CWE-compatibility claim coverage

As of CWE List version 2.9

The following is the list of CWE identifiers covered by the Julia analyzer and associated warnings.


CWE22

  • PathInjectionIntoFieldWarning  [from checker BasicInjection]
  • PathInjectionWarning  [from checker BasicInjection]
  • PathInjectionIntoFieldWarning  [from checker Injection]
  • PathInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • PathInjectionWarning  [from checker Injection]
  • PathInjectionWarningWithFlow  [from checker Injection]



CWE74

  • AddressInjectionIntoFieldWarning  [from checker BasicInjection]
  • AddressInjectionWarning  [from checker BasicInjection]
  • ControlInjectionIntoFieldWarning  [from checker BasicInjection]
  • ControlInjectionWarning  [from checker BasicInjection]
  • DOSInjectionIntoFieldWarning  [from checker BasicInjection]
  • DOSInjectionWarning  [from checker BasicInjection]
  • DeviceInjectionIntoFieldWarning  [from checker BasicInjection]
  • DeviceInjectionWarning  [from checker BasicInjection]
  • GenericInjectionIntoFieldWarning  [from checker BasicInjection]
  • GenericInjectionWarning  [from checker BasicInjection]
  • ResourceInjectionIntoFieldWarning  [from checker BasicInjection]
  • ResourceInjectionWarning  [from checker BasicInjection]
  • URLInjectionIntoFieldWarning  [from checker BasicInjection]
  • URLInjectionWarning  [from checker BasicInjection]
  • AddressInjectionIntoFieldWarning  [from checker Injection]
  • AddressInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • AddressInjectionWarning  [from checker Injection]
  • AddressInjectionWarningWithFlow  [from checker Injection]
  • ControlInjectionIntoFieldWarning  [from checker Injection]
  • ControlInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • ControlInjectionWarning  [from checker Injection]
  • ControlInjectionWarningWithFlow  [from checker Injection]
  • DOSInjectionIntoFieldWarning  [from checker Injection]
  • DOSInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • DOSInjectionWarning  [from checker Injection]
  • DOSInjectionWarningWithFlow  [from checker Injection]
  • DeviceInjectionIntoFieldWarning  [from checker Injection]
  • DeviceInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • DeviceInjectionWarning  [from checker Injection]
  • DeviceInjectionWarningWithFlow  [from checker Injection]
  • GenericInjectionIntoFieldWarning  [from checker Injection]
  • GenericInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • GenericInjectionWarning  [from checker Injection]
  • GenericInjectionWarningWithFlow  [from checker Injection]
  • ResourceInjectionIntoFieldWarning  [from checker Injection]
  • ResourceInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • ResourceInjectionWarning  [from checker Injection]
  • ResourceInjectionWarningWithFlow  [from checker Injection]
  • URLInjectionIntoFieldWarning  [from checker Injection]
  • URLInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • URLInjectionWarning  [from checker Injection]
  • URLInjectionWarningWithFlow  [from checker Injection]
  • URLInjectionIntoFieldWarning  [from checker PrivacyAndroid]
  • URLInjectionWarning  [from checker PrivacyAndroid]
  • ExternalDataInVulnerableMethodWarning  [from checker UseOfUncontrolledExternalData]
  • ShouldBeOverriddenIsValidFragmentMethodWarning  [from checker UseOfUncontrolledExternalData]



CWE78

  • CommandInjectionIntoFieldWarning  [from checker BasicInjection]
  • CommandInjectionWarning  [from checker BasicInjection]
  • CommandInjectionIntoFieldWarning  [from checker Injection]
  • CommandInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • CommandInjectionWarning  [from checker Injection]
  • CommandInjectionWarningWithFlow  [from checker Injection]



CWE79

  • XSSInjectionIntoFieldWarning  [from checker BasicInjection]
  • XSSInjectionWarning  [from checker BasicInjection]
  • XSSInjectionIntoFieldWarning  [from checker Injection]
  • XSSInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • XSSInjectionWarning  [from checker Injection]
  • XSSInjectionWarningWithFlow  [from checker Injection]



CWE89

  • SqlInjectionIntoFieldWarning  [from checker BasicInjection]
  • SqlInjectionWarning  [from checker BasicInjection]
  • SqlInjectionIntoFieldWarning  [from checker Injection]
  • SqlInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • SqlInjectionWarning  [from checker Injection]
  • SqlInjectionWarningWithFlow  [from checker Injection]



