Fortify 分类法：软件安全错误 Fortify 分类法

应用的筛选器

Category: dangerous type

全部清除

是否需要帮助您筛选类别? 随时通过以下方式联系支持部门: click here

English
Español
日本語
한국어
简体中文
傳統中文
Português brasileiro

Kingdom

Input Validation and Representation

API Abuse

Security Features

Time and State

Errors

Code Quality

Encapsulation

Environment

显示说明隐藏说明

Category

.NET Attribute Misuse

.NET Bad Practices

ADF Bad Practices

ADF Faces Bad Practices

ASP.NET Bad Practices

ASP.NET MVC Bad Practices

ASP.NET Middleware Out of Order

ASP.NET Misconfiguration

AWS Ansible Misconfiguration

AWS CloudFormation Misconfiguration

AWS Terraform Misconfiguration

Access Control

Access Specifier Manipulation

Acegi Misconfiguration

Android Bad Practices

Android Class Loading Hijacking

Android Misconfiguration

AngularJS Misconfiguration

Authentication Bad Practice

Authorization Bypass

Axis 2 Misconfiguration

Axis 2 Service Provider Misconfiguration

Axis 2 Service Requester Misconfiguration

Axis Misconfiguration

Axis Service Provider Misconfiguration

Axis Service Requester Misconfiguration

Azure ARM Misconfiguration

Azure Ansible Misconfiguration

Azure Terraform Misconfiguration

Bean Manipulation

Biometric Authentication

Buffer Overflow

Build Misconfiguration

Cache Management

CakePHP Misconfiguration

Castor Bad Practices

Certificate Management

ClassLoader Manipulation

Client-Side Template Injection

Code Correctness

ColdFusion Bad Practices

Command Injection

Compliance Failure

Connection String Parameter Pollution

Content Provider URI Injection

Cookie Security

Credential Management

Cross-Client Data Access

Cross-Frame Scripting

Cross-Session Contamination

Cross-Site Flashing

Cross-Site Request Forgery

Cross-Site Scripting

Cross-Site WebSocket Hijacking

DNS Spoofing

Dangerous Field

Dangerous File Inclusion

Dangerous File Injection

Dangerous Function

Dangerous Method

Dangerous Type

Database Bad Practices

Dead Code

Denial of Service

Deserialization Bad Practice

Directory Restriction

Directory Traversal

Django Bad Practices

Dockerfile Misconfiguration

Double Free

Dynamic Code Evaluation

EJB Bad Practices

Encoding Confusion

Experimental API

Exposure of POST Parameters in GET Request

Expression Language Injection

External Content

File Based Cross-Zone Scripting

File Disclosure

File Permission Manipulation

Flash Bad Practices

Flash Misconfiguration

Flex Misconfiguration

Format String

Formula Injection

Fragment Injection

Frame Spoofing

GCP Terraform Misconfiguration

Go Bad Practices

GraphQL Bad Practices

HTML5

HTTP Parameter Pollution

HTTP Verb Tampering

Hadoop Cluster Manipulation

Hadoop Job Manipulation

Handlebars Misconfiguration

Hardcoded Domain in HTML

Header Manipulation

Heap Inspection

Helmet Misconfiguration

Hidden Field

Illegal Pointer Value

Immutable Classes

Information Discovery

Input Interception

Insecure Compiler Optimization

Insecure Deployment

Insecure IPC

Insecure Randomness

Insecure SSL

Insecure Sanitizer Policy

Insecure Storage

Insecure Temporary File

Insecure Transport

Insufficient Anti-Automation

Integer Overflow

Intent Manipulation

J2EE Bad Practices

J2EE Misconfiguration

JSON Injection

JSON Path Manipulation

JSON Web Token

JavaScript Hijacking

Key Management

Kubernetes Misconfiguration

Kubernetes Terraform Misconfiguration

LDAP Entry Poisoning

LDAP Injection

LDAP Manipulation

Least Privilege Violation

Link Injection

Log Forging

Log Forging (debug)

