CodeQL documentation

CWE coverage for C#

An overview of CWE coverage for C# in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE‑11 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑12 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑13 C# cs/password-in-configuration Password in configuration file
CWE‑20 C# cs/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑20 C# cs/serialization-check-bypass Serialization check bypass
CWE‑20 C# cs/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑20 C# cs/xml/missing-validation Missing XML validation
CWE‑20 C# cs/assembly-path-injection Assembly path injection
CWE‑22 C# cs/path-injection Uncontrolled data used in path expression
CWE‑22 C# cs/zipslip Arbitrary file write during zip extraction ("Zip Slip")
CWE‑22 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑23 C# cs/path-injection Uncontrolled data used in path expression
CWE‑23 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑36 C# cs/path-injection Uncontrolled data used in path expression
CWE‑36 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑73 C# cs/path-injection Uncontrolled data used in path expression
CWE‑73 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑74 C# cs/path-injection Uncontrolled data used in path expression
CWE‑74 C# cs/command-line-injection Uncontrolled command line
CWE‑74 C# cs/stored-command-line-injection Uncontrolled command line from stored user input
CWE‑74 C# cs/web/stored-xss Stored cross-site scripting
CWE‑74 C# cs/web/xss Cross-site scripting
CWE‑74 C# cs/second-order-sql-injection SQL query built from stored user-controlled sources
CWE‑74 C# cs/sql-injection SQL query built from user-controlled sources
CWE‑74 C# cs/ldap-injection LDAP query built from user-controlled sources
CWE‑74 C# cs/stored-ldap-injection LDAP query built from stored user-controlled sources
CWE‑74 C# cs/xml-injection XML injection
CWE‑74 C# cs/code-injection Improper control of generation of code
CWE‑74 C# cs/resource-injection Resource injection
CWE‑74 C# cs/uncontrolled-format-string Uncontrolled format string
CWE‑74 C# cs/xml/stored-xpath-injection Stored XPath injection
CWE‑74 C# cs/xml/xpath-injection XPath injection
CWE‑74 C# cs/web/disabled-header-checking Header checking disabled
CWE‑74 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑77 C# cs/command-line-injection Uncontrolled command line
CWE‑77 C# cs/stored-command-line-injection Uncontrolled command line from stored user input
CWE‑78 C# cs/command-line-injection Uncontrolled command line
CWE‑78 C# cs/stored-command-line-injection Uncontrolled command line from stored user input
CWE‑79 C# cs/web/stored-xss Stored cross-site scripting
CWE‑79 C# cs/web/xss Cross-site scripting
CWE‑88 C# cs/command-line-injection Uncontrolled command line
CWE‑88 C# cs/stored-command-line-injection Uncontrolled command line from stored user input
CWE‑89 C# cs/second-order-sql-injection SQL query built from stored user-controlled sources
CWE‑89 C# cs/sql-injection SQL query built from user-controlled sources
CWE‑90 C# cs/ldap-injection LDAP query built from user-controlled sources
CWE‑90 C# cs/stored-ldap-injection LDAP query built from stored user-controlled sources
CWE‑91 C# cs/xml-injection XML injection
CWE‑91 C# cs/xml/stored-xpath-injection Stored XPath injection
CWE‑91 C# cs/xml/xpath-injection XPath injection
CWE‑93 C# cs/web/disabled-header-checking Header checking disabled
CWE‑94 C# cs/code-injection Improper control of generation of code
CWE‑95 C# cs/code-injection Improper control of generation of code
CWE‑96 C# cs/code-injection Improper control of generation of code
CWE‑99 C# cs/path-injection Uncontrolled data used in path expression
CWE‑99 C# cs/resource-injection Resource injection
CWE‑99 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑112 C# cs/xml/missing-validation Missing XML validation
CWE‑113 C# cs/web/disabled-header-checking Header checking disabled
CWE‑114 C# cs/assembly-path-injection Assembly path injection
CWE‑116 C# cs/web/stored-xss Stored cross-site scripting
CWE‑116 C# cs/web/xss Cross-site scripting
CWE‑116 C# cs/log-forging Log entries created from user input
CWE‑116 C# cs/inappropriate-encoding Inappropriate encoding
CWE‑117 C# cs/log-forging Log entries created from user input
CWE‑118 C# cs/unvalidated-local-pointer-arithmetic Unvalidated local pointer arithmetic
CWE‑119 C# cs/unvalidated-local-pointer-arithmetic Unvalidated local pointer arithmetic
CWE‑120 C# cs/unvalidated-local-pointer-arithmetic Unvalidated local pointer arithmetic
CWE‑122 C# cs/unvalidated-local-pointer-arithmetic Unvalidated local pointer arithmetic
CWE‑134 C# cs/uncontrolled-format-string Uncontrolled format string
CWE‑190 C# cs/loss-of-precision Possible loss of precision
CWE‑193 C# cs/index-out-of-bounds Off-by-one comparison against container length
CWE‑197 C# cs/loss-of-precision Possible loss of precision
CWE‑200 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑200 C# cs/sensitive-data-transmission Information exposure through transmitted data
CWE‑200 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑200 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑200 C# cs/exposure-of-sensitive-information Exposure of private information
CWE‑200 C# cs/web/directory-browse-enabled ASP.NET config file enables directory browsing
CWE‑200 C# cs/web/persistent-cookie Cookie security: persistent cookie
CWE‑201 C# cs/sensitive-data-transmission Information exposure through transmitted data
CWE‑209 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑215 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑221 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑221 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑227 C# cs/inconsistent-equals-and-gethashcode Inconsistent Equals(object) and GetHashCode()
CWE‑227 C# cs/invalid-dynamic-call Bad dynamic call
CWE‑227 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑247 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑248 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑252 C# cs/unchecked-return-value Unchecked return value
CWE‑256 C# cs/password-in-configuration Password in configuration file
CWE‑258 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑259 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑259 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑260 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑260 C# cs/password-in-configuration Password in configuration file
CWE‑284 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑284 C# cs/password-in-configuration Password in configuration file
CWE‑284 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑284 C# cs/session-reuse Failure to abandon session
CWE‑284 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑284 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑284 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑284 C# cs/web/broad-cookie-domain Cookie security: overly broad domain
CWE‑284 C# cs/web/broad-cookie-path Cookie security: overly broad path
CWE‑285 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑287 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑287 C# cs/password-in-configuration Password in configuration file
CWE‑287 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑287 C# cs/session-reuse Failure to abandon session
CWE‑287 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑287 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑287 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑287 C# cs/web/broad-cookie-domain Cookie security: overly broad domain
CWE‑287 C# cs/web/broad-cookie-path Cookie security: overly broad path
CWE‑290 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑311 C# cs/password-in-configuration Password in configuration file
CWE‑311 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑311 C# cs/web/requiressl-not-set 'requireSSL' attribute is not set to true
CWE‑311 C# cs/web/cookie-secure-not-set 'Secure' attribute is not set to true
CWE‑312 C# cs/password-in-configuration Password in configuration file
CWE‑312 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑313 C# cs/password-in-configuration Password in configuration file
CWE‑315 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑319 C# cs/web/requiressl-not-set 'requireSSL' attribute is not set to true
CWE‑319 C# cs/web/cookie-secure-not-set 'Secure' attribute is not set to true
CWE‑321 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑321 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑321 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑326 C# cs/insufficient-key-size Weak encryption: Insufficient key size
CWE‑327 C# cs/adding-cert-to-root-store Do not add certificates to the system root store.
