INSUFFICIENT_TABLE_PROPERTY error class.INSERT_COLUMN_ARITY_MISMATCH error class.INCONSISTENT_BEHAVIOR_CROSS_VERSION error class.H3_INVALID_RESOLUTION_VALUE error class.H3_INVALID_GRID_DISTANCE_VALUE error class.FROM_JSON_INVALID_CONFIGURATION error class.DUPLICATE_ROUTINE_PARAMETER_ASSIGNMENT error class.DELTA_VIOLATE_TABLE_PROPERTY_VALIDATION_FAILED error class.DELTA_VERSIONS_NOT_CONTIGUOUS error class.DELTA_ICEBERG_COMPAT_V1_VIOLATION error class.CREATE_VIEW_COLUMN_ARITY_MISMATCH error class.COLUMN_MASKS_FEATURE_NOT_SUPPORTED error class.Weaknesses in the 2022 CWE Top 25 Most Dangerous Software WeaknessesĬomprehensive Categorization: Incorrect Calculation Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors SEI CERT C Coding Standard - Guidelines 08. SEI CERT C Coding Standard - Guidelines 04. SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. SFP Secondary Cluster: Glitch in Computation The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). View - a subset of CWE entries that provides a way of examining CWE content. To correct the situation the appropriate primitive type should be used, as in the example below, and/or provide some validation mechanism to ensure that the maximum value for the primitive type is not exceeded.Ĭategory - a CWE entry that contains a set of other entries that share a common characteristic.ĬERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)ĬERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)ĬERT C++ Secure Coding Section 04 - Integers (INT)ĬERT C++ Secure Coding Section 08 - Memory Management (MEM) An integer overflow can lead to data corruption, unexpected behavior, infinite loops and system crashes. This creates a potential integer overflow if the value for the three monthly sales adds up to more than the maximum value for the short int primitive type. In C the short int primitive type has a maximum value of 32768. However, in this example the primitive type short int is used for both the monthly and the quarterly sales variables. QuarterRevenue = calculateRevenueForQuarter(quarterSold) Calculate the total revenue for the quarter Short quarterSold = JanSold + FebSold + MarSold Short MarSold = getMonthlySales(MAR) /* Get sales in March */ Short FebSold = getMonthlySales(FEB) /* Get sales in February */ Short JanSold = getMonthlySales(JAN) /* Get sales in January */ Variable for sales revenue for the quarter In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. This table shows the weaknesses and high level categories that are related to this weakness. Improper Restriction of Operations within the Bounds of a Memory Buffer Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. More specific than a Pillar Weakness, but more general than a Base Weakness. Insufficient Precision or Accuracy of a Real NumberĬlass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. That is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.Ĭhain - a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together within software. Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |