- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Working with CodeArts Check
- Purchasing CodeArts Check
- Configuring Project-level Role Permissions
- Creating a Task
- Configuring a Task
- Executing a Task
- Viewing Check Results
- Querying Audit Logs
- Reference
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
-
Task Management
- Creating a Check Task
- Deleting a Check Task
- Querying Tasks
- Executing a Check Task
- Stopping a Check Task
- Querying the Status of a Task
- Querying Historical Check Results
- Querying Selected Rule Sets of a Task (Version 2)
- Querying Selected Rule Sets of a Task (Version 3)
- Querying the Check Parameters of a Rule Set (Version 2)
- Querying the Check Parameters of a Rule Set (Version 3)
- Configuring the Check Parameters of a Task
- Modifying the Rule Set in a Task
- Querying Check Failure Logs
- Obtaining the Directory Tree of a Task
- Ignoring Directories of a Task
- Querying Advanced Configurations of a Task
- Configuring Advanced Configurations for a Task
- Issue Management
- Rule Management
-
Task Management
- Application Examples
- Appendixes
- Description
-
FAQs
-
General Issues
- Why Am I Told that a Task Is Running and I Should Try Again Later?
- Why Am I Told that I Don't Have Sufficient Permissions and I Should Check and Try Again?
- Why Am I Told that Cppcheck Cannot Tokenize the Code Correctly?
- Why Am I Told that No Dependency Exists in the Maven Repository?
- Why Am I Seeing Error CC.00070400.500?
- Why Don't I Have Enough Permissions When Clicking a Task Name?
- Why Does a Project with WPF in C# Fail?
- Why Is No Data Displayed After a Task Is Complete?
- Why Does a TypeScript Task Fail with a 404 Error in the Log?
- API Issues
-
General Issues
- Videos
- General Reference
Show all
Copied.
Enhanced Security Checks
The security check feature in the enhanced package is highly valuable as it thoroughly identifies code security risks and vulnerabilities. It also includes security scenarios that are not found in other packages, such as value errors, encryption issues, and data verification issues. Moreover, it enhances security check and analysis for vulnerability detection items in the industry (such as cross-function check, cross-file check, taint analysis, semantic analysis).
Currently, the package contains 284 rules (Java: 61; C++: 199; Go: 8; Python: 16).
|
Item |
OWASP Top |
CWE Top |
Description |
Basic/Professional Edition |
Enhanced Package |
|---|---|---|---|---|---|
|
Command injection |
Yes |
Yes |
Attackers use external input to construct system commands and use applications that can invoke system commands to perform unauthorized operations. |
Yes |
Yes |
|
Path traversal |
No |
Yes |
Attackers use the vulnerabilities of applications to access data or directories without obtaining authorization, thereby causing data leak or tampering. |
No |
Yes |
|
SQL injection |
Yes |
Yes |
Attackers use pre-defined query statements and construct additional sentences through external input to implement unauthorized operations. |
Yes |
Yes |
|
Uncontrolled format string |
No |
Yes |
Attackers use the format string vulnerability to control programs and cause information leakage. |
No |
Yes |
|
Cross-site scripting (XSS) attack |
Yes |
Yes |
Attackers insert malicious code to the links from websites or emails to steal user information. |
No |
Yes |
|
LDAP injection |
Yes |
Yes |
Unauthorized lightweight directory access protocol (LDAP) queries are generated based on the parameters entered by users to steal user information. |
No |
Yes |
|
Insecure reflection |
Yes |
Yes |
Attackers use external input to bypass access control paths such as identity authentication and perform unauthorized operations. |
No |
Yes |
|
Open redirection vulnerability |
No |
Yes |
Attackers change the redirection address to a malicious website to initiate phishing, fraud, or steal user credentials. |
No |
Yes |
|
XPath injection |
Yes |
Yes |
Attackers use external input with malicious query code for privilege escalation. |
Yes |
Yes |
|
Incorrect array index |
No |
Yes |
Out-of-bounds memory read occurs, which may cause information leakage or system breakdown. |
No |
Yes |
|
Null pointer dereference |
No |
Yes |
Unpredictable system errors may occur, resulting in system breakdown. |
Yes |
Yes |
|
Information leakage in logs |
No |
Yes |
Information leakage in server logs and debug logs |
No |
Yes |
|
Information leakage in messages |
No |
Yes |
Information leakage caused by error messages |
Yes |
Yes |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