Mail Command Injection

Mass Assignment

Memcached Injection

Memory Leak

Missing Check against Null

Missing Check for Null Parameter

Missing Form Field Constraints

Missing Form Field Validation

Missing SecurityManager Check

Missing XML Validation

Mule Misconfiguration

NoSQL Injection

Null Dereference

OAuth2

OGNL Expression Injection

Object Injection

Object Model Violation

Obsolete

Often Misused

Open Redirect

OpenAPI Misconfiguration

Out-of-Bounds Read

PCI Privacy Violation

PHP Misconfiguration

Parameter Tampering

Password Management

Path Manipulation

Permission Manipulation

Poor Condition Handling

Poor Error Handling

Poor Logging Practice

Poor Style

Portability Flaw

Possible Variable Overwrite

Predicate Injection

Privacy Violation

Privilege Management

Process Control

Prompt Injection

Prototype Pollution

Python Bad Practices

Query String Injection

Race Condition

React Bad Practices

Redundant Null Check

Reflected File Download

Registry Manipulation

Resource Injection

Restricted Method

SAML Bad Practices

SAPUI5 Misconfiguration

SOQL Injection

SOSL Injection

SQL Bad Practices

SQL Injection

SSH Misconfiguration

SSO Bad Practices

Same-Origin Method Execution

Server-Side Request Forgery

Server-Side Script Injection

Server-Side Template Injection

Session Fixation

Session Management

Session Puzzling

Setting Manipulation

Silverlight Misconfiguration

Solidity Bad Practices

Solidity Misconfiguration

Spring Beans Injection

Spring Boot Misconfiguration

Spring Misconfiguration

Spring Security Misconfiguration

String Termination Error

Struts

Struts 2

Struts 2 Bad Practices

Struts Misconfiguration

System Field Overwrite

System Information Leak

Template Injection

Tomcat Configuration

Trust Boundary Violation

Type Mismatch

Unauthenticated Service

Unchecked Return Value

Undefined Behavior

Uninitialized Variable

Unreleased Resource

Unsafe JNI

Unsafe JSNI

Unsafe Mobile Code

Unsafe Native Invoke

Unsafe Reflection

Use After Free

User or System Dependent Program Flow

Value Shadowing

WCF Misconfiguration

WSE Misconfiguration

Weak Cryptographic Hash

Weak Cryptographic Implementation

Weak Cryptographic Signature

Weak Encryption

Weak SecurityManager Check

Weak WS-SecurityPolicy

Weak XML Schema

Web Server Misconfiguration

WebSphere Misconfiguration

WebSphere Service Provider Misconfiguration

WebSphere Service Requester Misconfiguration

Weblogic Misconfiguration

XML Entity Expansion Injection

XML External Entity Injection

XML Injection

XPath Injection

XQuery Injection

XSLT Injection

gRPC Metadata Manipulation

显示说明隐藏说明

高级 +

Standards & Best Practices

PCI DSS

3.0

Requirement 1.3.8

Requirement 2.1

Requirement 2.2.4

Requirement 3.2

Requirement 3.3

Requirement 3.4

Requirement 3.6.1

Requirement 4.1

Requirement 4.2

Requirement 5.1

Requirement 6.2

Requirement 6.3.1

Requirement 6.5.1

Requirement 6.5.2

Requirement 6.5.3

Requirement 6.5.4

Requirement 6.5.5

Requirement 6.5.6

Requirement 6.5.7

Requirement 6.5.8

Requirement 6.5.9

Requirement 6.5.10

Requirement 7.1.2

Requirement 7.2

Requirement 8.1.8

Requirement 8.2.1

Requirement 8.2.3

Requirement 10.2.1

Requirement 10.2.4

Requirement 10.3.4

Requirement 10.5.2

Requirement 10.5.5

显示说明隐藏说明

3.1

Requirement 1.3.8

Requirement 2.1

Requirement 2.2.4

Requirement 3.2

Requirement 3.3

Requirement 3.4

Requirement 3.6.1

Requirement 4.1

Requirement 4.2

Requirement 5.1

Requirement 6.2

Requirement 6.3.1

Requirement 6.5.1

Requirement 6.5.2

Requirement 6.5.3

Requirement 6.5.4

Requirement 6.5.5

Requirement 6.5.6

Requirement 6.5.7

Requirement 6.5.8

Requirement 6.5.9

Requirement 6.5.10

Requirement 7.1.2

Requirement 7.2

Requirement 8.1.8

Requirement 8.2.1

Requirement 8.2.3

Requirement 10.2.1

Requirement 10.2.4

Requirement 10.3.4

Requirement 10.5.2

Requirement 10.5.5

显示说明隐藏说明

3.2

Requirement 1.3.7

Requirement 2.1

Requirement 2.2.4

Requirement 3.2

Requirement 3.3

Requirement 3.4

Requirement 3.6.1

Requirement 4.1

Requirement 4.2

Requirement 5.1

Requirement 6.2

Requirement 6.3.1

Requirement 6.5.1

Requirement 6.5.2

Requirement 6.5.3

Requirement 6.5.4

Requirement 6.5.5

Requirement 6.5.6

Requirement 6.5.7

Requirement 6.5.8

Requirement 6.5.9

Requirement 6.5.10

Requirement 7.1.2

Requirement 7.2

Requirement 8.1.8

Requirement 8.2.1

Requirement 8.2.3

Requirement 10.2.1

Requirement 10.2.4

Requirement 10.3.4

Requirement 10.5.2

Requirement 10.5.5

显示说明隐藏说明

3.2.1

Requirement 1.2.1

Requirement 1.3.7

Requirement 2.1

Requirement 2.2.4

Requirement 3.2

Requirement 3.3

Requirement 3.4

Requirement 3.6.1

Requirement 4.1

Requirement 4.2

Requirement 5.1

Requirement 6.2

Requirement 6.3.1

Requirement 6.5.1

Requirement 6.5.2

Requirement 6.5.3

Requirement 6.5.4

Requirement 6.5.5

Requirement 6.5.6

Requirement 6.5.7

Requirement 6.5.8

Requirement 6.5.9

Requirement 6.5.10

Requirement 7.1.2

Requirement 7.2

Requirement 8.1.8

Requirement 8.2.1

Requirement 8.2.3

Requirement 10.2.1

Requirement 10.2.4

Requirement 10.3.4

Requirement 10.5.2

Requirement 10.5.5

Requirement 12.10.1

显示说明隐藏说明

4.0

Requirement 1.2.6

Requirement 1.4.2

Requirement 1.4.5

Requirement 2.2.2

Requirement 2.2.6

Requirement 3.2.1

Requirement 3.3.1

Requirement 3.4.1

Requirement 3.5.1

Requirement 3.6.1

Requirement 3.7.1

Requirement 4.2.1

Requirement 4.2.2

Requirement 5.2.1

Requirement 6.2.4

Requirement 6.3.3

Requirement 6.4.1

Requirement 6.5.3

Requirement 6.5.4

Requirement 6.5.6

Requirement 7.2.2

Requirement 7.2.5

Requirement 7.3.1

Requirement 7.3.2

Requirement 8.2.8

Requirement 8.3.1

Requirement 8.3.2

Requirement 8.3.6

Requirement 8.6.2

Requirement 10.2.1

Requirement 10.2.1.4

Requirement 10.2.2

Requirement 10.3.1

Requirement 10.3.2

Requirement 12.10.1

显示说明隐藏说明

PCI SSF

1.0

Control Objective 2.2 - Secure Defaults

Control Objective 2.3 - Secure Defaults

Control Objective 3.3 - Sensitive Data Retention

Control Objective 3.5 - Sensitive Data Retention

Control Objective 3.6 - Sensitive Data Retention

Control Objective 4.2 - Critical Asset Protection

Control Objective 5.1 - Authentication and Access Control

Control Objective 5.3 - Authentication and Access Control

Control Objective 5.4 - Authentication and Access Control

Control Objective 6 - Sensitive Data Protection

Control Objective 6.1 - Sensitive Data Protection

Control Objective 6.2 - Sensitive Data Protection

Control Objective 6.3 - Sensitive Data Protection

Control Objective 7 - Use of Cryptography

Control Objective 7.1 - Use of Cryptography

Control Objective 7.2 - Use of Cryptography

Control Objective 7.3 - Use of Cryptography

Control Objective 7.4 - Use of Cryptography

Control Objective 8.2 - Activity Tracking

Control Objective 8.4 - Activity Tracking

Control Objective 10.2 - Threat and Vulnerability Management

Control Objective A.2.2 - Cardholder Data Protection

Control Objective A.2.3 - Cardholder Data Protection

显示说明隐藏说明

1.1

Control Objective 2.2 - Secure Defaults

Control Objective 2.3 - Secure Defaults

Control Objective 3.3 - Sensitive Data Retention

Control Objective 3.5 - Sensitive Data Retention

Control Objective 3.6 - Sensitive Data Retention

Control Objective 4.2 - Critical Asset Protection

Control Objective 5.1 - Authentication and Access Control

Control Objective 5.3 - Authentication and Access Control

Control Objective 5.4 - Authentication and Access Control

Control Objective 6 - Sensitive Data Protection

Control Objective 6.1 - Sensitive Data Protection

Control Objective 6.2 - Sensitive Data Protection

Control Objective 6.3 - Sensitive Data Protection

Control Objective 7 - Use of Cryptography

Control Objective 7.1 - Use of Cryptography

Control Objective 7.2 - Use of Cryptography

Control Objective 7.3 - Use of Cryptography

Control Objective 7.4 - Use of Cryptography

Control Objective 8.2 - Activity Tracking

Control Objective 8.4 - Activity Tracking

Control Objective 10.2 - Threat and Vulnerability Management

Control Objective A.2.2 - Cardholder Data Protection

Control Objective A.2.3 - Cardholder Data Protection

Control Objective B.2.3 - Terminal Software Design

Control Objective B.2.4 - Terminal Software Design

Control Objective B.2.5 - Terminal Software Design

Control Objective B.3.1 - Terminal Software Attack Mitigation

