Documentation

SAST Rules

Vulnetix ships built-in SAST rules written in Rego and evaluated by the Open Policy Agent engine. Rules are organised by language and security category. Each rule page explains what the rule detects, why it matters, and how to remediate the finding.

Rules are grouped into four analysis sub-categories that can be enabled or disabled independently:

Sub-categoryRule kindDedicated commandDescription
Static analysissastvulnetix sastGeneral code security rules per language
Secret detectionsecretsvulnetix secretsHardcoded credentials, API keys, tokens
Container analysisocivulnetix containersDockerfile / Containerfile misconfigurations
IaC analysisiacvulnetix iacTerraform, Nix infrastructure misconfigurations

All sub-categories run by default with vulnetix scan. Use --no-sast, --no-secrets, --no-containers, or --no-iac to disable individual sub-categories, or use the dedicated commands to run only one. You can also author and load your own rules from any Git repository.

Rule Categories

Android
7 rules — manifest, WebView, exported components, storage, API keys, crypto
Bash / Shell
7 rules — eval injection, curl-pipe, pipefail, unquoted vars, hardcoded secrets
C / C++
6 rules — buffer overflow, format string, command injection, use-after-free
C# / .NET
10 rules — SQL injection, command injection, deserialization, XXE, SSRF, CSRF
Cryptography
10 rules — weak ciphers, broken hashes, TLS, key size, timing attacks, IV reuse
Docker
8 rules — least-privilege, supply chain, HEALTHCHECK, version pinning
Go
41 rules — injection, SSRF, path traversal, deserialization, concurrency, crypto, JWT, cookies
GraphQL
4 rules — introspection, DoS, query injection, field suggestion disclosure
Java
29 rules — injection, deserialization, CSRF, XPath, JPQL, crypto, file upload, XXE
JWT
6 rules — signature bypass, missing expiry, hardcoded secret, none algorithm
Kotlin
5 rules — ECB cipher, weak RSA, insecure cookie, cleartext socket, weak hash
LLM / AI
7 rules — prompt injection, RCE, hardcoded API key, SQL via LLM output
Node.js
31 rules — injection, XSS, deserialization, crypto, YAML, JWT, shell injection, cookies, CSP
PHP
26 rules — SQL, XSS, XXE, session fixation, file upload, LDAP, mass assignment
Python
22 rules — deserialization, SSTI, SSL, PRNG, paramiko, tarfile slip, ML models, SQL injection
Ruby
10 rules — deserialization, SQL injection, XSS, mass assignment, TLS, send injection
Rust
8 rules — lockfile, panic, unsafe, command injection, arithmetic overflow, path traversal
Secrets / Credentials
32 rules — AWS, Azure, GCP, tokens, API keys, PGP, OAuth
Swift / iOS
6 rules — hardcoded keys, NSLog, UserDefaults, TLS disabled, WebView, PRNG
Terraform / IaC
8 rules — S3 public, security groups, IAM wildcard, unencrypted storage, IMDSv1
HTML / Templates
1 rule — Jinja2 safe filter XSS
CWE Auto-Rules
13 rules — broad CWE-mapped detection across multiple languages

Android

Rule IDNameSeverity
VNX-ANDROID-001Android insecure manifest configurationHigh
VNX-ANDROID-002Android WebView JavaScript enabledHigh
VNX-ANDROID-003Android exported component without permission checkHigh
VNX-ANDROID-004Android SharedPreferences used for sensitive data storageHigh
VNX-ANDROID-005Android network security config allows plaintext HTTP trafficHigh
VNX-ANDROID-006Android hardcoded API key in strings.xmlHigh
VNX-ANDROID-007Android weak cryptography using AES in ECB modeHigh

Bash / Shell

Rule IDNameSeverity
VNX-BASH-001eval with potentially user-controlled inputCritical
VNX-BASH-002curl or wget output piped directly to shell interpreterHigh
VNX-BASH-003Missing set -euo pipefail in Bash scriptMedium
VNX-BASH-004Unquoted variable used in command or testMedium
VNX-BASH-005Hardcoded secret or password in shell scriptHigh
VNX-BASH-006Global IFS reassignment in shell scriptMedium
VNX-BASH-007Unquoted command substitution in shell scriptMedium

C / C++

Rule IDNameSeverity
VNX-C-001Use of unbounded string copy function (strcpy/strcat/gets)High
VNX-C-002Format string injection via non-literal format argumentHigh
VNX-C-003OS command injection via system() or popen()High
VNX-C-004Use-after-free: pointer used after free()High
VNX-C-005Integer overflow in malloc/calloc size arithmeticHigh
VNX-C-006Use of alloca() for dynamic stack allocationMedium

C# / .NET

Rule IDNameSeverity
VNX-CS-001C# SQL injection via string concatenation in SqlCommandHigh
VNX-CS-002C# command injection via Process.Start with user inputHigh
VNX-CS-003C# XXE via XmlDocument with XmlResolver enabledHigh
VNX-CS-004C# insecure deserialization via BinaryFormatter or SoapFormatterCritical
VNX-CS-005C# missing ValidateAntiForgeryToken on state-changing actionsHigh
VNX-CS-006C# insecure random number generator (System.Random for security)Medium
VNX-CS-007C# path traversal via Path.Combine with user inputHigh
VNX-CS-008C# SSRF via WebClient or HttpClient with user-supplied URLHigh
VNX-CS-009C# use of weak cryptographic algorithm (MD5, SHA1, DES, 3DES)High
VNX-CS-010C# hardcoded connection string with credentialsHigh

Cryptography

Rule IDNameSeverity
VNX-CRYPTO-001MD5 usage detectedMedium
VNX-CRYPTO-002SHA-1 usage detectedMedium
VNX-CRYPTO-003AES in ECB modeHigh
VNX-CRYPTO-004Broken or obsolete cipherHigh
VNX-CRYPTO-005TLS certificate validation disabledHigh
VNX-CRYPTO-006Weak RSA key sizeHigh
VNX-CRYPTO-007Weak password hashing / insufficient KDF iterationsHigh
VNX-CRYPTO-008Timing attack via direct comparison of secretsHigh
VNX-CRYPTO-009Use of cryptographically weak PRNG (rand/srand in C/C++)High
VNX-CRYPTO-010Hardcoded IV, nonce, or salt in cryptographic operationHigh

Docker

Rule IDNameSeverity
VNX-DOCKER-001Dockerfile missing USER directiveMedium
VNX-DOCKER-002Dockerfile FROM :latest tagMedium
VNX-DOCKER-003Secret in Dockerfile ARG or ENVHigh
VNX-DOCKER-004Dockerfile ADD with remote URLMedium
VNX-DOCKER-005Dockerfile privileged container flagHigh
VNX-DOCKER-006Dockerfile uses ADD instead of COPY for local filesLow
VNX-DOCKER-007Dockerfile missing HEALTHCHECK instructionLow
VNX-DOCKER-008Dockerfile package manager install without version pinningMedium

Go

Rule IDNameSeverity
VNX-GO-001Missing go.sumHigh
VNX-GO-002Command injection via exec.CommandHigh
VNX-GO-003SQL injection via fmt.SprintfCritical
VNX-GO-004TLS InsecureSkipVerify enabledHigh
VNX-GO-005Go open redirectMedium
VNX-GO-006Go server-side request forgeryHigh
VNX-GO-007Go path traversalHigh
VNX-GO-008Go weak PRNG for securityMedium
VNX-GO-009Go text/template used for HTMLHigh
VNX-GO-010Go weak cipher usageHigh
VNX-GO-011Go gob deserialization from HTTP requestMedium
VNX-GO-012Go HTTP response header injection (CRLF)Medium
VNX-GO-013Go zip/tar slip via archive entry nameHigh
VNX-GO-014Go sync.Mutex Lock() without deferred Unlock()Medium
VNX-GO-015Go sync.WaitGroup.Add() called inside goroutineMedium
VNX-GO-016Go integer downcast after strconv.Atoi/ParseIntMedium
VNX-GO-017Go SQL injection via fmt.Sprintf in db.Exec or db.QueryHigh
VNX-GO-018Go arbitrary file write via os.WriteFile with user-controlled pathHigh
VNX-GO-019Go server binding to all interfaces (0.0.0.0) without authenticationMedium
VNX-GO-020Use of template.HTML with potential user inputMedium
VNX-GO-021Potential XSS via fmt.Fprintf with HTML tagsMedium
VNX-GO-022Use of eval() or dynamic code executionHigh
VNX-GO-023SQL injection via string concatenationHigh
VNX-GO-024Missing input validation on HTTP request parametersMedium
VNX-GO-025Potential open redirect via HTTP redirectMedium
VNX-GO-026Missing file type validation on uploadHigh
VNX-GO-027Potential path traversal via file path constructionHigh
VNX-GO-028Use of weak cryptographic hash for password hashingHigh
VNX-GO-029Hardcoded weak or default passwordHigh
VNX-GO-030Missing Secure flag on cookieMedium
VNX-GO-031Missing signature validation on JWTHigh
VNX-GO-032JWT missing expiration validationMedium
VNX-GO-033JWT missing audience validationMedium
VNX-GO-034OAuth redirect URI without validation against allowlistMedium
VNX-GO-035Missing HttpOnly flag on cookieMedium
VNX-GO-036Use of ECB block modeHigh
VNX-GO-037Missing security headers in HTTP responseMedium
VNX-GO-038Potential mass assignment via struct bindingMedium
VNX-GO-039Missing rate limiting on login endpointMedium
VNX-GO-040Logging of sensitive dataHigh
VNX-GO-041Use of deprecated TLS versionHigh

GraphQL

Rule IDNameSeverity
VNX-GQL-001GraphQL introspection enabled in productionMedium
VNX-GQL-002GraphQL query depth/batching enables DoSMedium
VNX-GQL-003GraphQL query string injection via string concatenationHigh
VNX-GQL-004GraphQL field suggestion disclosure enabledLow

Java

Rule IDNameSeverity
VNX-JAVA-001Command injection via Runtime.exec()High
VNX-JAVA-002Spring actuator endpoints exposedMedium
VNX-JAVA-003SQL injection via string concatenationCritical
VNX-JAVA-004XML external entity (XXE) injectionHigh
VNX-JAVA-005Insecure deserializationCritical
VNX-JAVA-006Insecure TLS trust managerCritical
VNX-JAVA-007Java open redirectMedium
VNX-JAVA-008Java server-side request forgeryHigh
VNX-JAVA-009Java path traversalHigh
VNX-JAVA-010Spring CSRF protection disabledMedium
VNX-JAVA-011Java expression language injectionCritical
VNX-JAVA-012Java LDAP injectionHigh
VNX-JAVA-013Java XPath injectionHigh
VNX-JAVA-014Java zip slip via ZipEntry getName()High
VNX-JAVA-015Java JPQL/HQL injection via string concatenationHigh
VNX-JAVA-016Java weak PRNG (java.util.Random) for securityHigh
VNX-JAVA-017Java HTTP response splitting (CRLF)High
VNX-JAVA-018Java RSA cipher without OAEP paddingHigh
VNX-JAVA-019Java hardcoded cryptographic key literalCritical
VNX-JAVA-020Java static IV reuse in block cipherHigh
VNX-JAVA-021Java sensitive data logged (password, token, secret)Medium
VNX-JAVA-022Java insecure temporary file creationMedium
VNX-JAVA-023Java unrestricted file uploadHigh
VNX-JAVA-024Java XML entity expansion (Billion Laughs)High
VNX-JAVA-025Java hardcoded password or credentialCritical
VNX-JAVA-026Java Spring file serving without access controlHigh
VNX-JAVA-027Java Spring security headers disabledMedium
VNX-JAVA-028SQL injection via string concatenation in JavaHigh
VNX-JAVA-029XML External Entity (XXE) via DocumentBuilderFactoryHigh

JWT

Rule IDNameSeverity
VNX-JWT-001JWT signature verification disabledCritical
VNX-JWT-002JWT token signed without expirationMedium
VNX-JWT-003JWT signing with hardcoded secretHigh
VNX-JWT-004JWT algorithm explicitly set to ’none'Critical
VNX-JWT-005Sensitive credential data stored in JWT payloadHigh
VNX-JWT-006JWT missing audience or issuer verificationMedium

Kotlin

Rule IDNameSeverity
VNX-KOTLIN-001Kotlin ECB cipher mode — deterministic, unauthenticated encryptionHigh
VNX-KOTLIN-002Kotlin RSA key smaller than 2048 bitsHigh
VNX-KOTLIN-003Kotlin cookie missing HttpOnly flagMedium
VNX-KOTLIN-004Kotlin unencrypted plain socket (cleartext transmission)High
VNX-KOTLIN-005Kotlin MD5 or SHA-1 used as cryptographic hashMedium

LLM / AI

Rule IDNameSeverity
VNX-LLM-001LLM prompt injection via user-controlled inputHigh
VNX-LLM-002LLM output passed to code execution (RCE)Critical
VNX-LLM-003Hardcoded LLM API keyCritical
VNX-LLM-004User input directly in LLM system promptHigh
VNX-LLM-005LangChain arbitrary code execution tool enabledCritical
VNX-LLM-006LLM output interpolated into SQL queryCritical
VNX-LLM-007torch.load() without weights_only=TrueHigh

Node.js

Rule IDNameSeverity
VNX-NODE-001Missing npm lock fileHigh
VNX-NODE-002eval() or new Function() in JavaScriptHigh
VNX-NODE-003Command injection via child_processHigh
VNX-NODE-004Express app without helmetMedium
VNX-NODE-005innerHTML or dangerouslySetInnerHTML usageMedium
VNX-NODE-006Prototype pollution via mergeHigh
VNX-NODE-007Node.js SQL injectionCritical
VNX-NODE-008Node.js open redirectMedium
VNX-NODE-009Node.js server-side request forgeryHigh
VNX-NODE-010Node.js path traversalHigh
VNX-NODE-011Node.js server-side template injectionCritical
VNX-NODE-012Client-side XSS via innerHTML or v-htmlHigh
VNX-NODE-013Node.js command injection via child_processCritical
VNX-NODE-014NoSQL injection in MongoDBHigh
VNX-NODE-015WebSocket server without origin verification (CSWSH)Medium
VNX-NODE-016ReDoS via user-controlled regular expressionMedium
VNX-NODE-017Insecure deserialization via node-serializeCritical
VNX-NODE-018JWT decoded without signature verificationHigh
VNX-NODE-019Hardcoded JWT or session secretHigh
VNX-NODE-020Deprecated crypto.createCipher/createDecipher without IVHigh
VNX-NODE-021XXE via libxmljs with noent:trueHigh
VNX-NODE-022Shell injection via shelljs exec()Critical
VNX-NODE-023Unsafe YAML.load() with untrusted inputHigh
VNX-NODE-024postMessage without origin validationMedium
VNX-NODE-025Insecure express-session or cookie-session configurationMedium
VNX-NODE-026Child process spawn with shell:trueHigh
VNX-NODE-027Assignment to innerHTML without sanitizationHigh
VNX-NODE-028Missing Content-Security-Policy headerMedium
VNX-NODE-029Missing HttpOnly flag on cookieMedium
VNX-NODE-030TURN server allowing reserved IP addressesMedium
VNX-NODE-031Logging of sensitive dataHigh

PHP

Rule IDNameSeverity
VNX-PHP-001Missing composer.lockHigh
VNX-PHP-002Dangerous function in PHPHigh
VNX-PHP-003PHP file inclusion with variable pathCritical
VNX-PHP-004PHP open redirectMedium
VNX-PHP-005PHP server-side request forgeryHigh
VNX-PHP-006PHP object injection via unserializeCritical
VNX-PHP-007PHP extract on superglobalHigh
VNX-PHP-008PHP phpinfo exposureMedium
VNX-PHP-009PHP preg_replace with /e modifierCritical
VNX-PHP-010PHP type juggling in comparisonHigh
VNX-PHP-011PHP SQL injection via string concatenationCritical
VNX-PHP-012PHP reflected XSS via echo/print of user inputHigh
VNX-PHP-013PHP XXE via LIBXML_NOENT or LIBXML_DTDLOADHigh
VNX-PHP-014PHP session fixation via user-controlled session IDHigh
VNX-PHP-015PHP unrestricted file upload via move_uploaded_fileHigh
VNX-PHP-016PHP weak hash function (md5/sha1)Medium
VNX-PHP-017PHP LDAP injection via user-controlled filterHigh
VNX-PHP-018PHP sensitive debug output disclosureMedium
VNX-PHP-019PHP insecure cipher mode (AES-CBC)Medium
VNX-PHP-020PHP curl SSL certificate verification disabledHigh
VNX-PHP-021Laravel mass assignment via empty guarded arrayHigh
VNX-PHP-022PHP open redirect via non-literal redirect destinationMedium
VNX-PHP-023PHP anonymous LDAP bind without passwordHigh
VNX-PHP-024PHP mb_ereg_replace with eval modifierCritical
VNX-PHP-025PHP deprecated mcrypt encryption functionsHigh
VNX-PHP-026PHP session poisoning via user-controlled session keyHigh