CWE‑327 C# cs/insecure-sql-connection Insecure SQL connection
CWE‑327 C# cs/ecb-encryption Encryption using ECB
CWE‑327 C# cs/inadequate-rsa-padding Weak encryption: inadequate RSA padding
CWE‑327 C# cs/weak-encryption Weak encryption
CWE‑330 C# cs/random-used-once Random used only once
CWE‑330 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑330 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑330 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑330 C# cs/insecure-randomness Insecure randomness
CWE‑335 C# cs/random-used-once Random used only once
CWE‑338 C# cs/insecure-randomness Insecure randomness
CWE‑344 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑344 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑344 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑345 C# cs/web/missing-token-validation Missing cross-site request forgery token validation
CWE‑350 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑352 C# cs/web/missing-token-validation Missing cross-site request forgery token validation
CWE‑359 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑359 C# cs/exposure-of-sensitive-information Exposure of private information
CWE‑362 C# cs/unsafe-sync-on-field Futile synchronization on field
CWE‑362 C# cs/unsynchronized-static-access Unsynchronized access to static collection member in non-static context
CWE‑362 C# cs/thread-unsafe-icryptotransform-field-in-class Thread-unsafe use of a static ICryptoTransform field
CWE‑362 C# cs/thread-unsafe-icryptotransform-captured-in-lambda Thread-unsafe capturing of an ICryptoTransform object
CWE‑366 C# cs/unsafe-sync-on-field Futile synchronization on field
CWE‑384 C# cs/session-reuse Failure to abandon session
CWE‑390 C# cs/empty-catch-block Poor error handling: empty catch block
CWE‑391 C# cs/empty-catch-block Poor error handling: empty catch block
CWE‑395 C# cs/catch-nullreferenceexception Poor error handling: catch of NullReferenceException
CWE‑396 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑398 C# cs/call-to-obsolete-method Call to obsolete method
CWE‑398 C# cs/todo-comment TODO comment
CWE‑398 C# cs/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑398 C# cs/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑398 C# cs/unused-reftype Dead reference types
CWE‑398 C# cs/useless-assignment-to-local Useless assignment to local variable
CWE‑398 C# cs/unused-field Unused field
CWE‑398 C# cs/unused-method Unused method
CWE‑398 C# cs/useless-cast-to-self Cast to same type
CWE‑398 C# cs/useless-is-before-as Useless 'is' before 'as'
CWE‑398 C# cs/coalesce-of-identical-expressions Useless ?? expression
CWE‑398 C# cs/useless-type-test Useless type test
CWE‑398 C# cs/useless-upcast Useless upcast
CWE‑398 C# cs/empty-collection Container contents are never initialized
CWE‑398 C# cs/unused-collection Container contents are never accessed
CWE‑398 C# cs/empty-lock-statement Empty lock statement
CWE‑398 C# cs/linq/useless-select Redundant Select
CWE‑400 C# cs/redos Denial of Service from comparison of user input against expensive regex
CWE‑400 C# cs/regex-injection Regular expression injection
CWE‑404 C# cs/dispose-not-called-on-throw Dispose may not be called if an exception is thrown during execution
CWE‑404 C# cs/member-not-disposed Missing Dispose call
CWE‑404 C# cs/missing-dispose-method Missing Dispose method
CWE‑404 C# cs/local-not-disposed Missing Dispose call on local IDisposable
CWE‑405 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑405 C# cs/insecure-xml-read XML is read insecurely
CWE‑409 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑409 C# cs/insecure-xml-read XML is read insecurely
CWE‑434 C# cs/web/file-upload Use of file upload
CWE‑441 C# cs/request-forgery Server-side request forgery
CWE‑451 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑457 C# cs/unassigned-field Field is never assigned a non-default value
CWE‑459 C# cs/dispose-not-called-on-throw Dispose may not be called if an exception is thrown during execution
CWE‑459 C# cs/member-not-disposed Missing Dispose call
CWE‑459 C# cs/missing-dispose-method Missing Dispose method
CWE‑459 C# cs/local-not-disposed Missing Dispose call on local IDisposable
CWE‑460 C# cs/dispose-not-called-on-throw Dispose may not be called if an exception is thrown during execution
