界: Code Quality

程式碼品質不佳,會導致無法預料的行為。從使用者的角度來看,這通常表現為可用性不佳。對於攻擊者而言,這提供了以意想不到的方式向系統施加壓力的機會。

93 找到的項目
弱點

Poor Style: Empty Synchronized Block

Abstract
此同步化區塊未包含指令;這可能會使同步處理無法達成預期的效果。
Explanation
在 Java 中進行同步化是很棘手的問題。empty synchronized block 通常只表示程式設計師正在處理同步化問題,但還未達到他們想要的結果。

範例:

synchronized(this) { }
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 5
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 585
desc.structural.java.poor_style_empty_synchronized_block

Poor Style: Identifier Contains Dollar Symbol ($)

Abstract
不建議使用美元符號 ($) 當作識別碼。
Explanation
Java 語言規範的 3.8 節中有說明美元符號,但僅將它當作用於機器產生的原始程式碼中的識別碼。

範例:

int un$afe;
References
[1] J. Gosling, B. Joy, G. Steele, G. Bracha The Java Language Specification, Second Edition Addison-Wesley
[2] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[3] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 5
[4] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[5] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[6] Standards Mapping - Common Weakness Enumeration CWE ID 398
desc.structural.java.poor_style_identifier_contains_dollar_symbol

Poor Style: Redundant Initialization

Abstract
雖指定變數值,但從不使用,而使它成為無用儲存。
Explanation
沒有使用變數的初始值。在指定初始值後,會為變數指定另一個值,或者超出範圍之外。

範例:以下摘錄的程式碼會為變數 r 指定值,然後在沒有使用的情況下將其覆寫。


  int r = getNum();
  r = getNewNum(buf);
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 398
[6] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.cpp.poor_style_redundant_initialization
Abstract
雖指定變數值,但從不使用,而使它成為無用儲存。
Explanation
沒有使用變數的初始值。在指定初始值後,會為變數指定另一個值,或者超出範圍之外。

範例:以下摘錄的程式碼會為變數 r 指定值,然後在沒有使用的情況下將其覆寫。


  int r = getNum();
  r = getNewNum(buf);
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 398
[6] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.java.poor_style_redundant_initialization

Poor Style: Value Never Read

Abstract
雖指定變數值,但從不使用,而使它成為無用儲存。
Explanation
未使用此變數值。在指定值後,會為變數指定另一個值,或者超出範圍之外。

範例:以下摘錄的程式碼會為變數 r 指定值,然後在沒有使用的情況下將其覆寫。


  r = getName();
  r = getNewBuffer(buf);
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.cpp.poor_style_value_never_read
Abstract
雖指定變數值,但從不使用,而使它成為無用儲存。
Explanation
未使用此變數值。在指定值後,會為變數指定另一個值,或者超出範圍之外。

範例:以下摘錄的程式碼會為變數 r 指定值,然後在沒有使用的情況下將其覆寫。


  r = getName();
  r = getNewBuffer(buf);
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
desc.structural.java.poor_style_value_never_read

Poor Style: Variable Never Used

Abstract
此變數從未被使用過。
Explanation
此變數從未被使用過。可能這只是一個無用的程式碼,但是這也可能指出了一個錯誤。

範例:在以下程式碼中,一個複製貼上錯誤導致相同的迴圈迭代器 (i) 被使用了兩次。變數 j 從未使用過。


  int i,j;

  for (i=0; i < outer; i++) {
    for (i=0; i < inner; i++) {
      ...
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 0-1-3
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
[14] Standards Mapping - Smart Contract Weakness Classification SWC-131
desc.structural.cpp.poor_style_variable_never_used
Abstract
合約定義了一個變數,但從不使用。
Explanation
Solidity 允許宣告變數、但從不使用,儘管大多數的時候,這並不直接指向安全性弱點,但這是不好的做法。由於所需的運算週期會增加,這可能會導致雜訊和不必要的燃料消耗。

範例 1:以下程式碼宣告類型為 A 的變數 var1,但從不使用。


contract Base {
    struct A { uint a; }
}

contract DerivedA is Base {
    A var1 = A(1);
    int internal j = 500;

    function call(int a) public {
        assign1(a);
    }

    function assign3(A memory x) public returns (uint) {
        return g[1] + x.a + uint(j);
    }
}
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 1
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 563
[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2008 Rule 0-1-3
[7] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3050 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3050 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3050 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3050 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3050 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3050 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3050 CAT II
[14] Standards Mapping - Smart Contract Weakness Classification SWC-131
desc.structural.solidity.swc131

Portability Flaw

Abstract
在不同作業系統和作業系統版本下,若應用函數的方式沒有一致,就會造成移植性問題。
Explanation
這一類函數的運作方式會根據作業系統而改變,甚至有時候根據作業系統的版本而改變。應用的不同可能包括:

- 參數解譯方式微小的不同會引起不一致的結果。

- 某些函數的執行包含了巨大的安全風險。

- 未在所有平台上定義該函數。
desc.semantic.cpp.portability_flaw

Portability Flaw: File Separator

Abstract
使用 Hardcoded 檔案分隔符號會造成可移植性問題。
Explanation
不同的作業系統會使用不同的字元來做為檔案分隔符號。例如,Microsoft Windows 系統使用的是「\」,而 UNIX 系統則使用「/」。若要在不同的平台上執行應用程式,則 Hardcoded 檔案分隔符號會導致應用程式邏輯的執行不正確,與可能的 Denial of Service。

範例 1:以下程式碼使用 Hardcoded 檔案分隔符號來開啟檔案:


...
var file:File = new File(directoryName + "\\" + fileName);
...
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 4
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 474
[6] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[15] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002520 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002520 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002520 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002520 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002520 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002520 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002520 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002520 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002520 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002520 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002520 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002520 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002520 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002520 CAT II
desc.dataflow.actionscript.portability_flaw_file_separator
Abstract
使用 Hardcoded 檔案分隔符號會造成可移植性問題。
Explanation
不同的作業系統會使用不同的字元來做為檔案分隔符號。例如,Microsoft Windows 系統使用的是「\」,而 UNIX 系統則使用「/」。若要在不同的平台上執行應用程式,則 Hardcoded 檔案分隔符號會導致應用程式邏輯的執行不正確,與可能的 Denial of Service。

範例 1:以下程式碼使用 Hardcoded 檔案分隔符號來開啟檔案:


...
FileStream f = File.Create(directoryName + "\\" + fileName);
...
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 4
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 474
[6] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[15] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002520 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002520 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002520 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002520 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002520 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002520 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002520 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002520 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002520 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002520 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002520 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002520 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002520 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002520 CAT II
desc.dataflow.dotnet.portability_flaw_file_separator
Abstract
使用 Hardcoded 檔案分隔符號會造成可移植性問題。
Explanation
不同的作業系統會使用不同的字元來做為檔案分隔符號。例如,Microsoft Windows 系統使用的是「\」,而 UNIX 系統則使用「/」。若要在不同的平台上執行應用程式,則 Hardcoded 檔案分隔符號會導致應用程式邏輯的執行不正確,與可能的 Denial of Service。

範例 1:以下程式碼使用 Hardcoded 檔案分隔符號來開啟檔案:


...
File file = new File(directoryName + "\\" + fileName);
...
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 4
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 474
[6] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[15] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002520 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002520 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002520 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002520 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002520 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002520 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002520 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002520 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002520 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002520 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002520 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002520 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002520 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002520 CAT II
desc.dataflow.java.portability_flaw_file_separator
Abstract
使用 Hardcoded 檔案分隔符號會造成可移植性問題。
Explanation
不同的作業系統會使用不同的字元來做為檔案分隔符號。例如,Microsoft Windows 系統使用的是「\」,而 UNIX 系統則使用「/」。若要在不同的平台上執行應用程式,則 Hardcoded 檔案分隔符號會導致應用程式邏輯的執行不正確,與可能的 Denial of Service。

範例 1:以下程式碼使用 Hardcoded 檔案分隔符號來開啟檔案:


...
os.open(directoryName + "\\" + fileName);
...
References
[1] Standards Mapping - CIS Azure Kubernetes Service Benchmark 4
[2] Standards Mapping - CIS Amazon Elastic Kubernetes Service Benchmark 4
[3] Standards Mapping - CIS Amazon Web Services Foundations Benchmark 1
[4] Standards Mapping - CIS Google Kubernetes Engine Benchmark normal
[5] Standards Mapping - Common Weakness Enumeration CWE ID 474
[6] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[15] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002520 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002520 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002520 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002520 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002520 CAT II
[20] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002520 CAT II
[21] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002520 CAT II
[22] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002520 CAT II
[23] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002520 CAT II
[24] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002520 CAT II
[25] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002520 CAT II
[26] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002520 CAT II
[27] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002520 CAT II
[28] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002520 CAT II
desc.dataflow.python.portability_flaw_file_separator