Python

Rule IDNameSeverity
VNX-PY-001Missing Python lock fileHigh
VNX-PY-002eval()/exec() usage in PythonHigh
VNX-PY-003Insecure deserialization with pickleHigh
VNX-PY-004yaml.load() without SafeLoaderHigh
VNX-PY-005Weak PRNG for security operationsMedium
VNX-PY-006Django DEBUG=TrueMedium
VNX-PY-007subprocess with shell=TrueHigh
VNX-PY-008Flask debug mode enabledHigh
VNX-PY-009Jinja2 autoescape disabledHigh
VNX-PY-010SSL verification disabled in requestsHigh
VNX-PY-011Python SQL injectionCritical
VNX-PY-012Python server-side template injectionCritical
VNX-PY-013Python ML/AI insecure deserializationCritical
VNX-PY-014Python XML external entity injectionHigh
VNX-PY-015Python ReDoS via user-controlled regular expressionMedium
VNX-PY-016Django mass assignment via request data unpackingHigh
VNX-PY-017MD5 or SHA1 used as password hashHigh
VNX-PY-018Insecure temporary file creation via tempfile.mktemp()Medium
VNX-PY-019Paramiko implicit host key trustHigh
VNX-PY-020tarfile.extractall() without path validation (zip slip)High
VNX-PY-021Weak or deprecated SSL/TLS protocol versionHigh
VNX-PY-022SQL injection via string concatenation in PythonHigh

Ruby

Rule IDNameSeverity
VNX-RUBY-001Missing Gemfile.lockHigh
VNX-RUBY-002eval() or system() in RubyHigh
VNX-RUBY-003Insecure deserialization in RubyCritical
VNX-RUBY-004Ruby SQL injectionCritical
VNX-RUBY-005Ruby XSS via html_safe or rawHigh
VNX-RUBY-006Ruby mass assignmentHigh
VNX-RUBY-007YAML.load() insecure deserializationCritical
VNX-RUBY-008Open3.pipeline with dynamic commandHigh
VNX-RUBY-009Ruby dynamic method dispatch via send with user inputHigh
VNX-RUBY-010OpenSSL certificate verification disabled (VERIFY_NONE)High

Rust

Rule IDNameSeverity
VNX-RUST-001Missing Cargo.lockHigh
VNX-RUST-002Rust unwrap may panicLow
VNX-RUST-003Rust unsafe blockMedium
VNX-RUST-004Rust command injection via process::Command with format!High
VNX-RUST-005panic!() or unwrap()/expect() in function returning ResultMedium
VNX-RUST-006Integer truncation or sign-change cast after parsingMedium
VNX-RUST-007Rust integer arithmetic overflow without checked arithmeticMedium
VNX-RUST-008Rust path traversal in Actix-web or Axum file-serving handlerHigh

Secrets / Credentials

Rule IDNameSeverity
VNX-SEC-001AWS access key IDCritical
VNX-SEC-002Private key committedCritical
VNX-SEC-003AWS secret access keyCritical
VNX-SEC-004GitHub or GitLab tokenCritical
VNX-SEC-005GCP API keyCritical
VNX-SEC-006Stripe secret keyCritical
VNX-SEC-007Slack token or webhookHigh
VNX-SEC-008Database connection string with credentialsCritical
VNX-SEC-009SendGrid API keyHigh
VNX-SEC-010Package registry tokenCritical
VNX-SEC-011Hardcoded JWT tokenHigh
VNX-SEC-012CORS wildcard or origin reflectionHigh
VNX-SEC-013Insecure cookie configurationMedium
VNX-SEC-014Hardcoded password in variableHigh
VNX-SEC-015JWT algorithm none attackCritical
VNX-SEC-016TLS verification disabled in shell commandMedium
VNX-SEC-017Plaintext protocol URLMedium
VNX-SEC-018AI provider API keyCritical
VNX-SEC-019GCP service account keyCritical
VNX-SEC-020GitLab access tokenCritical
VNX-SEC-021Twilio API credentialsCritical
VNX-SEC-022Sensitive data in log statementMedium
VNX-SEC-023GitHub Actions expression injection via event dataHigh
VNX-SEC-024OAuth token stored in localStorageMedium
VNX-SEC-025Azure Storage Account key hardcodedCritical
VNX-SEC-026DigitalOcean personal access token hardcodedCritical
VNX-SEC-027Hugging Face API token hardcodedHigh
VNX-SEC-028npm access token hardcodedHigh
VNX-SEC-029PyPI upload token hardcodedHigh
VNX-SEC-030Google OAuth client secret hardcodedHigh
VNX-SEC-031Mailgun API key hardcodedHigh
VNX-SEC-032PGP private key block hardcodedCritical

Swift / iOS

Rule IDNameSeverity
VNX-SWIFT-001Swift hardcoded API key or secret in sourceHigh
VNX-SWIFT-002Swift NSLog with potentially sensitive dataMedium
VNX-SWIFT-003Swift insecure data storage via UserDefaults for sensitive valuesHigh
VNX-SWIFT-004Swift TLS certificate validation disabledHigh
VNX-SWIFT-005Swift WKWebView JavaScript auto-open-windows enabledMedium
VNX-SWIFT-006Swift insecure random number generator (arc4random/rand)Medium

Terraform / IaC

Rule IDNameSeverity
VNX-TF-001Terraform AWS S3 bucket with public ACLHigh
VNX-TF-002Terraform AWS security group with unrestricted ingress (0.0.0.0/0)High
VNX-TF-003Terraform AWS RDS instance publicly accessibleHigh
VNX-TF-004Terraform IAM policy with wildcard Action (*)High
VNX-TF-005Terraform AWS EBS volume unencryptedMedium
VNX-TF-006Terraform AWS EC2 IMDSv1 enabled (SSRF risk)Medium
VNX-TF-007Terraform AWS EKS cluster public API endpointMedium
VNX-TF-008Terraform AWS provider with hardcoded static credentialsCritical

HTML / Templates

Rule IDNameSeverity
VNX-HTML-001Use of Jinja2 |safe filterMedium

CWE Auto-Rules

These rules use broad pattern matching across multiple languages to detect common CWE vulnerability patterns. They may have higher false positive rates than the language-specific rules above.

Rule IDNameSeverityLanguages
VNX-1004Excessive Use of ResourceMediumGo, Java, Node.js, PHP, Python, Ruby
VNX-1021Improper Restriction of Rendered UI LayersMediumJava, Node.js, PHP, Python, Ruby
VNX-1025Improper Comparison of User-Supplied InputMediumGo, Node.js, Python
VNX-1037Process InjectionMediumGo, Java, Node.js, PHP, Python, Ruby
VNX-1041SQL Injection via External InputMediumGo, Java, Node.js, PHP, Python
VNX-1043Non-Thread-Safe LockMediumGo, Java, Python
VNX-1044File Upload without Size LimitMediumGo, Java, Node.js, PHP, Python
VNX-1045File Upload without Type RestrictionMediumGo, Java, Node.js, PHP, Python
VNX-1046Open Redirect to Untrusted SiteMediumGo, Java, Node.js, PHP, Python
VNX-1047SSRF without TimeoutMediumGo, Java, Node.js, PHP, Python
VNX-1048Sensitive Data in ReferrerMediumGo, Java, Node.js, PHP, Python
VNX-1052Excessive Resource UsageMediumGo, Java, Node.js, