Kotlin 규칙
각 규칙에는 다음 정보가 포함되어 있습니다.
규칙 이름: 규칙의 Snyk 이름.
CWE(s): 이 규칙이 다루는 CWE 번호들.
보안 카테고리: 이 규칙이 속하는 경우 OWASP Top 10 (2021년판) 카테고리 및 SANS 25에 포함되어 있는 경우.
자동 수정 가능 여부: DeepCode AI Fix에 의해 자동으로 수정될 수 있는 보안 규칙입니다. 이 정보는 지원되는 프로그래밍 언어에 대해서만 포함됩니다.
Android World Writeable/Readable File Permission Found
CWE-732
없음
아니요
Use of Potentially Dangerous Function
CWE-676
없음
아니요
Cleartext Storage of Sensitive Information in a Cookie
CWE-315
OWASP:A05
아니요
Code Injection
CWE-94
Sans Top 25, OWASP:A03
아니요
Command Injection
CWE-78
Sans Top 25, OWASP:A03
아니요
Deserialization of Untrusted Data
CWE-502
Sans Top 25, OWASP:A08
아니요
Cross-Site Request Forgery (CSRF)
CWE-352
Sans Top 25, OWASP:A01
아니요
Information Exposure
CWE-200
OWASP:A01
아니요
Cleartext Transmission of Sensitive Information
CWE-319
OWASP:A02
아니요
Indirect Command Injection via User Controlled Environment
CWE-78
Sans Top 25, OWASP:A03
아니요
External Control of System or Configuration Setting
CWE-15
OWASP:A05
아니요
Process Control
CWE-114
없음
아니요
File Access Enabled
CWE-200
OWASP:A01
아니요
Android Fragment Injection
CWE-470
OWASP:A03
아니요
Use of Hardcoded Passwords
CWE-798, CWE-259
Sans Top 25, OWASP:A07
아니요
Hardcoded Secret
CWE-547
OWASP:A05
아니요
Improper Neutralization of CRLF Sequences in HTTP Headers
CWE-113
OWASP:A03
아니요
Disabled Neutralization of CRLF Sequences in HTTP Headers
CWE-113
OWASP:A03
아니요
Inadequate Padding for AES encryption
CWE-326
OWASP:A02
아니요
Use of a Broken or Risky Cryptographic Algorithm
CWE-327
OWASP:A02
아니요
Use of Password Hash With Insufficient Computational Effort
CWE-916
OWASP:A02
아니요
Use of Insufficiently Random Values
CWE-330
OWASP:A02
아니요
Android Intent Forwarding
CWE-940
OWASP:A07
아니요
Improper Validation of Certificate with Host Mismatch
CWE-297
OWASP:A07
아니요
JavaScript Enabled
CWE-79
Sans Top 25, OWASP:A03
아니요
Java Naming and Directory Interface (JNDI) Injection
CWE-074
없음
아니요
Improper Authentication
CWE-287
Sans Top 25, OWASP:A07
아니요
LDAP Injection
CWE-90
OWASP:A03
아니요
Use of Hardcoded Credentials
CWE-798
Sans Top 25, OWASP:A07
아니요
The cipher text is equal to the provided input plain text
CWE-311
OWASP:A04
아니요
Use of Sticky broadcasts
CWE-265
없음
아니요
Use of Hardcoded, Security-relevant Constants
CWE-547
OWASP:A05
아니요
Open Redirect
CWE-601
OWASP:A01
아니요
Path Traversal
CWE-23
OWASP:A01
아니요
Regular expression injection
CWE-400, CWE-730
없음
아니요
Unprotected Storage of Credentials
CWE-256
OWASP:A04
아니요
Incorrect Permission Assignment
CWE-732
없음
아니요
Improper Certificate Validation
CWE-295
OWASP:A07
아니요
Server Information Exposure
CWE-209
OWASP:A04
아니요
Improper Handling of Insufficient Permissions or Privileges
CWE-280
OWASP:A04
아니요
Cross-site Scripting (XSS)
CWE-79
Sans Top 25, OWASP:A03
아니요
Unrestricted Android Broadcast
CWE-862
Sans Top 25, OWASP:A01
아니요
SQL Injection
CWE-89
Sans Top 25, OWASP:A03
아니요
Server-Side Request Forgery (SSRF)
CWE-918
Sans Top 25, OWASP:A10
아니요
Inadequate Encryption Strength
CWE-326
OWASP:A02
아니요
Code Execution via Third Party Package Context
CWE-94
Sans Top 25, OWASP:A03
아니요
Code Execution via Third Party Package Installation
CWE-940
OWASP:A07
아니요
Observable Timing Discrepancy (Timing Attack)
CWE-208
없음
아니요
Origin Validation Error
CWE-942, CWE-346
OWASP:A05, OWASP:A07
아니요
Cryptographic Issues
CWE-310
OWASP:A02
아니요
Trust Boundary Violation
CWE-501
OWASP:A04
아니요
Unauthorized File Access
CWE-79
Sans Top 25, OWASP:A03
아니요
Android Uri Permission Manipulation
CWE-266
OWASP:A04
아니요
Use of Externally-Controlled Format String
CWE-134
없음
아니요
Sensitive Cookie Without 'HttpOnly' Flag
CWE-1004
OWASP:A05
아니요
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-614
OWASP:A05
아니요
Insufficient Session Expiration
CWE-613
OWASP:A07
아니요
XML External Entity (XXE) Injection
CWE-611
OWASP:A05
아니요
XPath Injection
CWE-643
OWASP:A03
아니요
Last updated