CWE‑460 C# cs/local-not-disposed Missing Dispose call on local IDisposable
CWE‑471 C# cs/web/html-hidden-input Use of HTMLInputHidden
CWE‑472 C# cs/web/html-hidden-input Use of HTMLInputHidden
CWE‑476 C# cs/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑476 C# cs/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑477 C# cs/call-to-obsolete-method Call to obsolete method
CWE‑480 C# cs/non-short-circuit Potentially dangerous use of non-short-circuit logic
CWE‑485 C# cs/class-name-comparison Erroneous class compare
CWE‑485 C# cs/cast-from-abstract-to-concrete-collection Cast from abstract to concrete collection
CWE‑485 C# cs/expose-implementation Exposing internal representation
CWE‑485 C# cs/web/debug-code ASP.NET: leftover debug code
CWE‑486 C# cs/class-name-comparison Erroneous class compare
CWE‑489 C# cs/web/debug-code ASP.NET: leftover debug code
CWE‑497 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑502 C# cs/deserialized-delegate Deserialized delegate
CWE‑502 C# cs/unsafe-deserialization Unsafe deserializer
CWE‑502 C# cs/unsafe-deserialization-untrusted-input Deserialization of untrusted data
CWE‑521 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑522 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑522 C# cs/password-in-configuration Password in configuration file
CWE‑532 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑538 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑538 C# cs/web/directory-browse-enabled ASP.NET config file enables directory browsing
CWE‑538 C# cs/web/persistent-cookie Cookie security: persistent cookie
CWE‑539 C# cs/web/persistent-cookie Cookie security: persistent cookie
CWE‑546 C# cs/todo-comment TODO comment
CWE‑548 C# cs/web/directory-browse-enabled ASP.NET config file enables directory browsing
CWE‑552 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑552 C# cs/web/directory-browse-enabled ASP.NET config file enables directory browsing
CWE‑561 C# cs/unused-reftype Dead reference types
CWE‑561 C# cs/unused-field Unused field
CWE‑561 C# cs/unused-method Unused method
CWE‑561 C# cs/useless-cast-to-self Cast to same type
CWE‑561 C# cs/useless-is-before-as Useless 'is' before 'as'
CWE‑561 C# cs/coalesce-of-identical-expressions Useless ?? expression
CWE‑561 C# cs/useless-type-test Useless type test
CWE‑561 C# cs/useless-upcast Useless upcast
CWE‑561 C# cs/empty-collection Container contents are never initialized
CWE‑561 C# cs/unused-collection Container contents are never accessed
CWE‑561 C# cs/linq/useless-select Redundant Select
CWE‑563 C# cs/useless-assignment-to-local Useless assignment to local variable
CWE‑567 C# cs/unsynchronized-static-access Unsynchronized access to static collection member in non-static context
CWE‑573 C# cs/inconsistent-equals-and-gethashcode Inconsistent Equals(object) and GetHashCode()
CWE‑573 C# cs/invalid-dynamic-call Bad dynamic call
CWE‑581 C# cs/inconsistent-equals-and-gethashcode Inconsistent Equals(object) and GetHashCode()
CWE‑582 C# cs/static-array Array constant vulnerable to change
CWE‑585 C# cs/empty-lock-statement Empty lock statement
CWE‑592 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑595 C# cs/reference-equality-with-object Reference equality test on System.Object
CWE‑595 C# cs/reference-equality-on-valuetypes Call to ReferenceEquals(...) on value type expressions
CWE‑601 C# cs/web/unvalidated-url-redirection URL redirection from remote source
CWE‑609 C# cs/unsafe-double-checked-lock Double-checked lock is not thread-safe
CWE‑610 C# cs/path-injection Uncontrolled data used in path expression
CWE‑610 C# cs/web/unvalidated-url-redirection URL redirection from remote source
CWE‑610 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑610 C# cs/insecure-xml-read XML is read insecurely
CWE‑610 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑610 C# cs/request-forgery Server-side request forgery
CWE‑611 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑611 C# cs/insecure-xml-read XML is read insecurely
CWE‑614 C# cs/web/requiressl-not-set 'requireSSL' attribute is not set to true
CWE‑614 C# cs/web/cookie-secure-not-set 'Secure' attribute is not set to true
CWE‑628 C# cs/invalid-dynamic-call Bad dynamic call
CWE‑642 C# cs/web/html-hidden-input Use of HTMLInputHidden
CWE‑642 C# cs/path-injection Uncontrolled data used in path expression
CWE‑642 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑643 C# cs/xml/stored-xpath-injection Stored XPath injection
CWE‑643 C# cs/xml/xpath-injection XPath injection
CWE‑657 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑657 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑657 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑662 C# cs/unsafe-sync-on-field Futile synchronization on field
CWE‑662 C# cs/inconsistent-lock-sequence Inconsistent lock sequence
CWE‑662 C# cs/lock-this Locking the 'this' object in a lock statement
CWE‑662 C# cs/locked-wait A lock is held during a wait
CWE‑662 C# cs/unsynchronized-getter Inconsistently synchronized property
CWE‑662 C# cs/unsafe-double-checked-lock Double-checked lock is not thread-safe
CWE‑662 C# cs/unsynchronized-static-access Unsynchronized access to static collection member in non-static context
CWE‑664 C# cs/dispose-not-called-on-throw Dispose may not be called if an exception is thrown during execution
CWE‑664 C# cs/member-not-disposed Missing Dispose call
CWE‑664 C# cs/missing-dispose-method Missing Dispose method
CWE‑664 C# cs/local-not-disposed Missing Dispose call on local IDisposable
CWE‑664 C# cs/class-name-comparison Erroneous class compare
CWE‑664 C# cs/cast-from-abstract-to-concrete-collection Cast from abstract to concrete collection
CWE‑664 C# cs/expose-implementation Exposing internal representation
CWE‑664 C# cs/static-array Array constant vulnerable to change
CWE‑664 C# cs/web/debug-code ASP.NET: leftover debug code
CWE‑664 C# cs/web/html-hidden-input Use of HTMLInputHidden
CWE‑664 C# cs/unsafe-sync-on-field Futile synchronization on field
CWE‑664 C# cs/inconsistent-lock-sequence Inconsistent lock sequence
CWE‑664 C# cs/lock-this Locking the 'this' object in a lock statement
CWE‑664 C# cs/locked-wait A lock is held during a wait
CWE‑664 C# cs/unsynchronized-getter Inconsistently synchronized property
CWE‑664 C# cs/unsafe-double-checked-lock Double-checked lock is not thread-safe
CWE‑664 C# cs/unsynchronized-static-access Unsynchronized access to static collection member in non-static context
CWE‑664 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑664 C# cs/password-in-configuration Password in configuration file
CWE‑664 C# cs/unassigned-field Field is never assigned a non-default value
CWE‑664 C# cs/web/file-upload Use of file upload
CWE‑664 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑664 C# cs/loss-of-precision Possible loss of precision
CWE‑664 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑664 C# cs/path-injection Uncontrolled data used in path expression
CWE‑664 C# cs/zipslip Arbitrary file write during zip extraction ("Zip Slip")
CWE‑664 C# cs/code-injection Improper control of generation of code
CWE‑664 C# cs/sensitive-data-transmission Information exposure through transmitted data
CWE‑664 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑664 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑664 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑664 C# cs/exposure-of-sensitive-information Exposure of private information
CWE‑664 C# cs/session-reuse Failure to abandon session
CWE‑664 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑664 C# cs/deserialized-delegate Deserialized delegate
CWE‑664 C# cs/unsafe-deserialization Unsafe deserializer
CWE‑664 C# cs/unsafe-deserialization-untrusted-input Deserialization of untrusted data
CWE‑664 C# cs/web/directory-browse-enabled ASP.NET config file enables directory browsing
CWE‑664 C# cs/web/unvalidated-url-redirection URL redirection from remote source
CWE‑664 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑664 C# cs/insecure-xml-read XML is read insecurely
CWE‑664 C# cs/redos Denial of Service from comparison of user input against expensive regex
CWE‑664 C# cs/regex-injection Regular expression injection
CWE‑664 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑664 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑664 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑664 C# cs/web/broad-cookie-domain Cookie security: overly broad domain
CWE‑664 C# cs/web/broad-cookie-path Cookie security: overly broad path
CWE‑664 C# cs/web/persistent-cookie Cookie security: persistent cookie
CWE‑664 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑664 C# cs/request-forgery Server-side request forgery
CWE‑665 C# cs/unassigned-field Field is never assigned a non-default value
CWE‑667 C# cs/locked-wait A lock is held during a wait
CWE‑667 C# cs/unsafe-double-checked-lock Double-checked lock is not thread-safe
CWE‑668 C# cs/static-array Array constant vulnerable to change
CWE‑668 C# cs/web/html-hidden-input Use of HTMLInputHidden
CWE‑668 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑668 C# cs/password-in-configuration Password in configuration file
CWE‑668 C# cs/web/debug-binary Creating an ASP.NET debug binary may reveal sensitive information
CWE‑668 C# cs/path-injection Uncontrolled data used in path expression
CWE‑668 C# cs/zipslip Arbitrary file write during zip extraction ("Zip Slip")
CWE‑668 C# cs/sensitive-data-transmission Information exposure through transmitted data
CWE‑668 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑668 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑668 C# cs/exposure-of-sensitive-information Exposure of private information
CWE‑668 C# cs/web/directory-browse-enabled ASP.NET config file enables directory browsing
CWE‑668 C# cs/web/persistent-cookie Cookie security: persistent cookie
CWE‑668 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑669 C# cs/web/file-upload Use of file upload
CWE‑669 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑669 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑669 C# cs/insecure-xml-read XML is read insecurely
CWE‑670 C# cs/non-short-circuit Potentially dangerous use of non-short-circuit logic
CWE‑671 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑671 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑671 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑674 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑674 C# cs/insecure-xml-read XML is read insecurely
CWE‑681 C# cs/loss-of-precision Possible loss of precision
CWE‑682 C# cs/index-out-of-bounds Off-by-one comparison against container length
CWE‑682 C# cs/loss-of-precision Possible loss of precision
CWE‑684 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑691 C# cs/catch-nullreferenceexception Poor error handling: catch of NullReferenceException
CWE‑691 C# cs/constant-condition Constant condition
CWE‑691 C# cs/unsafe-sync-on-field Futile synchronization on field
CWE‑691 C# cs/inconsistent-lock-sequence Inconsistent lock sequence
CWE‑691 C# cs/lock-this Locking the 'this' object in a lock statement
CWE‑691 C# cs/locked-wait A lock is held during a wait
CWE‑691 C# cs/unsynchronized-getter Inconsistently synchronized property
CWE‑691 C# cs/unsafe-double-checked-lock Double-checked lock is not thread-safe
CWE‑691 C# cs/unsynchronized-static-access Unsynchronized access to static collection member in non-static context
CWE‑691 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑691 C# cs/non-short-circuit Potentially dangerous use of non-short-circuit logic
CWE‑691 C# cs/thread-unsafe-icryptotransform-field-in-class Thread-unsafe use of a static ICryptoTransform field
CWE‑691 C# cs/thread-unsafe-icryptotransform-captured-in-lambda Thread-unsafe capturing of an ICryptoTransform object
CWE‑691 C# cs/linq/inconsistent-enumeration Bad multiple iteration
CWE‑691 C# cs/code-injection Improper control of generation of code
CWE‑691 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑691 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑691 C# cs/insecure-xml-read XML is read insecurely
CWE‑693 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑693 C# cs/password-in-configuration Password in configuration file
CWE‑693 C# cs/count-untrusted-data-external-api Frequency counts for external APIs that are used with untrusted data
CWE‑693 C# cs/serialization-check-bypass Serialization check bypass
CWE‑693 C# cs/untrusted-data-to-external-api Untrusted data passed to external API
CWE‑693 C# cs/xml/missing-validation Missing XML validation
CWE‑693 C# cs/assembly-path-injection Assembly path injection
CWE‑693 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑693 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑693 C# cs/adding-cert-to-root-store Do not add certificates to the system root store.
