Polyspace Support of CWE Categories

Common Weakness Enumeration (CWE™) is a dictionary of common software weakness types that can occur in software architecture, design, code, or implementation. These weaknesses can lead to security vulnerabilities. CWE rules are organized into categories of related issues. The categories themselves are not weaknesses but helps organize the results around specific types of weaknesses. For example, CWE 310 is the category Cryptographic issues which collects the cryptography related CWE rules. After you run a Polyspace^® Bug Finder™ analysis, use the CWE categories to group and organize the CWE violations in your code by type of issue.

This table lists CWE categories that you can map to Polyspace defect checkers and Polyspace CWE coding rule checkers.

CWE ID	CWE ID Description	Defect or CWE Coding Rule Checker
189	Numeric Errors	`CWE Rule 128` `CWE Rule 190` `CWE Rule 191` `CWE Rule 193` `CWE Rule 369` `CWE Rule 839` `CWE Rule 1335`
227	Improper fulfillment of API contract	`CWE Rule 242` `CWE Rule 243` `CWE Rule 244` `CWE Rule 248` `CWE Rule 250` `CWE Rule 252` `CWE Rule 558`
251	Often misused: string management	`Destination buffer overflow in string manipulation`
310	Cryptographic issues	`Constant block cipher initialization vector` `Constant cipher key` `Context initialized incorrectly for cryptographic operation` `Context initialized incorrectly for digest operation` `Incompatible padding for RSA algorithm operation` `Incorrect key for cryptographic algorithm` `Missing blinding for RSA algorithm` `Missing block cipher initialization vector` `Missing certification authority list` `Missing cipher algorithm` `Missing cipher key` `Missing data for encryption, decryption or signing operation` `Missing padding for RSA algorithm` `Missing parameters for key generation` `Missing peer key` `Missing private key` `Missing public key` `Missing X.509 certificate` `Nonsecure hash algorithm` `Nonsecure parameters for key generation` `Nonsecure RSA public exponent` `Nonsecure SSL/TLS protocol` `Predictable block cipher initialization vector` `Predictable cipher key` `Weak cipher algorithm` `Weak cipher mode` `Weak padding for RSA algorithm` `CWE Rule 325` `CWE Rule 328` `CWE Rule 335` `CWE Rule 338`
320	Key management errors	`Constant cipher key` `Missing cipher key` `Missing peer key` `Missing private key` `Missing public key` `CWE Rule 322` `CWE Rule 798`
387	Signal errors	`CWE Rule 364` `Return from computational exception signal handler` `Signal call from within signal handler`
398	Indicator of poor code quality	`CWE Rule 401` `CWE Rule 404` `CWE Rule 415` `CWE Rule 416` `CWE Rule 457` `CWE Rule 474` `CWE Rule 475` `CWE Rule 476` `CWE Rule 477`
465	Pointer Issues	`CWE Rule 466` `CWE Rule 468` `CWE Rule 469` `CWE Rule 476` `CWE Rule 587` `CWE Rule 763` `CWE Rule 822` `CWE Rule 823` `CWE Rule 824` `CWE Rule 825`
872	CERT C++ Secure Coding Section 04 - Integers (INT)	`CWE Rule 20` `CWE Rule 129` `CWE Rule 190` `CWE Rule 192` `CWE Rule 197` `CWE Rule 369` `CWE Rule 466` `CWE Rule 587` `CWE Rule 606` `CWE Rule 676` `CWE Rule 681` `CWE Rule 682`
873	CERT C++ Secure Coding Section 05 - Floating point arithmetic (FLP)	`Absorption of float operand` `CWE Rule 369` `Float overflow` `Floating point comparison with equality operators` `Invalid use of standard library floating point routine` `CWE Rule 681` `CWE Rule 682` `CWE Rule 686`
896	SFP Primary Cluster: Tainted Input	SFP Secondary Cluster 990: `CWE Rule 130` `CWE Rule 134` SFP Secondary Cluster 991: `CWE Rule 114` `CWE Rule 427` `CWE Rule 471` SFP Secondary Cluster 993: `CWE Rule 198` `CWE Rule 240` `CWE Rule 354` SFP Secondary Cluster 994: `CWE Rule 15` `CWE Rule 20` `CWE Rule 496` `CWE Rule 606`