NShiftKey-Rule-Guide
Toothless Rule Guide
SQL Injection
SQL Injection 취약점
SQL Injection 취약점
Using self-signed certificates
CORS (Cross Origin Resource Sharing)
Sensitive Information Exposure
File Upload Vulnerability
Incorrect Serialize
Incorrect Serialize
Incomplete type inference
Exposure of important information
check emptiness by size, length
check emptiness by size, length
BREACH
Bad free of a variable not dynamically allocated
Exposure of important information
Use double type in BigDecimal constructor
Missing RoundingMode in use of BigDecimal.setScale
SQL Injection
Buffer overflow
Buffer overflow
CCS
Fragment retains view
Returns a variable type that is different from the definition
CRIME
CRLF (HTTP Response Splitting)
CRLF (HTTP Response Splitting)
CSRF Vulnerability
CSRF Vulnerability
NULL Pointer Reference
NULL Pointer Reference
Using Null value
HTTP security header insufficient
Wrong proxy setting for nginx
LFI, RFI
Source Code Exposure Vulnerabilities
Source Code Exposure Vulnerabilities
LFI, RFI
Access from Non-indexedseq to index
Abnormal index range reference
Wrong list append
Arbitrary Command Execution Vulnerability
Wrong real number comparison
A comparison for extraneous type
Determine whether or not it is empty using size, length
Determine whether or not it is empty using size, length
Session Hijacking
Unnecessary Page Existence
Cookie Poisoning
Cookie Poisoning
Session Hijacking
Cookie Poisoning
Session Hijacking
CORS (Cross Origin Resource Sharing)
XSS Vulnerability
XSS Vulnerability
XSS Vulnerability
XSS Vulnerability
XSS Vulnerability
Deadlock
XSS Vulnerability
Vulnerable SSL/TLS settting (DROWN)
Vulnerable SSL/TLS settting (DROWN)
Sensitive Information Exposure
Directory Listing Vulnerability
Directory Listing Vulnerability
Double-released of dynamically allocated memory
Unnecessary Page Existence
Using get of Either projection
Dead code
Dead code
Dead code
Dead code
Dead code
Dead code
Sensitive Information Exposure
URL Redirect/Forward
Vulnerable SSL/TLS Settings (FREAK)
Sensitive Information Exposure
Use fliter().headOption
Exception can occur on filter.Head
Use fliter().isEmpty
Missing final modifier in case class
Missing finalizer behavior in Superclass
Sensitive Information Exposure
sensitive information disclosure can be exposed when using net/http/pprof package
SQL Injection
SQL Injection
Arbitrary Command Execution Vulnerability
Zip Slip
Weak Cryptographic Hash
Vulnerable TLS configuration
Weak Cryptographic Hash
Generate predictable random values
Weak Cryptographic Hash
Weak Cryptographic Hash
Weak Cryptographic Hash
Use a weak CGI library
Weak Cryptographic Hash
Insufficient HTTP security header
Source Code Exposure Vulnerability
Lack of HTTPS
Lack of HTTPS
Exposure of important information
CRLF (HTTP Response Splitting)
Lack of HTTPS
Vulnerable SSL/TLS Contiguration
Interface is not thread-safe
Illegal use of format string
Illegal use of format string
Sensitive Information Exposure
CORS (Cross Origin Resource Sharing)
CORS (Cross Origin Resource Sharing)
Vulnerable TLS configuration
Use of Vulnerable Open Source
File Upload Vulnerability
URL Redirect/Forward
Source Code Exposure Vulnerabilities
Vulnerable TLS configuration
Use of JavaConvention
Vulnerable SSL/TLS Configuration (LOGJAM)
Vulnerable SSL/TLS Configuration (LOGJAM)
LUCKY13
Use of append in List
LFI, RFI
Dead code
Missing prefix in InterpolatedString
Loosely Scoped Cookie
CRLF (HTTP Response Splitting)
Improper release of Dynamic Memory Allocation
Method Returning Any
Unnecessary Page Existence
Sensitive Information Exposure
Exposure of important information
Field is not @Nullable
Null pointer Dereference
SQL Injection
Use of Null value
Use of Null value
Arbitrary Command Execution Vulnerability
Arbitrary Command Execution Vulnerability
URL Redirect/Forward
Parameter Tampering
SQL Injection
CRLF (HTTP Response Splitting)
Returning Unit with Parameterless Method
Sensitive Information Exposure
Directory Listing Vulnerability
XSS Vulnerability
XSS Vulnerability
XSS Vulnerability
XSS Vulnerability
XSS Vulnerability
LFI, RFI
Declare empty collection explicitly
Declare empty collection explicitly
Declare empty collection explicitly
Product With Serializable
Public finalizer
File Upload Vulnerability
Resource leak
ReDoS(regular expression denial of service) Vulnerability
Potential Command Injection using exec()
Arbitrary Command Execution Vulnerability
LFI, RFI
LFI, RFI
CRLF (HTTP Response Splitting)
Reverse Tabnabbing
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
Vulnerable SSL/TLS settings (SSLv3 POODLE)
SSRF Vulnerability
SSRF Vulnerability
SSRF Vulnerability
Resource shortage due to main thread overload
STRICT mode violation
Use weak SSL/TLS block password
Sensitive Information Exposure
Insufficient HTTPS application
Insufficient HTTPS application
Insufficient HTTPS application
Insufficient HTTPS application
Cookie Poisoning
Using self-signed certificates
CORS (Cross Origin Resource Sharing)
Server Side JS Injection
Server Side JS Injection
Server Side JS Injection
Server Side JS Injection
Session Hijacking
Session Hijacking
case / match type comparison impossible
Use sort.filter
Thread-safety violation
Unnecessary Page Existence
Type shadowing
Ignore GuardedBy Annotation
CORS (Cross Origin Resource Sharing)
Sensitive Information Exposure
Unnecessary variable type conversion.
Dead code
Unsafe contains
Unsafe String contains
Unsafe traversable method
Unused method parameter
Freed memory reference
Incorrect calculation results
Incorrect calculation results
Incorrect calculation results
Incorrect calculation results
Incorrect calculation results
Zero Size Memory Allocation
Sensitive Information Exposure
Using the var in the Closure
Variable shadowing
Weak Cryptographic Hash
Using weak cipher algorithms
CSRF Vulnerability
HTTP security header insufficient
HTTP security header insufficient
XSS Vulnerability
HTTP security header insufficient
XSS Vulnerability
Improper buffer size allocation
Out of bound pointer variable reference
Bad local variable reference
String parameter not terminated with null
Out of bound pointer variable reference
Assignment of bool type variable value to pointer variable
Bad local variable reference
Bad free of a variable not dynamically allocated
Out of bound pointer variable reference
Weak Cryptographic Algorithm (cipherlist_3DES_IDEA)
Weak Cryptographic Algorithm (cipherlist_EXPORT)
Weak Cryptographic Algorithm (cipherlist_LOW)
Weak Cryptographic Algorithm (NULL)
Weak Cryptographic Algorithm (cipherlist_aNULL)
Source Code Exposure Vulnerabilities
Use pointer variable as Condition extension
Out of bound pointer variable reference
Cookie Poisoning
Divide By Zero
NULL Pointer Reference
NULL Pointer Reference
Bad local variable reference
Set size of VLA(Variable-Length Array) to valid range
Improper release of Dynamic Memory Allocation
Self-assignment
Bad local variable reference
Bad local variable reference
Bad local variable reference
Double-released of dynamically allocated memory
Freed memory reference
Freed memory reference
Potential Command Injection using exec()
ReDoS(regular expression denial of service) Vulnerability
Double-released of dynamically allocated memory
Unnecessary Page Existence
SSL/TLS fallback attack
File Upload Vulnerability
URL Redirect/Forward
Unnecessary Page Existence
Exposure of important information
Integer Overflow
Use parameter of invalid type
String parameter not terminated with null
Use parameter of invalid type
Bad local variable reference
Invalid scanf format width
LFI, RFI
Skip dynamic memory release
Suspicious memory leak in std::basic_string
Mismatch between Alloc and Dealloc method
Improper buffer size allocation
Out of bound pointer variable reference
Improper buffer size allocation
NULL Pointer Reference
Out of bound pointer variable reference
Use VirtualCall in constructor and destructor
Out of bound pointer variable reference
Use pointer variable as Condition extension
ReDoS(regular expression denial of service) Vulnerability
Skip dynamic memory release
Bad local variable reference
Bad local variable reference
Bad local variable reference
Bad local variable reference
Bad local variable reference
Bad local variable reference
Insufficient renegotiation restrictions
Renegotiation vulnerable to MITM
Use of deprecated API
Use of deprecated API
Use of deprecated API
Use of deprecated API
Generate predictable random values
Shift Negative
Out of bound pointer variable reference
Ticketbleed
Mismatch between Alloc and Dealloc method
NULL Pointer Reference
Use closed file pointer
Freed memory reference
Delete polymorphic object without virtual destructor
If you use v-html, then there is a possibility of an XSS vulnerability.
Divide By Zero
Divide By Zero
Change Log
NShiftKey-Rule-Guide
Toothless Rule Guide
Toothless의 각 룰에 대한 가이드입니다
NShiftKey-Rule-Guide