CWE‑693 C# cs/insecure-sql-connection Insecure SQL connection
CWE‑693 C# cs/web/missing-token-validation Missing cross-site request forgery token validation
CWE‑693 C# cs/session-reuse Failure to abandon session
CWE‑693 C# cs/web/requiressl-not-set 'requireSSL' attribute is not set to true
CWE‑693 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑693 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑693 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑693 C# cs/web/broad-cookie-domain Cookie security: overly broad domain
CWE‑693 C# cs/web/broad-cookie-path Cookie security: overly broad path
CWE‑693 C# cs/ecb-encryption Encryption using ECB
CWE‑693 C# cs/inadequate-rsa-padding Weak encryption: inadequate RSA padding
CWE‑693 C# cs/insufficient-key-size Weak encryption: Insufficient key size
CWE‑693 C# cs/weak-encryption Weak encryption
CWE‑693 C# cs/web/cookie-secure-not-set 'Secure' attribute is not set to true
CWE‑697 C# cs/class-name-comparison Erroneous class compare
CWE‑697 C# cs/reference-equality-with-object Reference equality test on System.Object
CWE‑697 C# cs/reference-equality-on-valuetypes Call to ReferenceEquals(...) on value type expressions
CWE‑703 C# cs/dispose-not-called-on-throw Dispose may not be called if an exception is thrown during execution
CWE‑703 C# cs/local-not-disposed Missing Dispose call on local IDisposable
CWE‑703 C# cs/unchecked-return-value Unchecked return value
CWE‑703 C# cs/catch-nullreferenceexception Poor error handling: catch of NullReferenceException
CWE‑703 C# cs/empty-catch-block Poor error handling: empty catch block
CWE‑703 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑703 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑703 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑704 C# cs/loss-of-precision Possible loss of precision
CWE‑705 C# cs/catch-nullreferenceexception Poor error handling: catch of NullReferenceException
CWE‑705 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑705 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑706 C# cs/path-injection Uncontrolled data used in path expression
CWE‑706 C# cs/zipslip Arbitrary file write during zip extraction ("Zip Slip")
CWE‑706 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑706 C# cs/insecure-xml-read XML is read insecurely
CWE‑706 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑707 C# cs/path-injection Uncontrolled data used in path expression
CWE‑707 C# cs/command-line-injection Uncontrolled command line
CWE‑707 C# cs/stored-command-line-injection Uncontrolled command line from stored user input
CWE‑707 C# cs/web/stored-xss Stored cross-site scripting
CWE‑707 C# cs/web/xss Cross-site scripting
CWE‑707 C# cs/second-order-sql-injection SQL query built from stored user-controlled sources
CWE‑707 C# cs/sql-injection SQL query built from user-controlled sources
CWE‑707 C# cs/ldap-injection LDAP query built from user-controlled sources
CWE‑707 C# cs/stored-ldap-injection LDAP query built from stored user-controlled sources
CWE‑707 C# cs/xml-injection XML injection
CWE‑707 C# cs/code-injection Improper control of generation of code
CWE‑707 C# cs/resource-injection Resource injection
CWE‑707 C# cs/log-forging Log entries created from user input
CWE‑707 C# cs/uncontrolled-format-string Uncontrolled format string
CWE‑707 C# cs/xml/stored-xpath-injection Stored XPath injection
CWE‑707 C# cs/xml/xpath-injection XPath injection
CWE‑707 C# cs/inappropriate-encoding Inappropriate encoding
CWE‑707 C# cs/web/disabled-header-checking Header checking disabled
CWE‑707 C# cs/webclient-path-injection Uncontrolled data used in a WebClient
CWE‑710 C# cs/call-to-obsolete-method Call to obsolete method
CWE‑710 C# cs/inconsistent-equals-and-gethashcode Inconsistent Equals(object) and GetHashCode()
CWE‑710 C# cs/todo-comment TODO comment
CWE‑710 C# cs/dereferenced-value-is-always-null Dereferenced variable is always null
CWE‑710 C# cs/dereferenced-value-may-be-null Dereferenced variable may be null
CWE‑710 C# cs/unused-reftype Dead reference types
CWE‑710 C# cs/useless-assignment-to-local Useless assignment to local variable
CWE‑710 C# cs/unused-field Unused field
CWE‑710 C# cs/unused-method Unused method
CWE‑710 C# cs/captured-foreach-variable Capturing a foreach variable
CWE‑710 C# cs/useless-cast-to-self Cast to same type
