Классификация предупреждений PVS-Studio согласно Common Weakness Enumeration (CWE)
Common Weakness Enumeration (CWE) - система классификации потенциальных и подтверждённых уязвимостей. Она поддерживается сообществом с целью выявления проблем программного обеспечения и создания автоматизированных инструментов, которые могут использоваться для выявления и устранения этих проблем.
CCR (Coverage Claims Representation) для PVS-Studio доступно здесь.
C/C++ диагностики
Error Code |
Error Description |
Mapping |
---|---|---|
Identical sub-expressions to the left and to the right of 'foo' operator. |
||
The '?:' operator may not work as expected. The '?:' operator has a lower priority than the 'foo' operator. |
||
Nonsensical comparison: pointer < 0. |
||
Semicolon ';' is probably missing after the 'return' keyword. |
||
The 'alloca' function is used inside the loop. This can quickly overflow stack. |
||
Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid. |
||
Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid. |
||
The 'new type(n)' pattern was detected. Probably meant: 'new type[n]'. |
||
Exceptions raised inside noexcept functions must be wrapped in a try..catch block. |
||
The 'Foo' function receives class-type variable as Nth actual argument. This is unexpected behavior. |
||
The sizeof() operator returns pointer size instead of array size. |
||
Call of the 'Foo' function will lead to buffer overflow. |
CWE-119, CWE-125, CWE-193, CWE-467, CWE-682, CWE-787, CWE-806 |
|
Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions. |
||
Potential logical error. Size of a pointer is divided by another value. |
||
The 'delete' operator is applied to non-pointer. |
||
Non-null function pointer is compared to null. Consider inspecting the expression. |
||
Potential logical error. The 'if (A) {...} else if (A) {...}' pattern was detected. |
||
The 'malloc' function allocates suspicious amount of memory calculated by 'strlen(expr)'. Perhaps the correct expression is strlen(expr) + 1. |
||
The 'x' variable is assigned values twice successively. Perhaps this is a mistake. |
||
Comma operator ',' in array index expression. |
||
Expressions that use comma operator ',' are dangerous. Make sure the expression is correct. |
||
Possible null pointer dereference. |
||
The 'then' statement is equivalent to the 'else' statement. |
||
Code contains collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ... |
||
The 'strcmp' function returns 0 if corresponding strings are equal. Consider inspecting the condition for mistakes. |
||
The 'zero' value is assigned to pointer. Probably meant: *ptr = zero. |
||
Pointer is compared with 'zero' value. Probably meant: *ptr != zero. |
||
Suspicious semicolon ';' after 'if/for/while' operator. |
||
Return value of 'Foo' function is required to be used. |
||
The sizeof() operator is multiplied by sizeof(). Consider inspecting the expression. |
||
Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'. |
||
It is possible that a wrong variable is incremented inside the 'for' operator. Consider inspecting 'X'. |
||
It is possible that a wrong variable is compared inside the 'for' operator. Consider inspecting 'X'. |
||
The 'X' variable is used for this loop and outer loops. |
||
Constant value is represented by an octal form. |
||
Potential incorrect use of item 'X'. Consider inspecting the expression. |
||
Iterators are passed as arguments to 'Foo' function. Consider inspecting the expression. |
||
Member 'x' should point to string terminated by two 0 characters. |
||
String is printed into itself. Consider inspecting the expression. |
||
Suspicious type cast: 'Type1' to ' Type2'. Consider inspecting the expression. |
||
It is suspicious that value 'X' is assigned to the variable 'Y' of HRESULT type. |
||
It is suspicious that the value 'X' of HRESULT type is compared with 'Y'. |
||
Conditional expression of 'if' statement is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead. |
||
The 'Foo(Foo)' class member is initialized with itself. |
||
Expression is always true/false. |
||
TYPE X[][] is not equivalent to TYPE **X. Consider inspecting type casting. |
||
The 'first' argument of 'Foo' function is equal to the 'second' argument. |
||
Suspicious precise comparison. Consider using a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon. |
||
Unreachable code under a 'case' label. |
||
A bool type variable is incremented. Perhaps another variable should be incremented instead. |
||
Incorrect use of smart pointer. |
||
Expression of the 'A - B > 0' kind will work as 'A != B'. |
||
Values of different enum types are compared. |
||
Possible array overrun. |
||
Function returns pointer/reference to temporary local object. |
||
Suspicious assignment inside the conditional expression of 'if/while/for' statement. |
||
Part of conditional expression is always true/false. |
||
Consider assigning value to 'foo' variable instead of declaring it anew. |
||
Bool type value is compared with value of N. Consider inspecting the expression. |
||
An 'else' branch may apply to the previous 'if' statement. |
||
The '&' or '|' operator is applied to bool type value. Check for missing parentheses or use the '&&' or '||' operator. |
||
Empty exception handler. Silent suppression of exceptions can hide errors in source code during testing. |
||
Integer constant is converted to pointer. Check for an error or bad coding style. |
||
Modification of variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. |
||
It is suspicious that the argument of sizeof() operator is the expression. |
||
Truncation of constant value. |
||
Variable is assigned to itself. |
||
Recurring check. This condition was already verified in previous line. |
||
Object created using 'new' operator is immediately cast to another type. Consider inspecting the expression. |
||
Use of uninitialized variable 'Foo'. The variable was used to initialize itself. |
||
Pointer is used both as an array and as a pointer to single object. |
||
Function receives suspicious argument. |
||
Incorrect format. Consider checking the Nth actual argument of the 'Foo' function. |
||
Label is present inside switch(). Check for typos and consider using the 'default:' operator instead. |
||
Suspicious bitwise operation was detected. Consider inspecting it. |
||
The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument. |
||
Suspicious explicit type casting. Consider inspecting the expression. |
||
Conditional expressions of 'if' statements located next to each other are identical. |
||
Consider reviewing the source code that uses the container. |
||
The '?:' operator, regardless of its conditional expression, always returns the same value. |
||
Same value is present on both sides of the operator. The expression is incorrect or can be simplified. |
||
Attempt to release memory that stores the 'Foo' local variable. |
||
The 'Foo' function is called twice to deallocate the same resource. |
||
Expression of the 'A =+ B' kind is used. Possibly meant: 'A += B'. Consider inspecting the expression. |
||
Expression of the 'A =- B' kind is used. Possibly meant: 'A -= B'. Consider inspecting the expression. |
||
Possible excessive expression or typo. Consider inspecting the expression. |
||
Non-void function must return value. |
||
Expression 'A = B == C' is calculated as 'A = (B == C)'. Consider inspecting the expression. |
||
Pointer to array is out of array bounds. |
||
Pointer was used before its check for nullptr. Check lines: N1, N2. |
||
Object was created but is not used. Check for missing 'throw' keyword. |
||
Compiler may delete 'memset' function call that is used to clear 'Foo' buffer. Use the RtlSecureZeroMemory() function to erase private data. |
||
Memory manipulation function is used to work with a class object containing a virtual table pointer. The result of such an operation may be unexpected. |
||
The virtual destructor is not present, although the 'Foo' class contains virtual functions. |
||
The 'Foo' pointer is always not equal to NULL. Consider inspecting the condition. |
||
Suspicious implicit type casting. |
||
The '<' operator should probably be replaced with '<<'. Consider inspecting this expression. |
||
Object was created but not used. If you wish to call constructor, use 'this->Foo::Foo(....)'. |
||
Number of iterations in loop equals size of a pointer. Consider inspecting the expression. |
||
Unsigned value is compared to the NN number. Consider inspecting the expression. |
||
Ownerless expression 'Foo'. |
||
Recurring sequence of explicit type casts. |
||
Possible division or mod by zero. |
||
Undefined behavior. Check the shift operator. |
||
Memory allocation and deallocation methods are incompatible. |
||
Unconditional 'break/continue/return/goto' within a loop. |
||
Suspicious pointer arithmetic with 'malloc/new'. |
||
Use of 'Foo' uninitialized variable. |
||
Suspicious explicit conversion from 'float *' type to 'double *' type. |
||
Use of 'Foo' named constant with 0 value in bitwise operation. |
||
Argument of the '|' bitwise operation always contains non-zero value. Consider inspecting the condition. |
||
Dangerous call of 'Foo' function. The passed line may contain format specification. Example of safe code: printf("%s", str); |
||
Array is used as pointer to single object. |
||
Expression of sizeof(T)*N kind is summed up with pointer to T type. Consider inspecting the expression. |
||
Loop may execute incorrectly or may not execute at all. Consider inspecting the 'for' operator. |
||
First 'case' operator may be missing. Consider inspecting the 'switch' statement. |
||
Temporary object is created and then destroyed. Consider inspecting the '?:' operator. |
||
Use of constant NN. The resulting value may be inaccurate. Consider using the M_NN constant from <math.h>. |
||
Initial and final values of the iterator are the same. Consider inspecting the 'for' operator. |
||
It's possible that ',' should be replaced by ';'. Consider checking for typos. |
||
Argument of sizeof() is a macro, which expands to a number. Consider inspecting the expression. |
||
It is possible that a line was commented out improperly, thus altering the program's operation logic. |
||
Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. Consider inspecting the expression. |
||
The 'malloc' function is used to allocate memory for an array of objects that are classes containing constructors/destructors. |
||
Defining absolute path to file or directory is considered a poor coding style. Consider inspecting the 'Foo' function call. |
||
Argument is of the 'T' type. Consider inspecting the NN argument of the 'Foo' function. |
||
The '!=' operator should probably be used here. Consider inspecting the expression. |
||
Priority of '+' operation is higher than priority of '<<' operation. Consider using parentheses in the expression. |
||
Length should be probably multiplied by sizeof(wchar_t). Consider inspecting the expression. |
||
Expression was implicitly cast from integer type to real type. Consider using an explicit type cast to avoid overflow or loss of a fractional part. |
||
Use of two opposite conditions. The second condition is always false. |
||
Terminal null is present inside a string. Use of '\0xNN' characters. Probably meant: '\xNN'. |
||
One of closing ')' parentheses is probably positioned incorrectly. Consider inspecting the expression for function call. |
||
Code's operational logic does not correspond with its formatting. |
||
Buffer size is not a multiple of element size. |
||
Function result is saved inside the 'byte' type variable. Significant bits may be lost. This may break the program's logic. |
||
Suspicious pointer arithmetic. Value of 'char' type is added to a string pointer. |
||
Suspicious function declaration. Consider creating a 'T' type object. |
||
Function call may lead to buffer overflow. Bounds should not contain size of a buffer, but a number of characters it can hold. |
||
The 'else' keyword may be missing. Consider inspecting the program's logic. |
||
Value of 'A' type is assigned to a pointer of 'B' type. |
||
Priority of '&&' operation is higher than priority of '||' operation. |
||
Two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless. |
||
Type casting is used 2 times in a row. The '+' operation is executed. Probably meant: (T1)((T2)a + b). |
||
Suspicious operation of 'sizeof(X)/sizeof(T)' kind, where 'X' is of the 'class' type. |
||
Operation is executed 3 or more times in a row. |
||
Suspicious string consisting of two parts is used for initialization. Comma may be missing. |
||
Condition of a loop is always true/false. |
||
Strings were concatenated but not used. Consider inspecting the expression. |
||
Variables are initialized through the call to the same function. It's probably an error or un-optimized code. |
||
Function always returns the same value of NN. Consider inspecting the function. |
||
Value is subtracted from unsigned variable. It can result in an overflow. In such a case, the comparison operation may behave unexpectedly. |
||
Program contains an unused label and function call: 'CC:AA()'. Probably meant: 'CC::AA()'. |
||
Different containers are used to set up initial and final values of iterator. Consider inspecting the loop expression. |
||
Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the 'cin.fail()' function call to the conditional expression. |
||
Pointer is dereferenced on the initialization list before its check for null inside the body of a constructor function. |
||
Value may not correspond with the length of a string passed with YY argument. Consider inspecting the NNth argument of the 'Foo' function. |
||
The 'throw' operator does not have any arguments and is not located within the 'catch' block. |
||
Possible meaningless check for null, as memory was allocated using 'new' operator. Memory allocation will lead to an exception. |
||
Uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class. |
||
The 'swap' function may interchange a variable with itself. |
||
More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. |
||
Expression contains a suspicious mix of integer and real types. |
||
Incorrect comparison of BOOL type variable with TRUE. |
||
Object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function. |
||
The 'X' variable was not initialized. This variable is passed by reference to the 'Foo' function in which its value will be used. |
||
The 'delete A, B' expression only destroys the 'A' object. Then the ',' operator returns a resulting value from the right side of the expression. |
||
The language standard does not define order in which 'Foo' functions are called during evaluation of arguments. |
||
The 'i' variable should probably be incremented instead of the 'n' variable. Consider inspecting the loop expression. |
||
Value of variable is not modified. It is possible that '1' should be present instead of '0'. Consider inspecting the expression. |
||
The expression contains a comma. Consider inspecting the return statement. |
||
Pattern A || (A && ...) was detected. The expression is excessive or contains a logical error. |
||
Size of array calculated by sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]). |
||
Destructor of 'Foo' class is not declared as virtual. A smart pointer may not destroy an object correctly. |
||
Inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, use a string ending with a null terminator in the first place. |
||
It is possible that 'i < X.size()' should be used instead of 'X.size()'. Consider inspecting conditional expression of the loop. |
||
The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant. |
||
Range intersections are possible within conditional expressions. |
||
The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. |
||
Number of elements in the allocated array equals the size of a pointer in bytes. |
||
Functions of strcmp() kind can return any values, not only -1, 0, or 1. |
||
It is possible that 'foo = bar == baz ? .... : ....' should be used here instead of 'foo = bar = baz ? .... : ....'. Consider inspecting the expression. |
||
It is suspicious that variable is initialized through itself. Consider inspecting the 'T foo = foo = x;' expression. |
||
Possible realloc() leak: when realloc() fails to allocate memory, original pointer is lost. Consider assigning realloc() to a temporary pointer. |
||
Classes should always be derived from std::exception (and alike) as 'public'. |
||
The expression is always false on newer compilers. Avoid using 'this == 0' comparison. |
||
It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. |
||
Suspicious division: sizeof(X) / Value. Size of every element in X array is not equal to divisor. |
||
Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior. |
||
Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'. |
||
Compiler may optimize out this loop or make it infinite. Use volatile variable(s) or synchronization primitives to avoid this. |
||
Pointer was used in the logical expression before its check for nullptr in the same logical expression. |
||
Variable is not passed into foreach loop by reference, but its value is changed inside of the loop. |
||
The 'while' operator has empty body. This pattern is suspicious. |
||
Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT). |
||
It is suspicious to cast object of base class V to derived class U. |
||
The 'SuspendThread' function is usually used when developing a debugger. See documentation for details. |
||
The VARIANT_BOOL type is used incorrectly. The true value (VARIANT_TRUE) is defined as -1. |
||
Abnormality within similar comparisons. It is possible that a typo is present inside the expression. |
||
Function returns a pointer to the internal string buffer of a local object, which will be destroyed. |
||
Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'. |
||
Dangerous cast of 'this' to 'void*' type in the 'Base' class, as it is followed by a subsequent cast to 'Class' type. |
||
Attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function. |
||
Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'. |
||
Excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'x' and '!x'. |
||
Not all members of a class are initialized inside the constructor. |
||
The variable of char type is compared with pointer to string. |
||
Unary minus operator does not modify a bool type value. |
||
It is possible that macro expansion resulted in incorrect evaluation order. |
||
The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array. |
||
It is possible that ',' comma is missing at the end of the string. |
||
Temporary anonymous object is used. |
||
EOF should not be compared with a value of the 'char' type. Consider using the 'int' type. |
||
Use of the throw (a, b); pattern. It is possible that type name was omitted: throw MyException(a, b);. |
||
Function receives an address of a 'char' type variable instead of pointer to a buffer. |
||
The memory areas must not overlap. Use 'memmove' function. |
||
Temporary object is immediately destroyed after being created. Consider naming the object. |
||
A 'wchar_t *' type string is incorrectly converted to 'BSTR' type string. |
||
Suspicious expression inside parentheses. A function name may be missing. |
||
Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function. |
||
Destructor of the object will be invoked a second time after leaving the object's scope. |
||
Creating an object with placement new requires a buffer of large size. |
||
The '&=' operation always sets a value of 'Foo' variable to zero. |
||
Copying from potentially tainted data source. Buffer overflow is possible. |
||
It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'. |
||
Reference was invalidated because of destruction of the temporary object returned by the function. |
||
Violated order of exception handlers. Exception caught by handler for base class. |
||
Consider inspecting virtual function arguments. See NN argument of function 'Foo' in derived class and base class. |
||
Possible incorrect order of arguments passed to function. |
||
Compound assignment expression 'X += X + N' is suspicious. Consider inspecting it for a possible error. |
||
An item with the same key has already been added. |
||
Variable is of enum type. It is suspicious that it is used as a variable of a Boolean-type. |
||
The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used. |
||
Possible use of left shift operator instead of comparison operator. |
||
Calling the 'delete' operator for a void pointer will cause undefined behavior. |
||
Function exited without releasing the pointer/handle. A memory/resource leak is possible. |
||
Pointer was used after the memory was released. |
||
It is suspicious that the BSTR data type is compared using a relational operator. |
||
Potentially infinite loop. The variable in the loop exit condition does not change its value between iterations. |
||
Dangerous widening type conversion from an array of derived-class objects to a base-class pointer. |
||
Two similar code fragments. Perhaps, it is a typo and 'X' variable should be used instead of 'Y'. |
||
Unreachable code was detected. It is possible that an error is present. |
||
Value of a variable is checked after it is used. Possible error in program's logic. Check lines: N1, N2. |
||
It is pointless to compute the distance between the elements of different arrays. |
||
Possible dereference of invalid iterator 'X'. |
||
The size of the bit mask is less than the size of the first operand. This will cause the loss of the higher bits. |
||
Constant expression in switch statement. |
||
Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B]. |
||
Review captured variable in lambda expression. |
||
Iterators for the container, used in the range-based for loop, become invalid upon a function call. |
||
The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. |
||
The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead. |
||
It is suspicious that the result of the statement is a part of the condition. Perhaps, this statement should have been compared with something else. |
||
The assignment operator should be protected from the case of 'this == &src'. |
||
A 'break' statement is probably missing in a 'switch' statement. |
||
The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos. |
||
The size of the dynamic array can be less than the number of elements in the initializer. |
||
Variable is assigned but not used by the end of the function. |
||
Class that contains pointers, constructor and destructor is copied by the automatically generated operator= or copy constructor. |
||
Pointer was used unsafely after its check for nullptr. |
||
The resource was acquired using 'X' function but was released using incompatible 'Y' function. |
||
Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur. |
||
Value from the uninitialized optional is used. It may be an error. |
||
No more than one iteration of the loop will be performed. Consider inspecting the 'for' operator. |
||
Check the array initialization. Only the first element is initialized explicitly. |
||
Unchecked tainted data is used in expression. |
||
Function execution could be deferred. Consider specifying execution policy explicitly. |
||
The expression is always false. Overflow check is incorrect. |
||
Suspicious subexpression in a sequence of similar comparisons. |
||
Structures with members of real type are compared byte-wise. |
||
Suspicious simultaneous use of bitwise and logical operators. |
||
The value is out of range of enum values. This causes unspecified or undefined behavior. |
||
Variable of the 'string_view' type references a temporary object, which will be removed after evaluation of an expression. |
||
Usage of a suspicious mutex wrapper. It is probably unused, uninitialized, or already locked. |
||
Compound assignment expression is used inside condition. |
||
Function exited without performing epilogue actions. It is possible that there is an error. |
||
The variable is assigned the same value on several loop iterations. |
||
Exception was thrown by pointer. Consider throwing it by value instead. |
||
A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception. |
||
Potential use of invalid data. The stream is checked for EOF before reading from it but is not checked after reading. |
||
New variable with default value is created instead of 'std::unique_lock' that locks on the mutex. |
||
The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. |
||
Pointer to an object of the class is cast to unrelated class. |
||
Possible overflow. Consider casting operands, not the result. |
||
Numeric Truncation Error. Return value of function is written to N-bit variable. |
||
Pointer is cast to a more strictly aligned pointer type. |
||
Do not use real-type variables as loop counters. |
||
Potentially unsafe double-checked locking. |
||
Two or more case-branches perform the same actions. |
||
It is suspicious that a char or string literal is added to a pointer. |
||
Class member is initialized with dangling reference. |
||
This file is marked with copyleft license, which requires you to open the derived source code. |
||
Loop break conditions do not depend on the number of iterations. |
||
The DllMain function throws an exception. Consider wrapping the throw operator in a try..catch block. |
||
Unsafe usage of the 'bool' and integer types together in the operation '&='. |
||
Lifetime of the lambda is greater than lifetime of the local variable captured by reference. |
||
Variable 'foo' was assigned the same value. |
||
Uninitialized class member is used when initializing the base class. |
||
It is possible that an assigned variable should be checked in the next condition. Consider checking for typos. |
||
The 'sizeof' expression returns the size of the container type, not the number of elements. Consider using the 'size()' function. |
||
Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time. |
||
Nonsensical comparison of two different functions' addresses. |
||
Class defines a custom new or delete operator. The opposite operator must also be defined. |
||
The modulo by 1 operation is meaningless. The result will always be zero. |
||
The left operand of integer division is less than the right one. The result will always be zero. |
||
Expression can be simplified: check similar operands. |
||
The 'SysFreeString' function should be called only for objects of the 'BSTR' type. |
||
Throwing from exception constructor may lead to unexpected behavior. |
||
Signed value is converted to an unsigned one with subsequent expansion to a larger type in ternary operator. |
||
Buffer needs to be securely cleared on all execution paths. |
||
Check the following code block after the 'if' statement. Consider checking for typos. |
||
Code contains invisible characters that may alter its logic. Consider enabling the display of invisible characters in the code editor. |
||
Constructor contains potentially uninitialized members. |
||
Call of 'std::is_constant_evaluated' function always returns the same value. |
||
Argument of abs() function is minimal negative value. Such absolute value can't be represented in two's complement. This leads to undefined behavior. |
||
Signed integer overflow in arithmetic expression. This leads to undefined behavior. |
||
The expression is always true/false. The value is out of range of enum values. |
||
Negative value is implicitly converted to unsigned integer type in arithmetic expression. |
||
Call of the 'Foo' function will lead to buffer underflow. |
||
Upper bound of case range is less than its lower bound. This case may be unreachable. |
||
No objects are passed to the 'std::scoped_lock' constructor. No locking will be performed. This can cause concurrency issues. |
||
Waiting on condition variable without predicate. A thread can wait indefinitely or experience a spurious wake-up. |
||
The 'std::uncaught_exception' function is deprecated since C++17 and is removed in C++20. Consider replacing this function with 'std::uncaught_exceptions'. |
||
The pointer is cast to an integer type of a larger size. Casting pointer to a type of a larger size is an implementation-defined behavior. |
||
Usage of potentially invalid handle. The value should be non-negative. |
||
The 'emplace' / 'insert' function call contains potentially dangerous move operation. Moved object can be destroyed even if there is no insertion. |
||
Using the function of uninitialized derived class while initializing the base class will lead to undefined behavior. |
||
Unreal Engine. Declaring a pointer to a type derived from 'UObject' in a class that is not derived from 'UObject' is dangerous. The pointer may start pointing to an invalid object after garbage collection. |
||
Changing the default argument of a virtual function parameter in a derived class may result in unexpected behavior. |
||
The values of padding bytes are unspecified. Comparing objects with padding using 'memcmp' may lead to unexpected result. |
||
Priority of the 'M' operator is higher than that of the 'N' operator. Possible missing parentheses. |
||
Qt. Class inherited from 'QObject' should contain at least one constructor that takes a pointer to 'QObject'. |
||
Function is deprecated. Consider switching to an equivalent newer function. |
||
Constructor of a class inherited from 'QObject' does not use a pointer to a parent object. |
||
The index was used without check after it was checked in previous lines. |
||
Comparing expressions with different signedness can lead to unexpected results. |
||
Suspicious use of 'dynamic_cast' when working with COM interfaces. Consider using the 'QueryInterface' member function. |
||
Consider using the extended version of the 'foo' function here. |
||
Consider using the 'Ptr' version of the 'foo' function here. |
||
Explicit conversion from 'float/double' type to signed integer type. |
||
Explicit conversion from 'float/double' type to unsigned integer type. |
||
This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake. |
||
Cyclomatic complexity: NN. Consider refactoring the 'Foo' function. |
||
Consider inspecting the correctness of handling the N argument in the 'Foo' function. |
||
Consider inspecting the function call. The function was annotated as dangerous. |
||
Using assertions may cause the abnormal program termination in undesirable contexts. |
||
MISRA. The function with the 'abort/exit/getenv/system' name should not be used. |
||
MISRA. The function with the 'qsort/bsearch' name should not be used. |
||
MISRA. Memory allocation and deallocation functions should not be used. |
||
MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used. |
||
MISRA. Unbounded functions performing string operations should not be used. |
||
MISRA. The standard signal handling functions should not be used. |
||
MISRA. The standard input/output functions should not be used. |
||
OWASP. It is highly probable that the semicolon ';' is missing after 'return' keyword. |
||
OWASP. An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing. |
||
OWASP. The object was created but it is not being used. The 'throw' keyword could be missing. |
||
OWASP. Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. |
||
OWASP. A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly. |
||
OWASP. More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. |
||
OWASP. Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable. |
||
OWASP. Classes should always be derived from std::exception (and alike) as 'public'. |
||
OWASP. Unchecked tainted data is used in expression. |
||
OWASP. The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. |
||
OWASP. Possible overflow. Consider casting operands, not the result. |
||
OWASP. Potentially unsafe double-checked locking. |
||
OWASP. Storing credentials inside source code can lead to security issues. |
C# диагностики
Error Code |
Error Description |
Mapping |
---|---|---|
There are identical sub-expressions to the left and to the right of the 'foo' operator. |
||
The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. |
||
The 'then' statement is equivalent to the 'else' statement. |
||
The object was created but it is not being used. The 'throw' keyword could be missing. |
||
Odd semicolon ';' after 'if/for/while' operator. |
||
The 'x' variable is assigned values twice successively. Perhaps this is a mistake. |
||
It's odd that this method always returns one and the same value of NN. |
||
The return value of function 'Foo' is required to be utilized. |
||
Two opposite conditions were encountered. The second condition is always false. |
||
The '?:' operator, regardless of its conditional expression, always returns one and the same value. |
||
It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'. |
||
It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'. |
||
The variable 'X' is being used for this loop and for the outer loop. |
||
Consider inspecting the application's logic. It's possible that 'else' keyword is missing. |
||
It is possible that an incorrect variable is compared with null after type conversion using 'as' keyword. |
||
An unconditional 'break/continue/return/goto' within a loop. |
||
There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. |
||
Expression is always true/false. |
||
Consider inspecting this expression. The expression is excessive or contains a misprint. |
||
An odd precise comparison. Consider using a comparison with defined precision: Math.Abs(A - B) < Epsilon or Math.Abs(A - B) > Epsilon. |
||
Incorrect format. Consider checking the N format items of the 'Foo' function. |
||
The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant. |
||
The variable was utilized in the logical expression before it was verified against null in the same logical expression. |
||
Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. |
||
Recurring check. This condition was already verified in previous line. |
||
Waiting on this expression is unreliable, as compiler may optimize some of the variables. Use volatile variable(s) or synchronization primitives to avoid this. |
||
It is possible that this 'else' branch must apply to the previous 'if' statement. |
||
Consider inspecting the expression. Probably the '!=' should be used here. |
||
Consider inspecting the expression. Probably the '+=' should be used here. |
||
Consider inspecting the expression. Probably the '-=' should be used here. |
||
The argument was passed to method several times. It is possible that another argument should be passed instead. |
||
Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style. |
||
The expression contains a suspicious mix of integer and real types. |
||
The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. |
||
Possible NullReferenceException. The '?.' and '.' operators are used for accessing members of the same object. |
||
The code's operational logic does not correspond with its formatting. |
||
An excessive type cast or check. The object is already of the same type. |
||
The original exception object was swallowed. Stack of original exception could be lost. |
||
Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this. |
||
Suspicious assignment inside the condition expression of 'if/while/for' operator. |
||
Consider reviewing the correctness of 'X' item's usage. |
||
Function receives an odd argument. |
||
An item with the same key has already been added. |
||
A value of variable is not modified. Consider inspecting the expression. It is possible that other value should be present instead of '0'. |
||
A part of conditional expression is always true/false if it is evaluated. |
||
Division or mod division by zero. |
||
Possible incorrect order of arguments passed to method. |
||
It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. |
||
It's possible that the line was commented out improperly, thus altering the program's operation logics. |
||
Uninitialized variables are used when initializing the 'A' variable. |
||
Comparison with 'double.NaN' is meaningless. Use 'double.IsNaN()' method instead. |
||
The 'ThreadStatic' attribute is applied to a non-static 'A' field and will be ignored. |
||
Possible null dereference. |
||
The 'Thread' object is created but is not started. It is possible that a call to 'Start' method is missing. |
||
Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it. |
||
Initializer of a field marked by [ThreadStatic] attribute will be called once on the first accessing thread. The field will have default value on different threads. |
||
Unsafe locking on an object. |
||
Range intersections are possible within conditional expressions. |
||
The operator evaluates both operands. Perhaps a short-circuit operator should be used instead. |
||
The object was used before it was verified against null. Check lines: N1, N2. |
||
The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false. |
||
Not all the members of type are serialized inside 'GetObjectData' method. |
||
NullReferenceException is possible. Unhandled exceptions in destructor lead to termination of runtime. |
||
The 'a' variable was used after it was assigned through null-conditional operator. NullReferenceException is possible. |
||
Possibly index is out of bound. |
||
It is not recommended to return null or throw exceptions from 'ToString()' method. |
||
Possible infinite recursion. |
||
An abnormality within similar comparisons. It is possible that a typo is present inside the expression. |
||
Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator. |
||
IDisposable object is not disposed before method returns. |
||
It is not recommended to throw exceptions from 'Equals(object obj)' method. |
||
Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all. |
||
Potentially infinite loop. The variable from the loop exit condition does not change its value between iterations. |
||
Uppercase (lowercase) string is compared with a different lowercase (uppercase) string. |
||
Perhaps the '??' operator works in a different way than it was expected. Its priority is lower than priority of other operators in its left part. |
||
The object was used after it was verified against null. Check lines: N1, N2. |
||
Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. |
||
The field (property) is used before it is initialized in constructor. |
||
The expression is checked for compatibility with the type 'A', but is casted to the 'B' type. |
||
A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'. |
||
Postfix increment/decrement is senseless because this variable is overwritten. |
||
Shift by N bits is greater than the size of type. |
||
The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. |
||
Constant expression in switch statement. |
||
The variable is assigned but is not used by the end of the function. |
||
Unreachable code detected. It is possible that an error is present. |
||
Unsafe dereference of a WeakReference target. The object could have been garbage collected before the 'Target' property was accessed. |
||
Possible null dereference. A method can return default null value. |
||
Non-atomic modification of volatile variable. |
||
Casting potential 'null' value to a value type can lead to NullReferenceException. |
||
Dereferencing the result of 'as' operator can lead to NullReferenceException. |
||
Potential division by zero. Variable was used as a divisor before it was compared to zero. Check lines: N1, N2. |
||
Potential division by zero. Variable was compared to zero before it was used as a divisor. Check lines: N1, N2. |
||
Dereferencing the result of null-conditional access operator can lead to NullReferenceException. |
||
The 'a % b' expression always evaluates to 0. |
||
The expression is incorrect or it can be simplified. |
||
The argument of the method is not expected to be null. |
||
Suspicious division. Absolute value of the left operand is less than the right operand. |
||
Suspicious division. Absolute values of both operands are equal. |
||
Modified value of the operand is not used after the increment/decrement operation. |
||
Argument of incorrect type is passed to the 'Enum.HasFlag' method. |
||
Comparing value type variables with 'ReferenceEquals' is incorrect because compared values will be boxed. |
||
An exception handling block does not contain any code. |
||
Exception classes should be publicly accessible. |
||
The expression of the 'char' type is passed as an argument of the 'A' type whereas similar overload with the string parameter exists. |
||
Calling the 'SingleOrDefault' method may lead to 'InvalidOperationException'. |
||
Parameter of 'CancellationToken' type is not used inside function's body. |
||
Awaiting on expression with potential null value can lead to throwing of 'NullReferenceException'. |
||
Both operands of the '??' operator are identical. |
||
Potentially negative value is used as the size of an array. |
||
The 'if/if-else/for/while/foreach' statement and code block after it are not related. Inspect the program's logic. |
||
Suspicious subexpression in a sequence of similar comparisons. |
||
Locking operations must be performed on the same thread. Using 'await' in a critical section may lead to a lock being released on a different thread. |
||
The '&=' or '|=' operator is redundant because the right operand is always true/false. |
||
Logical literal belongs to second operator with a higher priority. It is possible literal was intended to belong to '??' operator instead. |
||
Calling method or accessing property of potentially disposed object may result in exception. |
||
Calling element access method for potentially empty collection may result in exception. |
||
The 'HasFlag' method always returns 'true' because the value '0' is passed as its argument. |
||
The result of '&' operator is '0' because one of the operands is '0'. |
||
The result of '&' operator is always '0'. |
||
Code formatting implies that the statement should not be a part of the 'then' branch that belongs to the preceding 'if' statement. |
||
The argument's value is greater than the size of the collection. Passing the value into the 'Foo' method will result in an exception. |
||
An argument containing a file path could be mixed up with another argument. The other function parameter expects a file path instead. |
||
The arguments violate the bounds of collection. Passing these values into the method will result in an exception. |
||
Concurrent modification of a variable may lead to errors. |
||
Type member is used in the 'GetHashCode' method but is missing from the 'Equals' method. |
||
Data processing results are potentially used before asynchronous output reading is complete. Consider calling 'WaitForExit' overload with no arguments before using the data. |
||
Calling 'OfType' for collection will return an empty collection. It is not possible to cast collection elements to the type parameter. |
||
Collection initializer implicitly calls 'Add' method. Using it on member with default value of null will result in null dereference exception. |
||
The compared value inside the 'Object.Equals' override is converted to a different type that does not contain the override. |
||
The variable is assigned the same value that it already holds. |
||
The index from end operator is used with the value that is less than or equal to zero. Collection index will be out of bounds. |
||
Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead. |
||
Unreachable code detected. The 'case' value is out of the range of the match expression. |
||
The expression is always false due to implicit type conversion. Overflow check is incorrect. |
||
Unity Engine. Boxing inside a frequently called method may decrease performance. |
||
OWASP. Storing credentials inside source code can lead to security issues. |
||
OWASP. The object was created but it is not being used. The 'throw' keyword could be missing. |
||
OWASP. The original exception object was swallowed. Stack of original exception could be lost. |
||
OWASP. Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this. |
||
OWASP. Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it. |
||
OWASP. An exception handling block does not contain any code. |
||
OWASP. Exception classes should be publicly accessible. |
||
OWASP. Possible SQL injection. Potentially tainted data is used to create SQL command. |
||
OWASP. Possible path traversal vulnerability. Potentially tainted data is used as a path. |
||
OWASP. Possible XSS vulnerability. Potentially tainted data might be used to execute a malicious script. |
||
OWASP. Potential insecure deserialization vulnerability. Potentially tainted data is used to create an object using deserialization. |
||
OWASP. Do not use old versions of SSL/TLS protocols as it may cause security issues. |
||
OWASP. Use of outdated cryptographic algorithm is not recommended. |
||
OWASP. Potential XXE vulnerability. Insecure XML parser is used to process potentially tainted data. |
||
OWASP. Potential XEE vulnerability. Insecure XML parser is used to process potentially tainted data. |
||
OWASP. Possible command injection. Potentially tainted data is used to create OS command. |
||
OWASP. Assigning potentially negative or large value as timeout of HTTP session can lead to excessive session expiration time. |
||
OWASP. Possible server-side request forgery. Potentially tainted data is used in the URL. |
||
OWASP. Possible log injection. Potentially tainted data is written into logs. |
||
OWASP. Possible LDAP injection. Potentially tainted data is used in a search filter. |
||
OWASP. Error message contains potentially sensitive data that may be exposed. |
||
OWASP. Possible XPath injection. Potentially tainted data is used in the XPath expression. |
||
OWASP. Possible open redirect vulnerability. Potentially tainted data is used in the URL. |
||
OWASP. Use of potentially tainted data in configuration may lead to security issues. |
||
OWASP. Referenced package contains vulnerability. |
||
OWASP. Possible ReDoS vulnerability. Potentially tainted data is processed by regular expression that contains an unsafe pattern. |
||
OWASP. Possible NoSQL injection. Potentially tainted data is used to create query. |
||
OWASP. Possible Zip Slip vulnerability. Potentially tainted data is used in the path to extract the file. |
Java диагностики
Error Code |
Error Description |
Mapping |
---|---|---|
OWASP. An exception handling block does not contain any code. |
||
OWASP. Exception classes should be publicly accessible. |
||
OWASP. The object was created but it is not being used. The 'throw' keyword could be missing. |
||
OWASP. Unsafe double-checked locking. |
||
OWASP. Storing credentials inside source code can lead to security issues. |
||
OWASP. The original exception object was swallowed. Cause of original exception could be lost. |
||
OWASP. Potentially predictable seed is used in pseudo-random number generator. |
||
OWASP. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead. |
||
There are identical sub-expressions to the left and to the right of the 'foo' operator. |
||
The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. |
||
The 'then' statement is equivalent to the 'else' statement. |
||
The object was created but it is not being used. The 'throw' keyword could be missing. |
||
Expression is always true/false. |
||
Potential null dereference. |
||
Function receives an odd argument. |
||
The return value of function 'Foo' is required to be utilized. |
||
The expression contains a suspicious mix of integer and real types. |
||
The '?:' operator, regardless of its conditional expression, always returns one and the same value. |
||
Comparison of arrays, strings, collections by reference. Possibly an equality comparison was intended. |
||
It's odd that this method always returns one and the same value of NN. |
||
Consider inspecting the expression. Probably the '!='/'-='/'+=' should be used here. |
||
Constant expression in switch statement. |
||
Unreachable code detected. It is possible that an error is present. |
||
Division or mod division by zero. |
||
The value is assigned to the 'x' variable but is not used. |
||
The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false. |
||
Possibly index is out of bound. |
||
Possible incorrect order of arguments passed to method. |
||
The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead. |
||
The variable 'X' is being used for this loop and for the outer loop. |
||
An item with the same key has already been added. |
||
Shift by N bits is inconsistent with the size of type. |
||
The value from the uninitialized optional is used. |
||
An unconditional 'break/continue/return/goto' within a loop. |
||
Comparison with 'double.NaN' is meaningless. Use 'double.isNaN()' method instead. |
||
There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. |
||
The code's operational logic does not correspond with its formatting. |
||
Suspicious assignment inside the conditional expression of 'if/while/do...while' statement. |
||
The expression is checked for compatibility with type 'A', but is cast to type 'B'. |
||
Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. |
||
Postfix increment/decrement is senseless because this variable is overwritten. |
||
Incorrect format. Consider checking the N format items of the 'Foo' function. |
||
It is possible that this 'else' branch must apply to the previous 'if' statement. |
||
This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake. |
||
Class initialization cycle is present. |
||
Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions. |
||
Classes should not be compared by their name. |
||
Consider inspecting this expression. The expression is excessive or contains a misprint. |
||
Comparing objects of incompatible types. |
||
Odd use of special character in regular expression. Possibly, it was intended to be escaped. |
||
The reference was used before it was verified against null. |
||
The used constant value is represented by an octal form. |
||
Possible infinite recursion. |
||
Odd semicolon ';' after 'if/for/while' operator. |
||
Suspicious invocation of Thread.run(). |
||
Two or more case-branches perform the same actions. |
||
Unsafe synchronization on an object. |
||
Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. |
||
It is not recommended to return null or throw exceptions from 'toString' / 'clone' methods. |
||
Non-atomic modification of volatile variable. |
||
The signature of method 'X' does not conform to serialization requirements. |
||
A suspicious label is present inside a switch(). It is possible that these are misprints and 'default:' label should be used instead. |
||
Value of variable is checked after use. Potential logical error is present. Check lines: N1, N2. |
||
Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition. |
||
Unsafe double-checked locking. |
||
An abnormality within similar comparisons. It is possible that a typo is present inside the expression. |
||
Suspicious code formatting. 'else' keyword is probably missing. |
||
It's possible that the line was commented out improperly, thus altering the program's operation logics. |
||
Field 'A' is being used before it was initialized. |
||
Automatic unboxing of a variable may cause NullPointerException. |
||
The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. |
||
Thread.sleep() inside synchronized block/method may cause decreased performance. |
||
An odd precise comparison. Consider using a comparison with defined precision: Math.abs(A - B) < Epsilon or Math.abs(A - B) > Epsilon. |
||
The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. |
||
An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' method. |
||
compareTo()-like methods can return not only the values -1, 0 and 1, but any values. |
||
Inconsistent synchronization of a field. Consider synchronizing the field on all usages. |
||
Ignored InterruptedException could lead to delayed thread shutdown. |
||
Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator. |
||
Casting expression to 'X' type before implicitly casting it to other type may be excessive or incorrect. |
||
The constant NN is being utilized. The resulting value could be inaccurate. Consider using the KK constant. |
||
Do not use real-type variables in 'for' loop counters. |
||
Potentially predictable seed is used in pseudo-random number generator. |
||
Potentially negative value is used as the size of an array. |
||
Suspicious division. Absolute value of the left operand is less than the value of the right operand. |
||
The 'A' class containing Closeable members does not release the resources that the field is holding. |
||
Not all Closeable members are released inside the 'close' method. |
||
Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead. |
||
The original exception object was swallowed. Cause of original exception could be lost. |
||
The result of '&' operator is always '0'. |
||
The result of the '&' operator is '0' because one of the operands is '0'. |