CWE90

  • LDAPAttributeInjectionIntoFieldWarning  [from checker BasicInjection]
  • LDAPAttributeInjectionWarning  [from checker BasicInjection]
  • LDAPFilterInjectionIntoFieldWarning  [from checker BasicInjection]
  • LDAPFilterInjectionWarning  [from checker BasicInjection]
  • LDAPAttributeInjectionIntoFieldWarning  [from checker Injection]
  • LDAPAttributeInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • LDAPAttributeInjectionWarning  [from checker Injection]
  • LDAPAttributeInjectionWarningWithFlow  [from checker Injection]
  • LDAPFilterInjectionIntoFieldWarning  [from checker Injection]
  • LDAPFilterInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • LDAPFilterInjectionWarning  [from checker Injection]
  • LDAPFilterInjectionWarningWithFlow  [from checker Injection]



CWE94

  • CodeInjectionIntoFieldWarning  [from checker BasicInjection]
  • CodeInjectionWarning  [from checker BasicInjection]
  • CodeInjectionIntoFieldWarning  [from checker Injection]
  • CodeInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • CodeInjectionWarning  [from checker Injection]
  • CodeInjectionWarningWithFlow  [from checker Injection]



CWE95

  • EvalInjectionIntoFieldWarning  [from checker BasicInjection]
  • EvalInjectionWarning  [from checker BasicInjection]
  • EvalInjectionIntoFieldWarning  [from checker Injection]
  • EvalInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • EvalInjectionWarning  [from checker Injection]
  • EvalInjectionWarningWithFlow  [from checker Injection]



CWE113

  • HttpResponseInjectionIntoFieldWarning  [from checker BasicInjection]
  • HttpResponseSplittingWarning  [from checker BasicInjection]
  • HttpResponseInjectionIntoFieldWarning  [from checker Injection]
  • HttpResponseInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • HttpResponseSplittingWarning  [from checker Injection]
  • HttpResponseSplittingWarningWithFlow  [from checker Injection]



CWE117

  • LogForgingWarning  [from checker BasicInjection]
  • LogInjectionIntoFieldWarning  [from checker BasicInjection]
  • LogForgingWarning  [from checker Injection]
  • LogForgingWarningWithFlow  [from checker Injection]
  • LogInjectionIntoFieldWarning  [from checker Injection]
  • LogInjectionIntoFieldWarningWithFlow  [from checker Injection]



CWE187




CWE190

  • CastIntComputationIntoLongWarning  [from checker Approximation]



CWE197




CWE200




CWE227




CWE252




CWE253

  • UselessNullnessTestOfMethodReturnWarning  [from checker Nullness]



CWE259

  • HardcodedPasswordWarning  [from checker Passwords]



CWE287




CWE295




CWE319

  • MessageInjectionIntoFieldWarning  [from checker BasicInjection]
  • MessageInjectionWarning  [from checker BasicInjection]
  • MessageInjectionIntoFieldWarning  [from checker Injection]
  • MessageInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • MessageInjectionWarning  [from checker Injection]
  • MessageInjectionWarningWithFlow  [from checker Injection]
  • MessageInjectionIntoFieldWarning  [from checker PrivacyAndroid]
  • MessageInjectionWarning  [from checker PrivacyAndroid]



CWE326

  • InsecureKeyDerivationFunctionWarning  [from checker Cryptography]



CWE327

  • CryptographicAlgorithmWithRiskyCipherAlgorithmWarning  [from checker Cryptography]
  • CryptographicAlgorithmWithRiskyDefaultCipherAlgorithmWarning  [from checker Cryptography]
  • CryptographicAlgorithmWithWeakHashingAlgorithmWarning  [from checker Cryptography]
  • DeprecatedOrDeletedCryptographyProviderFieldWarning  [from checker Cryptography]
  • DeprecatedOrDeletedCryptographyProviderMethodWarning  [from checker Cryptography]
  • RiskyCipherFieldWarning  [from checker Cryptography]
  • RiskyCryptographicAlgorithmFieldWarning  [from checker Cryptography]
  • RiskyCryptographicAlgorithmWarning  [from checker Cryptography]
  • UnsafeBase64EncodingWarning  [from checker Cryptography]
  • WeakHashingAlgorithmFieldWarning  [from checker Cryptography]



CWE328

  • RiskyCipherAlgorithmWarning  [from checker Cryptography]
  • RiskyDefaultCipherAlgorithmWarning  [from checker Cryptography]
  • WeakHashingAlgorithmWarning  [from checker Cryptography]



CWE330

  • InsecureRandomWarning  [from checker Random]
  • UseOfFixedSeedWarning  [from checker Random]



CWE332

  • SuboptimalRandomNumberWarning  [from checker Random]



CWE349

  • LDAPPoisoningWarning  [from checker Ldap]



CWE359

  • LeakageOfPrivateDataThroughFieldUnknownSourceWarning  [from checker Gdpr]
  • LeakageOfPrivateDataThroughFieldWarning  [from checker Gdpr]
  • LeakageOfPrivateDataThroughParameterUnknownSourceWarning  [from checker Gdpr]
  • LeakageOfPrivateDataThroughParameterWarning  [from checker Gdpr]



CWE390




CWE392




CWE395




CWE396




CWE397




CWE398

  • RedundantImplementsWarning  [from checker BadExtension]
  • UselessClasscastWarning  [from checker Classcast]
  • FieldNeverUsedWarning  [from checker FieldAccess]
  • UselessNullnessTestOfFieldWarning  [from checker Nullness]
  • UselessNullnessTestOfFormalWarning  [from checker Nullness]
  • UselessNullnessTestWarning  [from checker Nullness]
  • SetStaticInNonStaticWarning  [from checker StaticFieldAccess]
  • UnusedClassWarning  [from checker UnusedClass]
  • UselessCallWarning  [from checker UselessCall]
  • UselessTestWarning  [from checker UselessTest]



CWE400




CWE412

  • SynchronisationOnInternedStringWarning  [from checker Concurrency]



CWE413

  • ExpensiveSynchronizationOnStaticWarning  [from checker Concurrency]
  • ImpossibleClientSideLockingWarning  [from checker Concurrency]



CWE440




CWE456




CWE470




CWE476

  • ActualNullReflectionWarning  [from checker BasicNullness]
  • ActualNullWarning  [from checker BasicNullness]
  • ArrayLengthOfNullWarning  [from checker BasicNullness]
  • ArrayLoadFromNullWarning  [from checker BasicNullness]
  • ArrayStoreIntoNullWarning  [from checker BasicNullness]
  • CallOnNullWarning  [from checker BasicNullness]
  • FormalNullWarning  [from checker BasicNullness]
  • GetFieldFromNullWarning  [from checker BasicNullness]
  • PutFieldIntoNullWarning  [from checker BasicNullness]
  • ReturningNullForArrayWarning  [from checker BasicNullness]
  • ReturningNullForBooleanWarning  [from checker BasicNullness]
  • ReturningNullForOptionalWarning  [from checker BasicNullness]
  • SynchronizationOnNullWarning  [from checker BasicNullness]
  • ThrowOfNullWarning  [from checker BasicNullness]
  • ActualInnerNullWarning  [from checker Nullness]
  • ActualNullWarning  [from checker Nullness]
  • ArrayLengthOfNullWarning  [from checker Nullness]
  • ArrayLoadFromNullWarning  [from checker Nullness]
  • ArrayStoreIntoNullWarning  [from checker Nullness]
  • CallOnNullWarning  [from checker Nullness]
  • FieldInnerNullWarning  [from checker Nullness]
  • FieldNullWarning  [from checker Nullness]
  • FormalInnerNullWarning  [from checker Nullness]
  • FormalNullWarning  [from checker Nullness]
  • GetFieldFromNullWarning  [from checker Nullness]
  • MethodReturnsInnerNullWarning  [from checker Nullness]
  • MethodReturnsNullWarning  [from checker Nullness]
  • PutFieldIntoNullWarning  [from checker Nullness]
  • SynchronizationOnNullWarning  [from checker Nullness]
  • ThrowOfNullWarning  [from checker Nullness]



CWE477

  • InadequateCallInProductionWarning  [from checker Production]
  • UseLogInsteadWarning  [from checker Production]



CWE480

  • EqualsWarning  [from checker BadEq]
  • ANDAgainstConstantWarning  [from checker ShortCircuit]
  • InefficientSameValueANDWarning  [from checker ShortCircuit]
  • InefficientSameValueORWarning  [from checker ShortCircuit]
  • ORAgainstConstantWarning  [from checker ShortCircuit]



CWE481

  • AssigningInsteadOfComparingWarning  [from checker BadEq]



CWE485




CWE491

  • CloneForNonCloneableWarning  [from checker Clone]
  • NonFinalCloneMethodWarning  [from checker Clone]
  • SubclassesMayBeClonedWarning  [from checker Clone]



CWE492

  • InnerClassShouldBeStaticWarning  [from checker InnerClasses]



CWE501

  • SessionInjectionIntoFieldWarning  [from checker BasicInjection]
  • SessionInjectionWarning  [from checker BasicInjection]
  • TrustBoundaryViolationIntoFieldWarning  [from checker BasicInjection]
  • TrustBoundaryViolationWarning  [from checker BasicInjection]
  • SessionInjectionIntoFieldWarning  [from checker Injection]
  • SessionInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • SessionInjectionWarning  [from checker Injection]
  • SessionInjectionWarningWithFlow  [from checker Injection]
  • TrustBoundaryViolationIntoFieldWarning  [from checker Injection]
  • TrustBoundaryViolationIntoFieldWarningWithFlow  [from checker Injection]
  • TrustBoundaryViolationWarning  [from checker Injection]
  • TrustBoundaryViolationWarningWithFlow  [from checker Injection]