CWE‑710 C# cs/useless-is-before-as Useless 'is' before 'as'
CWE‑710 C# cs/coalesce-of-identical-expressions Useless ?? expression
CWE‑710 C# cs/useless-type-test Useless type test
CWE‑710 C# cs/useless-upcast Useless upcast
CWE‑710 C# cs/empty-collection Container contents are never initialized
CWE‑710 C# cs/unused-collection Container contents are never accessed
CWE‑710 C# cs/invalid-dynamic-call Bad dynamic call
CWE‑710 C# cs/empty-lock-statement Empty lock statement
CWE‑710 C# cs/linq/useless-select Redundant Select
CWE‑710 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑710 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑710 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑710 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑754 C# cs/unchecked-return-value Unchecked return value
CWE‑755 C# cs/dispose-not-called-on-throw Dispose may not be called if an exception is thrown during execution
CWE‑755 C# cs/local-not-disposed Missing Dispose call on local IDisposable
CWE‑755 C# cs/catch-nullreferenceexception Poor error handling: catch of NullReferenceException
CWE‑755 C# cs/empty-catch-block Poor error handling: empty catch block
CWE‑755 C# cs/catch-of-all-exceptions Generic catch clause
CWE‑755 C# cs/information-exposure-through-exception Information exposure through an exception
CWE‑755 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑756 C# cs/web/missing-global-error-handler Missing global error handler
CWE‑758 C# cs/captured-foreach-variable Capturing a foreach variable
CWE‑776 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑776 C# cs/insecure-xml-read XML is read insecurely
CWE‑780 C# cs/inadequate-rsa-padding Weak encryption: inadequate RSA padding
CWE‑787 C# cs/unvalidated-local-pointer-arithmetic Unvalidated local pointer arithmetic
CWE‑788 C# cs/unvalidated-local-pointer-arithmetic Unvalidated local pointer arithmetic
CWE‑798 C# cs/hard-coded-symmetric-encryption-key Hard-coded symmetric encryption key
CWE‑798 C# cs/hardcoded-connection-string-credentials Hard-coded connection string with credentials
CWE‑798 C# cs/hardcoded-credentials Hard-coded credentials
CWE‑807 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑820 C# cs/unsynchronized-static-access Unsynchronized access to static collection member in non-static context
CWE‑827 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑827 C# cs/insecure-xml-read XML is read insecurely
CWE‑829 C# cs/web/missing-x-frame-options Missing X-Frame-Options HTTP header
CWE‑829 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑829 C# cs/insecure-xml-read XML is read insecurely
CWE‑833 C# cs/locked-wait A lock is held during a wait
CWE‑834 C# cs/constant-condition Constant condition
CWE‑834 C# cs/linq/inconsistent-enumeration Bad multiple iteration
CWE‑834 C# cs/xml/insecure-dtd-handling Untrusted XML is read insecurely
CWE‑834 C# cs/insecure-xml-read XML is read insecurely
CWE‑835 C# cs/constant-condition Constant condition
CWE‑838 C# cs/inappropriate-encoding Inappropriate encoding
CWE‑862 C# cs/empty-password-in-configuration Empty password in configuration file
CWE‑913 C# cs/code-injection Improper control of generation of code
CWE‑913 C# cs/deserialized-delegate Deserialized delegate
CWE‑913 C# cs/unsafe-deserialization Unsafe deserializer
CWE‑913 C# cs/unsafe-deserialization-untrusted-input Deserialization of untrusted data
CWE‑918 C# cs/request-forgery Server-side request forgery
CWE‑922 C# cs/password-in-configuration Password in configuration file
CWE‑922 C# cs/cleartext-storage-of-sensitive-information Clear text storage of sensitive information
CWE‑923 C# cs/user-controlled-bypass User-controlled bypass of sensitive method
CWE‑943 C# cs/second-order-sql-injection SQL query built from stored user-controlled sources
CWE‑943 C# cs/sql-injection SQL query built from user-controlled sources
CWE‑943 C# cs/ldap-injection LDAP query built from user-controlled sources
CWE‑943 C# cs/stored-ldap-injection LDAP query built from stored user-controlled sources
CWE‑943 C# cs/xml/stored-xpath-injection Stored XPath injection
CWE‑943 C# cs/xml/xpath-injection XPath injection
CWE‑1004 C# cs/web/cookie-httponly-not-set 'HttpOnly' attribute is not set to true
CWE‑1333 C# cs/redos Denial of Service from comparison of user input against expensive regex
  • © GitHub, Inc.
  • Terms
  • Privacy