Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-13572

Add "Buffer Overflow" security category

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      We have more and more valuable security rules provided by the C/C++ analyzers and today because the corresponding CWE IDs are unknown, they issues/hotspots are attached to the Others security category which make them not visible.

      We should add a new security category associated to the following list of CWEs:

      • CWE-119
      • CWE-120
      • CWE-131
      • CWE-676
      • CWE-788

      This security category should be named: "Buffer Overflow"

      The "Generic Security Category vs CWE" document was updated accordingly
      https://docs.google.com/spreadsheets/d/16EKZdULUrH-iOGfUFPBWOe0nZbtjcsGCVH_bzDtyhEc/edit#gid=0

        Attachments

          Activity

            People

            • Assignee:
              jacek.poreda Jacek Poreda
              Reporter:
              alexandre.gigleux Alexandre Gigleux
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Due:
                Created:
                Updated:
                Resolved: