Java) equals Parameter Should Be Object (Java) equals on Array (Java) null Passed to Method (deep) (Java) toString on Array (Java)	'Buffer.BlockCopy' expects the number of bytes to be copied for the 'count' argument (C#) 'ThreadStatic' only affects static fields (C#) == Always Fails Because Types Always Different (C#) A constant is expected for the parameter (C#) Abs on random (C#) Abstract types should not have public constructors (C#) Actual Parameter Element may be null (C#) All members declared in parent interfaces must have an implementation in a DynamicInterfaceCastableImplementation-attributed interface (C#) Ambiguous Call from Inner Class (C#) Approximate e Constant (C#) Approximate pi Constant (C#) Argument passed to TaskCompletionSource constructor should be TaskCreationOptions enum instead of TaskContinuationOptions enum (C#) Assigning symbol and its member in the same statement (C#) Assignment in Conditional (C#) Asymmetric compareTo (C#) Attribute string literals should parse correctly (C#) Avoid 'StringBuilder' parameters for P/Invokes (C#) Avoid constant arrays as arguments (C#) Avoid dead conditional code (C#) Avoid empty interfaces (C#) Avoid excessive class coupling (C#) Avoid excessive complexity (C#) Avoid excessive inheritance (C#) Avoid excessive parameters on generic types (C#) Avoid infinite recursion (C#) Avoid out parameters (C#) Avoid uninstantiated internal classes (C#) Avoid unmaintainable code (C#) Avoid unsealed attributes (C#) Avoid unused private fields (C#) Avoid using 'Enumerable.Any()' extension method (C#) Avoid using cref tags with a prefix (C#) Avoid zero-length array allocations (C#) Bitwise AND on Boolean (C#) Bitwise AND on Boolean Constant (C#) Bitwise OR on Boolean (C#) Bitwise OR on Boolean Constant (C#) Blocking in Critical Section (C#) Cache and reuse 'JsonSerializerOptions' instances (C#) Call Might Return Null (C#) Call async methods when in an async method (C#) CancellationToken parameters must come last (C#) Cast: Integer to Floating Point (C#) Cast: int Computation to long (C#) Class Enables Debug Features (C#) Closeable Not Closed (C#) Closeable Not Stored (C#) Collection properties should be read only (C#) Comparison to Class Names (C#) Comparison to Empty String (C#) Consider calling ConfigureAwait on the awaited task (C#) Consider using 'StringBuilder.Append(char)' when applicable (C#) Consider using 'string.Contains' instead of 'string.IndexOf' (C#) Copy-Paste Error Debug Call (C#) Debug Warning (C#) Declare types in namespaces (C#) Define accessors for attribute arguments (C#) Defines equals but not hashCode (C#) Defines hashCode but not equals (C#) Disposable fields should be disposed (C#) Disposable types should declare finalizer (C#) Dispose methods should call SuppressFinalize (C#) Dispose methods should call base class dispose (C#) Dispose objects before losing scope (C#) Do not assign a property to itself (C#) Do not call Enumerable.Cast<T> or Enumerable.OfType<T> with incompatible types (C#) Do not call ToImmutableCollection on an ImmutableCollection value (C#) Do not call overridable methods in constructors (C#) Do not catch general exception types (C#) Do not create tasks without passing a TaskScheduler (C#) Do not declare event fields as virtual (C#) Do not declare protected member in sealed type (C#) Do not declare static members on generic types (C#) Do not declare visible instance fields (C#) Do not define finalizers for types derived from MemoryManager<T> (C#) Do not duplicate indexed element initializations (C#) Do not expose generic lists (C#) Do not hide base class methods (C#) Do not ignore method results (C#) Do not initialize unnecessarily (C#) Do not lock on objects with weak identity (C#) Do not mark enums with FlagsAttribute (C#) Do not overload equality operator on reference types (C#) Do not pass literals as localized parameters (C#) Do not pass types by reference (C#) Do not raise exceptions in finally clauses (C#) Do not raise exceptions in unexpected locations (C#) Do not raise reserved exception types (C#) Do not use 'OutAttribute' on string parameters for P/Invokes (C#) Do not use 'WaitAll' with a single task (C#) Do not use 'WhenAll' with a single task (C#) Do not use ConfigureAwaitOptions.SuppressThrowing with Task<TResult> (C#) Do not use Count() or LongCount() when Any() can be used (C#) Do not use CountAsync() or LongCountAsync() when AnyAsync() can be used (C#) Do not use Enumerable methods on indexable collections (C#) Do not use ReferenceEquals with value types (C#) Do not use stackalloc in loops (C#) Double-Checked Locking (C#) Empty Branch Statement (C#) Empty Exception Handler (C#) Empty zip File Archived (C#) Enum Storage should be Int32 (C#) Enums should have zero value (C#) Enums values should not be duplicated (C#) Exceptions should be public (C#) Field Element may be null (deep) (C#) Field Never Read (C#) Field Never Written (C#) Field Too Visible (C#) Field may be null (deep) (C#) Floating Point Equality (C#) Forward the 'CancellationToken' parameter to methods (C#) Generic Exception Handler (C#) Generic interface should also be implemented (C#) Hardcoded Filename (C#) Ignored Return Value (C#) Ignored Return Value for Pure Function (C#) Implement IDisposable Correctly (C#) Implement IEquatable when overriding Object.Equals (C#) Implement standard exception constructors (C#) Impossible Client Side Locking (C#) Impossible reference comparison (C#) Improper 'ThreadStatic' field initialization (C#) Inappropriate Exception Handler (C#) Inappropriate Instanceof (C#) Incorrect usage of ConstantExpected attribute (C#) Inefficient Bitwise AND (C#) Inefficient Bitwise OR (C#) Initialize reference type static fields inline (C#) Initialize value type static fields inline (C#) Instanceof Always False (C#) Instanceof Always True (C#) Instantiate argument exceptions correctly (C#) Interface methods should be callable by child types (C#) Invalid entry in code metrics rule specification file (C#) Mark ISerializable types with serializable (C#) Mark all non-serializable fields (C#) Mark assemblies with CLSCompliant (C#) Mark assemblies with ComVisible (C#) Mark assemblies with NeutralResourcesLanguageAttribute (C#) Mark assemblies with assembly version (C#) Mark attributes with AttributeUsageAttribute (C#) Mark enums with FlagsAttribute (C#) Mark members as static (C#) Members defined on an interface with the 'DynamicInterfaceCastableImplementationAttribute' should be 'static' (C#) Method Enables Debug Features (C#) Method Names Differ Only in Case (C#) Method Should Not Return null (C#) Method Should be final (C#) Method Should be private (C#) Missing Call to super (C#) Missing Equals Override (C#) Missing synchronized Statement (C#) Move pinvokes to native methods class (C#) Mutable Constant Field (C#) Mutable Enumeration (C#) Mutable Public Static Final Array (C#) Named placeholders should not be numeric values (C#) Nested types should not be visible (C#) Non-Object compareTo Parameter (C#) Non-constant fields should not be visible (C#) Non-overriding Method Signature (C#) Nonserializable Field (C#) Nonserializable Field Element (C#) Nonserializable Outer Class (C#) Normalize strings to uppercase (C#) Null Parameter Dereference (C#) Null Pointer Dereference (C#) Null Pointer Dereference (deep) (C#) Operator overloads have named alternates (C#) Operators should have symmetrical overloads (C#) Overload operator equals on overriding value type Equals (C#) Override Object.Equals(object) when implementing IEquatable<T> (C#) Override equals and operator equals on value types (C#) Override methods on comparable types (C#) P/Invokes should not be visible (C#) Parameter count mismatch (C#) Pass system uri objects instead of strings (C#) Possible multiple enumerations of 'IEnumerable' collection (C#) Potential Infinite Recursion (C#) Prefer 'AsSpan' over 'Substring' (C#) Prefer 'Clear' over 'Fill' (C#) Prefer Dictionary.Contains methods (C#) Prefer IsEmpty over Count (C#) Prefer jagged arrays over multidimensional (C#) Prefer static 'HashData' method over 'ComputeHash' (C#) Prefer strongly-typed Append and Insert method overloads on StringBuilder (C#) Prefer the 'IDictionary.TryAdd(TKey, TValue)' method (C#) Prefer the 'IDictionary.TryGetValue(TKey, out TValue)' method (C#) Prefer the 'Memory'-based overloads for 'ReadAsync' and 'WriteAsync' (C#) Prevent behavioral change (C#) Properties should not be write only (C#) Properties should not return arrays (C#) Property, type, or attribute requires runtime marshalling (C#) Provide ObsoleteAttribute message (C#) Provide a parameterless constructor that is as visible as the containing type for concrete types derived from 'System.Runtime.InteropServices.SafeHandle' (C#) Provide correct 'enum' argument to 'Enum.HasFlag' (C#) Provide correct arguments to formatting methods (C#) Provide memory-based overrides of async methods when subclassing 'Stream' (C#) Providing a 'DynamicInterfaceCastableImplementation' interface in Visual Basic is unsupported (C#) Redundant Call for Integral Argument (C#) Redundant Call for String Argument (C#) Redundant Condition (C#) Reflection Bypasses Member Accessibility (C#) Reflection Modifies Member Accessibility (C#) Remove empty Finalizers (C#) Rethrow to preserve stack details (C#) Return Value may Contain null Element (C#) Return Value may be null (C#) Return null Array (C#) Risky Class Cast (C#) Risky array store (C#) Seal internal types (C#) Shadowed Identifier (C#) Should Use == Instead of equals() (C#) Should Use equals() Instead of == (C#) Single-use Random Number Generator (C#) Specify CultureInfo (C#) Specify IFormatProvider (C#) Specify StringComparison for clarity (C#) Specify StringComparison for correctness (C#) Specify a culture or use an invariant version (C#) Specify marshaling for P/Invoke string arguments (C#) Static Field Assigned Non-Static (C#) Static Field Too Visible (C#) Static holder types should be Static or NotInheritable (C#) Synchronization on Interned String (C#) Synchronization on static (C#) Synchronous Call to Thread Body (C#) Template should be a static expression (C#) Test for NaN correctly (C#) Test for empty strings using string length (C#) The 'ModuleInitializer' attribute should not be used in libraries (C#) This API requires opting into preview features (C#) This method uses runtime marshalling even when the 'DisableRuntimeMarshallingAttribute' is applied (C#) Types should not extend certain base types (C#) Types that own disposable fields should be disposable (C#) URI-like parameters should not be strings (C#) URI-like properties should not be strings (C#) URI-like return values should not be strings (C#) Unchecked Parameter Dereference (C#) Unchecked Parameter Dereference (deep) (C#) Unchecked Parameter Element Dereference (deep) (C#) Unguarded Field (C#) Unguarded Method (C#) Unguarded Parameter (C#) Unnecessary Field (C#) Unnecessary call to 'Contains(item)' (C#) Unnecessary call to 'Dictionary.ContainsKey(key)' (C#) Unreachable Instruction (C#) Unused Class (C#) Unused Field (C#) Unused Method (C#) Unused Object (C#) Unused Value: Actual Parameter (C#) Unused Value: Variable (C#) Unused Value: Write to Parameter (C#) Use 'CompositeFormat' (C#) Use 'Environment.CurrentManagedThreadId' (C#) Use 'Environment.ProcessId' (C#) Use 'Environment.ProcessPath' (C#) Use 'StartsWith' instead of 'IndexOf' (C#) Use 'ThrowIfCancellationRequested' (C#) Use 'string.Equals' (C#) Use ArgumentException throw helper (C#) Use ArgumentNullException throw helper (C#) Use ArgumentOutOfRangeException throw helper (C#) Use AsSpan or AsMemory instead of Range-based indexers (C#) Use AsSpan or AsMemory instead of Range-based indexers for getting Span of an array (C#) Use AsSpan or AsMemory instead of Range-based indexers when appropriate (C#) Use Integral Or String Argument For Indexers (C#) Use Length/Count property instead of Count() when available (C#) Use ObjectDisposedException throw helper (C#) Use ValueTasks correctly (C#) Use a cached 'SearchValues' instance (C#) Use char literal for a single character lookup (C#) Use char overload, CA1865 (C#) Use char overload, CA1866 (C#) Use char overload, CA1867 (C#) Use concrete types when possible for improved performance (C#) Use correct type parameter (C#) Use events where appropriate (C#) Use generic event handler instances (C#) Use literals where appropriate (C#) Use nameof to express symbol names (C#) Use ordinal string comparison (C#) Use properties where appropriate (C#) Use span-based 'string.Concat' (C#) Use the 'StringComparison' method overloads to perform case-insensitive string comparisons (C#) Use the LoggerMessage delegates (C#) Use valid platform string (C#) Useless Assignment (C#) Useless Assignment to Default (C#) Useless Class Cast (C#) Useless Synchronization (C#) Useless null Test (C#) Useless null Test of Field (C#) Useless null Test of Parameter (C#) Useless null Test of Return Value (C#) Useless volatile Modifier (C#) Validate arguments of public methods (C#) Validate platform compatibility (C#) Validate platform compatibility - obsoleted APIs (C#) clone Non-cloneable (C#) clone Subclass of Non-clonable (C#) clone not final (C#) compareTo in Non-Comparable Class (C#) compareTo without equals (C#) compareTo/equals mismatch (C#) equals Always Fails (C#) equals Parameter Should Be Object (C#) equals on Array (C#) null Passed to Method (deep) (C#) toString on Array (C#)
security	Addition Overflow of Allocation Size Addition Overflow of Size Buffer Overrun Buffer Underrun Cast Alters Value Coercion Alters Value Command Injection Conversion from Function Pointer Conversion to Function Pointer Double Free Encryption without Padding File System Race Condition Format String Format String Injection Format String Type Error Function Call Has No Effect Hardcoded Authentication Hardcoded Crypto Key Hardcoded Crypto Salt Hardcoded DNS Name Hardcoded Seed in PRNG Inappropriate Call Outside Loop Inline Assembly Code Integer Overflow of Allocation Size LDAP Injection Library Function Override Library Injection MAX_PATH Exceeded Memory Protection Removal Misaligned Object Multiplication Overflow of Allocation Size Multiplication Overflow of Size Negative Character Value Negative Shift Amount No Space For Null Terminator Null Security Descriptor Overlapping Memory Regions Padding Passed Across a Trust Boundary Plaintext Storage of Password Plaintext Transmission of Password Pool Mismatch Possible Anti-Debugging Predictable Seed in PRNG Return Pointer to Freed Return Pointer to Local Return from Computational Exception Signal Handler Return from noreturn Returned Pointer Not Treated as const SQL Injection Shift Amount Exceeds Bit Width Subtraction Underflow of Allocation Size Subtraction Underflow of Size Tainted Allocation Size Tainted Buffer Access Tainted Configuration Setting Tainted Environment Variable Tainted Filename Tainted Network Address Tainted Write Thread is not Joinable Truncation of Allocation Size Truncation of Size Type Mismatch Type Overrun Type Underrun Uninitialized Variable Unreasonable Size Argument Unterminated C String Untrusted Library Load Untrusted Network Host Untrusted Network Port Untrusted Process Creation Use After Close Use After Free Use of CreateFile Use of CreateProcess Use of CreateThread Use of FormatMessage Use of GetTempFileName Use of LoadLibrary Use of LoadModule Use of MoveFile Use of OemToAnsi Use of OemToChar Use of SHCreateProcessAsUserW Use of SO_REUSEADDR Use of ShellExecute Use of StrCatChainW Use of Weak Cryptographic Algorithm Use of WinExec Use of XML_ExternalEntityParserCreate Use of _exec Use of _spawn Use of catopen Use of chroot Use of crypt Use of cuserid Use of execlp Use of execvp Use of getlogin Use of getopt Use of getpass Use of getwd Use of memcmp Use of memset Use of mkstemp Use of mktemp Use of popen Use of rand Use of rand48 Function Use of random Use of realloc Use of realpath Use of recvmsg Use of setuid Use of signal Use of strcat Use of strchr Use of strcmp Use of strcoll Use of strcpy Use of strcspn Use of strlen Use of strpbrk Use of strrchr Use of strspn Use of strstr Use of strtok Use of strtrns Use of syslog Use of t_open Use of tmpfile Use of tmpnam Use of ttyname Use of vfork Varargs Function Cast Weak Cryptography chroot without chdir	Accessing File in Permissive Mode (Java) Android Message Injection (Java) Android URL Injection (Java) Anonymous LDAP Authentication (Java) Certificate Added to Root Store (Java) Code Injection (Java) Command Injection (Java) Cross Site Scripting (Java) Cross Site Scripting In Error Message Web Page (Java) Cryptographic Algorithm with Risky Default Cipher (Java) Cryptographic Algorithm with Weak Cipher (Java) Cryptographic Algorithm with Weak Hash (Java) DLL Injection (Java) DOS Injection (Java) Deprecated Cryptography Provider (Java) Deprecated Transfer Protocol (Java) Deserializable Class (Java) Deserializing Non-Serializable Class (Java) Direct Thread Usage in Http Servlet (Java) Exception Information Disclosure (Java) Execution After Redirect (Java) Format String Injection (Java) Fragment Injection (Java) Hardcoded Cryptographic Key (Java) Hardcoded IP Address (Java) Hardcoded Password (Java) Hardcoded Random Seed (Java) Hostname in Condition (Java) Inadequate Salt (Java) Ineffective Cleansing of Fragment Taint (Java) Insecure Cookie (Java) Insecure Key Derivation (Java) Insecure Random Number Generator (Java) Insecure Socket Factory (Java) Insecure XSLT Execution (Java) Insecure verifier Override for Hostname (Java) Insecure verify Override for Certificate (Java) JavaScript Enabled (Java) JavaScript File Access from File URLs (Java) LDAP Authentication Disabled (Java) Legacy Random Generator (Java) Method Disables Security Setting (Java) Missing Authentication Annotation (Java) Missing Required Cryptographic Step (Java) Open Redirect (Java) Password in Property File (Java) Permissive File Mode (Java) Possible XML External Entity Reference (Java) Potential LDAP Poisoning (Java) Reflection Injection (Java) Risky Cipher Algorithm (Java) Risky Cipher Field (Java) Risky Cryptographic Algorithm (Java) Risky Cryptographic Field (Java) Risky JavaScript Interface (Java) SQL Injection (Java) Security Annotation Conflict (Java) Sensitive Data Cached (Java) Sensitive Data Written to External Storage (Java) Sensitive Data Written to Local File (Java) Tainted @Trusted Value (Java) Tainted Allocation Size (Java) Tainted Bundle (Java) Tainted Control (Java) Tainted Data in Vulnerable Method (Java) Tainted Expression Evaluation (Java) Tainted HTTP Response (Java) Tainted Hardware Device Property (Java) Tainted LDAP Attribute (Java) Tainted LDAP Filter (Java) Tainted Log (Java) Tainted Message (Java) Tainted Network Address (Java) Tainted Path (Java) Tainted Regular Expression (Java) Tainted Resource (Java) Tainted Session (Java) Tainted URL (Java) Tainted XAML (Java) Tainted XML (Java) Tainted Xpath (Java) Universal JavaScript Access to File URLs (Java) Unsafe Base64 Encoding (Java) Unsafe Session Expiration Time (Java) Untrusted Network Host (Java) Use of Hardware ID (Java) Use of Insecure verify for Certificate (Java) Use of Insecure verify for Hostname (Java) Use of Same Seed (Java) Weak Cryptographic Value (Java) Weak Hash Algorithm (Java) Weak Hash Algorithm Field (Java) Weak Initialization Vector Field (Java) Weak Initialization Vector Value (Java)	Anonymous LDAP Authentication (C#) Avoid hardcoded SslProtocols values (C#) Avoid hardcoding SecurityProtocolType value (C#) Certificate Added to Root Store (C#) Code Injection (C#) Command Injection (C#) Cross Site Scripting (C#) Cross Site Scripting In Error Message Web Page (C#) Cryptographic Algorithm with Risky Default Cipher (C#) Cryptographic Algorithm with Weak Cipher (C#) Cryptographic Algorithm with Weak Hash (C#) DLL Injection (C#) DOS Injection (C#) Deprecated Cryptography Provider (C#) Deprecated Transfer Protocol (C#) Deserializable Class (C#) Disabled Input Validation (C#) Do Not Add Archive Item's Path To The Target File System Path (C#) Do Not Add Certificates To Root Store (C#) Do Not Add Schema By URL (C#) Do Not Call Dangerous Methods In Deserialization (C#) Do Not Catch Corrupted State Exceptions (C#) Do Not Disable Certificate Validation (C#) Do Not Disable HTTP Header Checking (C#) Do Not Disable Request Validation (C#) Do Not Disable SChannel Use of Strong Crypto (C#) Do Not Serialize Types With Pointer Fields (C#) Do Not Use Account Shared Access Signature (C#) Do Not Use Broken Cryptographic Algorithms (C#) Do Not Use Deprecated Security Protocols (C#) Do Not Use Digital Signature Algorithm (DSA) (C#) Do Not Use Weak Cryptographic Algorithms (C#) Do Not Use Weak Key Derivation Function With Insufficient Iteration Count (C#) Do Not Use XslTransform (C#) Do not always skip token validation in delegates (C#) Do not call BinaryFormatter.Deserialize without first setting BinaryFormatter.Binder (C#) Do not deserialize with JavaScriptSerializer using a SimpleTypeResolver (C#) Do not deserialize with JsonSerializer using an insecure configuration (C#) Do not deserialize without first setting NetDataContractSerializer.Binder (C#) Do not disable ServicePointManagerSecurityProtocols (C#) Do not disable token validation checks (C#) Do not hard-code certificate (C#) Do not hard-code encryption key (C#) Do not use CreateEncryptor with non-default IV (C#) Do not use DataSet.ReadXml() with untrusted data (C#) Do not use DataTable.ReadXml() with untrusted data (C#) Do not use TypeNameHandling values other than None (C#) Do not use deprecated SslProtocols values (C#) Do not use insecure JsonSerializerSettings (C#) Do not use insecure deserializer BinaryFormatter (C#) Do not use insecure deserializer LosFormatter (C#) Do not use insecure deserializer NetDataContractSerializer (C#) Do not use insecure deserializer ObjectStateFormatter (C#) Do not use insecure randomness (C#) Do not use obsolete key derivation function (C#) Do not use unsafe DllImportSearchPath value (C#) Ensure BinaryFormatter.Binder is set before calling BinaryFormatter.Deserialize (C#) Ensure Certificates Are Not Added To Root Store (C#) Ensure HttpClient certificate revocation list check is not disabled (C#) Ensure JavaScriptSerializer is not initialized with SimpleTypeResolver before deserializing (C#) Ensure Key Derivation Function algorithm is sufficiently strong (C#) Ensure NetDataContractSerializer.Binder is set before deserializing (C#) Ensure Sufficient Iteration Count When Using Weak Key Derivation Function (C#) Ensure Use Secure Cookies In ASP.NET Core (C#) Ensure auto-generated class containing DataSet.ReadXml() is not used with untrusted data (C#) Ensure that JsonSerializer has a secure configuration when deserializing (C#) Ensure that JsonSerializerSettings are secure (C#) Exception Information Disclosure (C#) Execution After Redirect (C#) Format String Injection (C#) Hardcoded Cryptographic Key (C#) Hardcoded IP Address (C#) Hardcoded Password (C#) Hardcoded Random Seed (C#) Hostname in Condition (C#) HttpClients should enable certificate revocation list checks (C#) Inadequate Salt (C#) Insecure Cookie (C#) Insecure DTD processing in XML (C#) Insecure Key Derivation (C#) Insecure Processing in API Design, XmlDocument and XmlTextReader (C#) Insecure Random Number Generator (C#) Insecure XSLT Execution (C#) Insecure XSLT script processing (C#) Legacy Random Generator (C#) Mark Verb Handlers With Validate Antiforgery Token (C#) Method Disables Security Setting (C#) Miss HttpVerb attribute for action methods (C#) Missing Authentication Annotation (C#) Missing Required Cryptographic Step (C#) Open Redirect (C#) Password in Property File (C#) Possible XML External Entity Reference (C#) Potential reference cycle in deserialized object graph (C#) Reflection Injection (C#) Review SQL queries for security vulnerabilities (C#) Review cipher mode usage with cryptography experts (C#) Review code for DLL injection vulnerabilities (C#) Review code for LDAP injection vulnerabilities (C#) Review code for SQL injection vulnerabilities (C#) Review code for XAML injection vulnerabilities (C#) Review code for XML injection vulnerabilities (C#) Review code for XPath injection vulnerabilities (C#) Review code for XSS vulnerabilities (C#) Review code for file path injection vulnerabilities (C#) Review code for information disclosure vulnerabilities (C#) Review code for open redirect vulnerabilities (C#) Review code for process command injection vulnerabilities (C#) Review code for regex injection vulnerabilities (C#) Risky Cipher Algorithm (C#) Risky Cipher Field (C#) Risky Cryptographic Algorithm (C#) Risky Cryptographic Field (C#) SQL Injection (C#) Seal methods that satisfy private interfaces (C#) Security Annotation Conflict (C#) Set HttpOnly to true for HttpCookie (C#) Set ViewStateUserKey For Classes Derived From Page (C#) Tainted @Trusted Value (C#) Tainted Allocation Size (C#) Tainted Bundle (C#) Tainted Control (C#) Tainted Expression Evaluation (C#) Tainted HTTP Response (C#) Tainted Hardware Device Property (C#) Tainted LDAP Attribute (C#) Tainted LDAP Filter (C#) Tainted Log (C#) Tainted Message (C#) Tainted Network Address (C#) Tainted Path (C#) Tainted Regular Expression (C#) Tainted Resource (C#) Tainted Session (C#) Tainted URL (C#) Tainted XAML (C#) Tainted XML (C#) Tainted Xpath (C#) Unsafe Base64 Encoding (C#) Unsafe DataSet or DataTable in auto-generated serializable type can be vulnerable to remote code execution attacks (C#) Unsafe DataSet or DataTable in deserialized object graph can be vulnerable to remote code execution attacks (C#) Unsafe DataSet or DataTable in serializable type (C#) Unsafe DataSet or DataTable in serializable type can be vulnerable to remote code execution attacks (C#) Unsafe DataSet or DataTable type found in deserializable object graph (C#) Unsafe DataSet or DataTable type in web deserializable object graph (C#) Unsafe Session Expiration Time (C#) Use Container Level Access Policy (C#) Use CreateEncryptor with the default IV (C#) Use DefaultDllImportSearchPaths attribute for P/Invokes (C#) Use Rivest-Shamir-Adleman (RSA) Algorithm With Sufficient Key Size (C#) Use Secure Cookies In ASP.NET Core (C#) Use SharedAccessProtocol HttpsOnly (C#) Use XmlReader for 'DataSet.ReadXml()' (C#) Use XmlReader for 'XmlSchema.Read()' (C#) Use XmlReader for 'XmlSerializer.Deserialize()' (C#) Use XmlReader for XPathDocument constructor (C#) Use XmlReader for XmlValidatingReader constructor (C#) Use antiforgery tokens in ASP.NET Core MVC controllers (C#) Use of Same Seed (C#) Weak Cryptographic Value (C#) Weak Hash Algorithm (C#) Weak Hash Algorithm Field (C#) Weak Initialization Vector Field (C#) Weak Initialization Vector Value (C#)
style	## Follows # Operator /* in Comment // in Comment Anonymous Namespace in Header File Array Parameter Array to Pointer Decay Assembly Pragma Assignment Result in Expression Assignment in Conditional Backwards goto Basic Numerical Type Used Bit-field Signedness Not Explicit Bit-field Too Short Body Is Not Compound Statement Boolean switch Expression C++ Comment in C C-style Cast Cast: Arithmetic Type/Void Pointer Cast: Object Pointers Code Before #include Coercion: Integer Constant to Pointer Comment Suggests Code Unfinished Commented-out Code Condition Contains Side Effects Condition Is Not Boolean Conditional Compilation Confusing Literal Suffix Confusing Operator Overload Continue Statement Conversion: Pointer to Incomplete Conversion: Pointer/Integer Conversion: Void Pointer to Object Pointer Copy Operation Parameter Is Not const Dangerous Include File Name Declaration of Flexible Array Member Declaration of Reserved Name Declaration of Variable Length Array Dynamic Allocation After Initialization Dynamic Thread Creation Ellipsis Excessive Macro Parameter Evaluation in C Generic Excessive Stack Depth Expression Value Widened by Assignment Expression Value Widened by Other Operand Extern Array Without Size FILE* Dereference Float Pointer Conversion Float-typed Loop Counter Floating Point Domain Error Floating Point Equality Floating Point Range Error Function Defined in Header File Function Pointer Function Pointer Conversion Function Too Long Function-Like Macro GNU Extension GNU Typeof Goto Statement High Cyclomatic Complexity (Procedure) High Risk Loop Implicit Address of Function Implicit Constructor Shadowing Implicit Function Declaration Implicit Inheritance from Stateful Virtual Base Implicit Lambda Capture Implicit Pointer Type Conversion in Selection of C Generic Implicit Type Inappropriate Argument to memcmp Inappropriate Assignment Operator Return Inappropriate Assignment Type Inappropriate Association Type in C Generic Inappropriate Bit-field Type Inappropriate Cast Type Inappropriate Cast Type: Expression Inappropriate Character Arithmetic Inappropriate Declaration in Global Namespace Inappropriate Include File Specification Inappropriate Operand Type Inappropriate Selection Type in C Generic Inappropriate Test of Error Code Inappropriate Volatile Declaration Incomplete Function Prototype Inconsistent Chained Designator Initialization Inconsistent Enumerator Initialization Inconsistent Macro Parameter Expansion in C Generic Inline Function Not static Label Not In Enclosing Block Lambda Has No Parameter List Lambda Has No Return Type Leftover Debug Code Line Splicing in Comment Lock/Unlock Mismatch Macro Argument is both Mixed and Expanded Macro Defined in Function Body Macro Defines Constant Macro Definition of Reserved Name Macro Does Not End With } or ) Macro Does Not Start With { or ( Macro Name is C Keyword Macro Parameter Not Parenthesized Macro Undefined in Function Body Macro Undefinition of Reserved Name Macro Uses # Operator Macro Uses ## Operator Macro Uses -> Operator Macro Uses Unary * Operator Macro Uses [] Operator Malformed #include Malformed for-loop Condition Malformed for-loop Initialization Malformed for-loop Step Malformed switch Statement Member Function Could Be const Member Function Could Be static Method Default Value Mismatch Microsoft Extension Mismatched Argument Types Mismatched Operand Types Misplaced Default Association in C Generic Misplaced Return Statement Misplaced Using Declaration Misplaced case Misplaced default Missing Braces in Initialization Missing External Declaration Missing External Definition Missing Final else Missing Literal Suffix Missing Lock Acquisition Missing Lock Release Missing Parentheses Missing Test of Error Code Missing User-defined Operations Missing break Missing default Missing for-loop Step Missing for-loop Termination Missing noreturn Specifier Mixed Assembly and Code Modification of Standard Namespaces Modified Parameter Multiple Abnormal Loop Exits Multiple Declarations On Line Multiple Declarations of a Global Multiple External Declarations Multiple External Definitions Multiple Inheritance with Private Interface Class Multiple Inheritance with Protected Interface Class Multiple Inheritance with Public Base Class Multiple Inheritance with Too Many Protected Base Classes Multiple Return Statements Multiple Statements On Line NULL Used as Integer Naming Style Violation Nested Function Declaration Nested Locks No Matching #endif No Matching #if No Previous Declaration Non-Boolean Preprocessor Expression Non-const String Literal Non-distinct Identifiers: External Names Non-distinct Identifiers: Macro/Macro Non-distinct Identifiers: Macro/Other Non-distinct Identifiers: Nested Scope Non-distinct Identifiers: Same Scope Non-unique Identifiers: External Name Non-unique Identifiers: Internal Name Non-unique Identifiers: Tag Non-unique Identifiers: Typedef Non-zero Error Code Not All Warnings Are Enabled Not Enough Assertions Object Defined in Header File Object Slicing Octal Constant Out of Order Member Initializers Override of Non-Virtual Method Partially Uninitialized Aggregate Partially Uninitialized Array Pointed-to Type Could Be const Pointer Arithmetic Pointer Before Beginning of Object Pointer Past End of Object Pointer Type Inside Typedef Pointer to Variably-modified Array Type Potential Timebomb Potential Unbounded Loop Preprocessing Directives in Macro Argument Raises FE_INVALID Recursion Recursive Macro Register Keyword Restrict Qualifier Used Risky Integer Promotion Scope Could Be File Static Scope Could Be Local Static Side Effects in C Generic Selection Side Effects in Expression with Decrement Side Effects in Expression with Increment Side Effects in Initializer List Side Effects in Logical Operand Side Effects in sizeof Task Delay Function Too Few Cases in switch Too Many Alignment Specifiers Too Many Dereferences Too Many Parameters Too Many Side Effects in Assignment Too Many Side Effects in Condition Too Many Side Effects in Function Call Too Many Side Effects in Statement Too Many Side Effects in Switch Too Much Indirection in Declaration Trigraph Typographically Ambiguous Identifiers Unbalanced Parenthesis Unchecked Parameter Dereference Undefined Macro in #if Union Type Unnamed Field Unneeded Implicitly Generated Operations Unspecified Array Size with Designator Initialization Unterminated Escape Sequence Unused Label Unused Macro Unused Parameter Unused Tag Unused Type Unused Variable Use of #define Use of #elif Use of #elifdef Use of #elifndef Use of #else Use of #endif Use of #error Use of #if Use of #ifdef Use of #ifndef Use of #import Use of #include Use of #include_next Use of #line Use of #pragma Use of #undef Use of #using Use of #warning Use of <fenv.h> Exception Handling Function Use of <setjmp.h> Use of <signal.h> Use of <stdio.h> Input/Output Use of <stdio.h> Input/Output Macro Use of <stdlib.h> Allocator/Deallocator Use of <stdlib.h> Allocator/Deallocator Macro Use of <tgmath.h> Use of <time.h> Time/Date Function Use of <wchar.h> Input/Output Use of <wchar.h> Input/Output Macro Use of AddAccessAllowedAce Use of AddAccessDeniedAce Use of AfxLoadLibrary Use of AfxParseURL Use of Alignas Use of Alignof Use of C Atomic Use of C Generic Use of CoLoadLibrary Use of Comma Operator Use of L_tmpnam_s Use of NULL Use of Noreturn Use of TMP_MAX_S Use of Thread Local Use of abort Use of abort_handler_s Use of asctime_s Use of atof Use of atoi Use of atol Use of atoll Use of bsearch Use of bsearch_s Use of catch Use of constraint_handler_t Use of ctime_s Use of drem Use of exit Use of fopen_s Use of fprintf_s Use of freopen_s Use of fscanf_s Use of fwprintf_s Use of fwscanf_s Use of getenv Use of getenv_s Use of gets Use of gets_s Use of gmtime_s Use of ignore_handler_s Use of localtime_s Use of longjmp Use of mbsrtowcs_s Use of mbstowcs_s Use of memcpy_s Use of memmove_s Use of memset_s Use of offsetof Use of printf_s Use of putenv Use of qsort Use of qsort_s Use of scanf_s Use of set_constraint_handler_s Use of setjmp Use of snprintf_s Use of snwprintf_s Use of sprintf_s Use of sscanf_s Use of strcat_s Use of strcpy_s Use of strerror_s Use of strerrorlen_s Use of strncat_s Use of strncpy_s Use of strnlen_s Use of strtok_s Use of swprintf_s Use of swscanf_s Use of system Use of throw Use of tmpfile_s Use of tmpnam_s Use of vfprintf_s Use of vfscanf_s Use of vfwprintf_s Use of vfwscanf_s Use of vprintf_s Use of vscanf_s Use of vsnprintf_s Use of vsnwprintf_s Use of vsprintf_s Use of vsscanf_s Use of vswprintf_s Use of vswscanf_s Use of vwprintf_s Use of vwscanf_s Use of wcrtomb_s Use of wcscat_s Use of wcscpy_s Use of wcsncat_s Use of wcsncpy_s Use of wcsnlen_s Use of wcsrtombs_s Use of wcstok_s Use of wcstombs_s Use of wctomb_s Use of wmemcpy_s Use of wmemmove_s Use of wprintf_s Use of wscanf_s Using Declaration in Header File Using Directive Using Directive in Header File Variable Could Be const Variadic Macro Virtual Base Class Virtual Base Class not In Diamond Virtual and Non-Virtual Base Class Warnings Not Treated As Errors switch With Non-enum Expression	Naming Style Violation (Java)	Do not name enum values 'Reserved' (C#) Do not prefix enum values with type name (C#) Events should not have 'Before' or 'After' prefix (C#) Identifier contains type name (C#) Identifiers should differ by more than case (C#) Identifiers should have correct prefix (C#) Identifiers should have correct suffix (C#) Identifiers should not contain underscores (C#) Identifiers should not have incorrect suffix (C#) Identifiers should not match keywords (C#) Naming Style Violation (C#) Parameter names should match base declaration (C#) Property names should not match get methods (C#) Type names should not match namespaces (C#) Use PascalCase for named placeholders (C#)