CWE522

  • PasswordInPropertyFileWarning  [from checker Passwords]



CWE524




CWE538




CWE547

  • HardcodedFileNameWarning  [from checker Resources]



CWE561

  • ClassNeverInstantiatedWarning  [from checker Deadcode]
  • UncalledWarning  [from checker Deadcode]
  • UnreachableInstructionWarning  [from checker Deadcode]



CWE563




CWE567

  • VolatileArrayFieldWarning  [from checker Concurrency]
  • VolatileContainerFieldWarning  [from checker Concurrency]
  • MissingSynchronizedWarning  [from checker GuardedBy]
  • UnguardedFieldWarning  [from checker GuardedBy]
  • UnguardedParameterWarning  [from checker GuardedBy]



CWE570




CWE571




CWE572

  • SynchronousCallToThreadBodyWarning  [from checker Concurrency]



CWE573




CWE581




CWE585

  • UselessSynchronizationWarning  [from checker Concurrency]



CWE595

  • EqualityWarning  [from checker BadEq]
  • EqualsOnArraysWarning  [from checker BadEq]
  • ImpossibleEqualityWarning  [from checker BadEq]



CWE596

  • EqualsOnDisjointTypesWarning  [from checker BadEq]
  • ImpossibleEqualsWarning  [from checker BadEq]
  • AsymmetricalCompareToWarning  [from checker CompareTo]
  • CompareToInconsistentWithEqualsWarning  [from checker CompareTo]
  • CompareToWithDefaultEqualsWarning  [from checker CompareTo]



CWE597

  • InefficientStringEmptynessTestWarning  [from checker BadEq]



CWE607




CWE609

  • UnsafeLazyInitialisationWarning  [from checker Concurrency]



CWE611

  • XXEAttackWarning  [from checker Xxe]



CWE614

  • InsecureCookieWarning  [from checker Cookie]
  • PossibleInsecureCookieCreationWarning  [from checker Cookie]



CWE628




CWE643

  • XPathInjectionIntoFieldWarning  [from checker BasicInjection]
  • XPathInjectionWarning  [from checker BasicInjection]
  • XPathInjectionIntoFieldWarning  [from checker Injection]
  • XPathInjectionIntoFieldWarningWithFlow  [from checker Injection]
  • XPathInjectionWarning  [from checker Injection]
  • XPathInjectionWarningWithFlow  [from checker Injection]



CWE662

  • UselessVolatileModifierWarning  [from checker Concurrency]



CWE664

  • LeakThroughCallbackFieldWarning  [from checker Leak]
  • LeakThroughCallbackWarning  [from checker Leak]
  • LeakThroughFieldWarning  [from checker Leak]
  • LeakThroughInnerClass  [from checker Leak]



CWE665




CWE674




CWE682




CWE686




CWE704

  • ArrayStoreWarning  [from checker Classcast]
  • ClasscastGenericWarning  [from checker Classcast]
  • ClasscastOfFieldWarning  [from checker Classcast]
  • ClasscastOfFormalWarning  [from checker Classcast]
  • ClasscastOfMethodReturnWarning  [from checker Classcast]



CWE732

  • FileAccessWithModeWorldWarning  [from checker FileAccess]
  • FileWithWorldAccessibilityWarning  [from checker FileAccess]



CWE749




CWE768




CWE771




CWE772

  • ResourceNotClosedAtEndOfMethodWarning  [from checker CloseResource]
  • FieldNeverReadWarning  [from checker FieldAccess]
  • FieldIsOnlyUsedInConstructorsWarning  [from checker ImproperField]
  • FieldIsOnlyUsedInStaticInitialiserWarning  [from checker ImproperField]
  • FieldShouldBeReplacedByLocalsWarning  [from checker ImproperField]



CWE820

  • UnguardedMethodOrConstructorWarning  [from checker GuardedBy]



CWE833

  • BlockingCallInsideSynchronizationWarning  [from checker Concurrency]



CWE909

  • EmptyJarEntryWarning  [from checker Zip]
  • EmptyZipEntryWarning  [from checker Zip]



CWE913




CWE916

  • InadequateSaltWarning  [from checker Cryptography]
  • PossibleGenerationOfWeakCryptographicValuesWarning  [from checker Cryptography]