Control Objective B.3.1.1 - Terminal Software Attack Mitigation

Control Objective B.3.1.2 - Terminal Software Attack Mitigation

Control Objective B.3.2 - Terminal Software Attack Mitigation

Control Objective B.3.3 - Terminal Software Attack Mitigation

显示说明隐藏说明

1.2

Control Objective 2.2 - Secure Defaults

Control Objective 2.3 - Secure Defaults

Control Objective 2.4 - Secure Defaults

Control Objective 3.3 - Sensitive Data Retention

Control Objective 3.5 - Sensitive Data Retention

Control Objective 3.6 - Sensitive Data Retention

Control Objective 4.2 - Critical Asset Protection

Control Objective 5.1 - Authentication and Access Control

Control Objective 5.3 - Authentication and Access Control

Control Objective 5.4 - Authentication and Access Control

Control Objective 6 - Sensitive Data Protection

Control Objective 6.1 - Sensitive Data Protection

Control Objective 6.2 - Sensitive Data Protection

Control Objective 6.3 - Sensitive Data Protection

Control Objective 7 - Use of Cryptography

Control Objective 7.1 - Use of Cryptography

Control Objective 7.2 - Use of Cryptography

Control Objective 7.3 - Use of Cryptography

Control Objective 7.4 - Use of Cryptography

Control Objective 8.2 - Activity Tracking

Control Objective 8.4 - Activity Tracking

Control Objective 10.2 - Threat and Vulnerability Management

Control Objective A.2.2 - Cardholder Data Protection

Control Objective A.2.3 - Cardholder Data Protection

Control Objective B.2.3 - Terminal Software Design

Control Objective B.2.4 - Terminal Software Design

Control Objective B.2.5 - Terminal Software Design

Control Objective B.3.1 - Terminal Software Attack Mitigation

Control Objective B.3.1.1 - Terminal Software Attack Mitigation

Control Objective B.3.1.2 - Terminal Software Attack Mitigation

Control Objective B.3.2 - Terminal Software Attack Mitigation

Control Objective B.3.3 - Terminal Software Attack Mitigation

Control Objective C.1.1 - Web Software Components & Services

Control Objective C.1.6 - Web Software Components & Services

Control Objective C.2.1.1 - Web Software Access Controls

Control Objective C.2.1.2 - Web Software Access Controls

Control Objective C.2.3 - Web Software Access Controls

Control Objective C.2.3.2 - Web Software Access Controls

Control Objective C.3.1 - Web Software Attack Mitigation

Control Objective C.3.2 - Web Software Attack Mitigation

Control Objective C.3.2.2 - Web Software Attack Mitigation

Control Objective C.3.3 - Web Software Attack Mitigation

Control Objective C.3.4 - Web Software Attack Mitigation

Control Objective C.3.5 - Web Software Attack Mitigation

Control Objective C.3.6 - Web Software Attack Mitigation

Control Objective C.4.1 - Web Software Communications

显示说明隐藏说明

GDPR

Access Violation

Indirect Access to Sensitive Data

Insufficient Data Protection

Privacy Violation

显示说明隐藏说明

Code Language

ABAP

ActionScript

Apex

Bicep

C#/VB.NET/ASP.NET

C/C++

COBOL

ColdFusion

Dart

Docker

Golang

HCL

JSON

Java/JSP

JavaScript/TypeScript

Kotlin

Objective-C

PHP

PLSQL/TSQL

Python

Ruby

Scala

Solidity

Swift

Universal

VisualBasic/VBScript/ASP

YAML

显示说明隐藏说明

界: API Abuse

API 是调用方和被调用方之间的约定。最常见的 API 滥用是由于调用方未能遵守此约定的终止导致的。例如，如果某个程序在调用 chroot() 后未能调用 chdir()，则违反了用于指定如何安全地更改活动根目录的约定。库滥用的另一个典型示例是期望被调用方向调用方返回可信的 DNS 信息。在这种情况下，调用方通过对被调用方行为做出某种假设（返回值可用于身份验证目的）滥用其 API。另一方也可能违反调用方-被调用方约定。例如，如果编码器子类化 SecureRandom 并返回一个非随机值，则将违反此约定。

1 个项目已找到

弱点

Dangerous Type

Java/JSP

Abstract

该变量属于已被注释为危险的类型。

Explanation

已将注释 FortifyDangerous 应用于此类型。这被用来表示该类型危险，并且所有对其的使用都应进行安全性检查。

References

[1] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data

[2] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6

[3] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6

[4] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6

[5] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6

[6] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4

[7] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection

[8] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection

[9] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection

desc.structural.java.dangerous_class_variable