# This file was generated from template 'codesonar\presets\disa.conf.in' # # enables warning classes related to all versions of the # DISA Application Security and Development STIG for which CodeSonar # has mappings. # # This part of this file was generated from 'cso_wcmanifest.py' # # At least one of the classes enabled by this preset requires unnormalized C ASTs RETAIN_UNNORMALIZED_C_AST = Yes # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Addition Overflow of Allocation Size" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Addition Overflow of Size" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Buffer Overrun" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Buffer Underrun" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast Alters Value" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Coercion Alters Value" # DISA-3r10:V-16810: The designer will ensure the application does not allow command injection. # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70261: The application must protect from command injection. # DISA-4r3:V-70265: The application must validate all input. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70265: The application must validate all input. # DISA-6r1:V-222604: The application must protect from command injection. # DISA-6r1:V-222606: The application must validate all input. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection" # DISA-4r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-6r1:V-222604: The application must protect from command injection. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (C#)" # DISA-4r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-6r1:V-222604: The application must protect from command injection. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Java)" # DISA-4r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-5r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-6r1:V-222602: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (C#)" # DISA-4r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-5r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-6r1:V-222602: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Java)" # DISA-4r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-5r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-6r1:V-222602: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (C#)" # DISA-4r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-5r3:V-70257: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # DISA-6r1:V-222602: The application must protect from Cross-Site Scripting (XSS) vulnerabilities. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Dangerous Include File Name" # DISA-3r10:V-16815: The designer will ensure the application is not vulnerable to race conditions. # DISA-4r3:V-70185: The application must not be vulnerable to race conditions. # DISA-5r3:V-70185: The application must not be vulnerable to race conditions. # DISA-6r1:V-222567: The application must not be vulnerable to race conditions. WARNING_FILTER += allow class="Data Race" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Division By Zero" # DISA-3r10:V-6135: The designer will ensure the appropriate cryptography is used to protect stored DoD information if required by the information owner. # DISA-3r10:V-6136: The designer will ensure data transmitted through a commercial or wireless network is protected using an appropriate form of cryptography. # DISA-4r3:V-69257: The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. # DISA-4r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-4r3:V-70229: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-4r3:V-70245: The application must protect the confidentiality and integrity of transmitted information. # DISA-5r3:V-69257: The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. # DISA-5r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-5r3:V-70229: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-5r3:V-70245: The application must protect the confidentiality and integrity of transmitted information. # DISA-6r1:V-222396: The application must implement DoD-approved encryption to protect the confidentiality of remote access sessions. # DISA-6r1:V-222397: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-6r1:V-222589: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-6r1:V-222596: The application must protect the confidentiality and integrity of transmitted information. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Encryption without Padding" # DISA-3r10:V-16804: The designer will ensure the application does not rely solely on a resource name to control access to a resource. # DISA-3r10:V-16815: The designer will ensure the application is not vulnerable to race conditions. # DISA-4r3:V-70185: The application must not be vulnerable to race conditions. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70185: The application must not be vulnerable to race conditions. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222567: The application must not be vulnerable to race conditions. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="File System Race Condition" # DISA-3r10:V-16809: The designer will ensure the application does not contain format string vulnerabilities. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String" # DISA-3r10:V-16809: The designer will ensure the application does not contain format string vulnerabilities. # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String Injection" # DISA-3r10:V-6156: The designer will ensure the application does not contain embedded authentication data. # DISA-4r3:V-70363: The application must not contain embedded authentication data. # DISA-5r3:V-70363: The application must not contain embedded authentication data. # DISA-6r1:V-222642: The application must not contain embedded authentication data. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Authentication" # DISA-3r10:V-16804: The designer will ensure the application does not rely solely on a resource name to control access to a resource. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Hardcoded DNS Name" # DISA-3r10:V-6166: The designer will ensure the application is not subject to error handling vulnerabilities. # DISA-4r3:V-70391: The application must not be subject to error handling vulnerabilities. # DISA-5r3:V-70391: The application must not be subject to error handling vulnerabilities. # DISA-6r1:V-222656: The application must not be subject to error handling vulnerabilities. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Ignored Return Value" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Inappropriate Character Arithmetic" # DISA-4r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-5r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-6r1:V-222608: The application must not be vulnerable to XML-oriented attacks. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure XSLT Execution (C#)" # DISA-4r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-5r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-6r1:V-222608: The application must not be vulnerable to XML-oriented attacks. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure XSLT Execution (Java)" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Integer Overflow of Allocation Size" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LDAP Injection" # DISA-3r10:V-16810: The designer will ensure the application does not allow command injection. # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70261: The application must protect from command injection. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222604: The application must protect from command injection. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Library Injection" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Multiplication Overflow of Size" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Negative Shift Amount" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="No Space For Null Terminator" # DISA-3r10:V-16796: The designer will ensure the application transmits account passwords in an approved encrypted format. # DISA-3r10:V-16797: The designer will ensure the application stores account passwords in an approved encrypted format. # DISA-4r3:V-69567: The application must only store cryptographic representations of passwords. # DISA-4r3:V-69569: The application must transmit only cryptographically-protected passwords. # DISA-5r3:V-69567: The application must only store cryptographic representations of passwords. # DISA-5r3:V-69569: The application must transmit only cryptographically-protected passwords. # DISA-6r1:V-222542: The application must only store cryptographic representations of passwords. # DISA-6r1:V-222543: The application must transmit only cryptographically-protected passwords. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Plaintext Storage of Password" # DISA-3r10:V-16796: The designer will ensure the application transmits account passwords in an approved encrypted format. # DISA-3r10:V-16797: The designer will ensure the application stores account passwords in an approved encrypted format. # DISA-4r3:V-69567: The application must only store cryptographic representations of passwords. # DISA-4r3:V-69569: The application must transmit only cryptographically-protected passwords. # DISA-5r3:V-69567: The application must only store cryptographic representations of passwords. # DISA-5r3:V-69569: The application must transmit only cryptographically-protected passwords. # DISA-6r1:V-222542: The application must only store cryptographic representations of passwords. # DISA-6r1:V-222543: The application must transmit only cryptographically-protected passwords. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Plaintext Transmission of Password" # DISA-4r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-5r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-6r1:V-222608: The application must not be vulnerable to XML-oriented attacks. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Possible XML External Entity Reference (C#)" # DISA-4r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-5r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-6r1:V-222608: The application must not be vulnerable to XML-oriented attacks. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Possible XML External Entity Reference (Java)" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Risky Integer Promotion" # DISA-3r10:V-16807: The designer will ensure the application is not vulnerable to SQL Injection, uses prepared or parameterized statements, does not use concatenation or replacement to build SQL queries, and does not directly access the tables in a database. # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70267: The application must not be vulnerable to SQL Injection. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70267: The application must not be vulnerable to SQL Injection. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222607: The application must not be vulnerable to SQL Injection. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection" # DISA-4r3:V-70267: The application must not be vulnerable to SQL Injection. # DISA-5r3:V-70267: The application must not be vulnerable to SQL Injection. # DISA-6r1:V-222607: The application must not be vulnerable to SQL Injection. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (C#)" # DISA-4r3:V-70267: The application must not be vulnerable to SQL Injection. # DISA-5r3:V-70267: The application must not be vulnerable to SQL Injection. # DISA-6r1:V-222607: The application must not be vulnerable to SQL Injection. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Java)" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" # DISA-3r10:V-16808: The designer will ensure the application is not vulnerable to integer arithmetic issues. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Subtraction Underflow of Size" # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Tainted Allocation Size" # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Buffer Access" # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Tainted Configuration Setting" # DISA-3r10:V-16804: The designer will ensure the application does not rely solely on a resource name to control access to a resource. # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Tainted Filename" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Tainted Network Address" # DISA-3r10:V-6164: The designer will ensure the application validates all input. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Tainted Write" # DISA-4r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-5r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-6r1:V-222608: The application must not be vulnerable to XML-oriented attacks. # This check is enabled by default for the language(s) C# # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XML (C#)" # DISA-4r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-5r3:V-70269: The application must not be vulnerable to XML-oriented attacks. # DISA-6r1:V-222608: The application must not be vulnerable to XML-oriented attacks. # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XML (Java)" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Call" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Computation" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Conditional" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unreachable Control Flow" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Data Flow" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreasonable Size Argument" # DISA-4r3:V-70261: The application must protect from command injection. # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222604: The application must protect from command injection. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Untrusted Library Load" # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Untrusted Network Host" # DISA-4r3:V-70265: The application must validate all input. # DISA-4r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-5r3:V-70265: The application must validate all input. # DISA-5r3:V-70271: The application must not be subject to input handling vulnerabilities. # DISA-6r1:V-222606: The application must validate all input. # DISA-6r1:V-222609: The application must not be subject to input handling vulnerabilities. WARNING_FILTER += allow class="Untrusted Network Port" # DISA-4r3:V-70261: The application must protect from command injection. # DISA-4r3:V-70265: The application must validate all input. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70265: The application must validate all input. # DISA-6r1:V-222604: The application must protect from command injection. # DISA-6r1:V-222606: The application must validate all input. WARNING_FILTER += allow class="Untrusted Process Creation" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unused Label" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unused Macro" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unused Parameter" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unused Tag" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unused Type" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unused Value" # DISA-3r10:V-6149: The designer will ensure the application does not contain source code that is never invoked during operation, except for software components and libraries from approved third-party products. WARNING_FILTER += allow class="Unused Variable" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of AfxLoadLibrary" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of CoLoadLibrary" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of CreateProcess" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of LoadLibrary" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of LoadModule" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of MoveFile" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of OemToAnsi" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of OemToChar" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of SHCreateProcessAsUserW" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of ShellExecute" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of StrCatChainW" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of WinExec" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of _exec" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of _spawn" # DISA-3r10:V-6135: The designer will ensure the appropriate cryptography is used to protect stored DoD information if required by the information owner. # DISA-3r10:V-6137: The designer will ensure the application uses the Federal Information Processing Standard (FIPS) 140-2 validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-4r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-4r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-4r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-4r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-4r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-4r3:V-70229: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-5r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-5r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-5r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-5r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-5r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-5r3:V-70229: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-6r1:V-222397: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-6r1:V-222570: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-6r1:V-222571: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-6r1:V-222572: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-6r1:V-222583: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-6r1:V-222589: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of crypt" # DISA-3r10:V-16810: The designer will ensure the application does not allow command injection. # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-4r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-6r1:V-222604: The application must protect from command injection. WARNING_FILTER += allow class="Use of execlp" # DISA-3r10:V-16810: The designer will ensure the application does not allow command injection. # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-4r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-6r1:V-222604: The application must protect from command injection. WARNING_FILTER += allow class="Use of execvp" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of getopt" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of getpass" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of gets" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of getwd" # DISA-3r10:V-16793: The designer will ensure the application properly clears or overwrites all memory blocks used to process sensitive data, if required by the information owner, and clears or overwrites all memory blocks used for classified data. WARNING_FILTER += allow class="Use of memset" # DISA-3r10:V-16810: The designer will ensure the application does not allow command injection. # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-4r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-6r1:V-222604: The application must protect from command injection. WARNING_FILTER += allow class="Use of popen" # DISA-3r10:V-6137: The designer will ensure the application uses the Federal Information Processing Standard (FIPS) 140-2 validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-4r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-4r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-4r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-4r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-4r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-5r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-5r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-5r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-5r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-5r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-6r1:V-222397: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-6r1:V-222570: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-6r1:V-222571: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-6r1:V-222572: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-6r1:V-222583: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. WARNING_FILTER += allow class="Use of rand" # DISA-3r10:V-6137: The designer will ensure the application uses the Federal Information Processing Standard (FIPS) 140-2 validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-4r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-4r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-4r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-4r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-4r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-5r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-5r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-5r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-5r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-5r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-6r1:V-222397: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-6r1:V-222570: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-6r1:V-222571: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-6r1:V-222572: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-6r1:V-222583: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. WARNING_FILTER += allow class="Use of rand48 Function" # DISA-3r10:V-6137: The designer will ensure the application uses the Federal Information Processing Standard (FIPS) 140-2 validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-4r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-4r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-4r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-4r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-4r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-5r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-5r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-5r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-5r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-5r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-6r1:V-222397: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-6r1:V-222570: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-6r1:V-222571: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-6r1:V-222572: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-6r1:V-222583: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. WARNING_FILTER += allow class="Use of random" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of realpath" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of recvmsg" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strcat" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strchr" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strcmp" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strcoll" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strcpy" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strcspn" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strlen" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strpbrk" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strrchr" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strspn" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strstr" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strtok" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of strtrns" # DISA-3r10:V-6165: The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language. # DISA-4r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-5r3:V-70277: The application must not be vulnerable to overflow attacks. # DISA-6r1:V-222612: The application must not be vulnerable to overflow attacks. WARNING_FILTER += allow class="Use of syslog" # DISA-3r10:V-16810: The designer will ensure the application does not allow command injection. # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. # DISA-4r3:V-70261: The application must protect from command injection. # DISA-5r3:V-70261: The application must protect from command injection. # DISA-6r1:V-222604: The application must protect from command injection. WARNING_FILTER += allow class="Use of system" # DISA-3r10:V-6157: The designer will ensure the application does not contain invalid URL or path references. WARNING_FILTER += allow class="Use of t_open" # DISA-4r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-4r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-4r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-4r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-4r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-4r3:V-70229: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-5r3:V-69259: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-5r3:V-70191: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-5r3:V-70193: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-5r3:V-70195: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-5r3:V-70217: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-5r3:V-70229: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. # DISA-6r1:V-222397: The application must implement cryptographic mechanisms to protect the integrity of remote access sessions. # DISA-6r1:V-222570: The application must utilize FIPS-validated cryptographic modules when signing application components. # DISA-6r1:V-222571: The application must utilize FIPS-validated cryptographic modules when generating cryptographic hashes. # DISA-6r1:V-222572: The application must utilize FIPS-validated cryptographic modules when protecting unclassified information that requires cryptographic protection. # DISA-6r1:V-222583: The application must use the Federal Information Processing Standard (FIPS) 140-2-validated cryptographic modules and random number generator if the application implements encryption, key exchange, digital signature, and hash functionality. # DISA-6r1:V-222589: The application must use appropriate cryptography in order to protect stored DoD information when required by the information owner or DoD policy. WARNING_FILTER += allow class="Weak Cryptography"