Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-13572

Add "Buffer Overflow" security category

    XMLWordPrintable

    Details

    • Edition:
      Community
    • Production Notes:
      None

      Description

      We have more and more valuable security rules provided by the C/C++ analyzers and today because the corresponding CWE IDs are unknown, they issues/hotspots are attached to the Others security category which make them not visible.

      We should add a new security category associated to the following list of CWEs:

      • CWE-119
      • CWE-120
      • CWE-131
      • CWE-676
      • CWE-788

      This security category should be named: "Buffer Overflow"

      The "Generic Security Category vs CWE" document was updated accordingly
      https://docs.google.com/spreadsheets/d/16EKZdULUrH-iOGfUFPBWOe0nZbtjcsGCVH_bzDtyhEc/edit#gid=0

        Attachments

          Activity

            People

            Assignee:
            jacek.poreda Jacek Poreda
            Reporter:
            alexandre.gigleux Alexandre Gigleux
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: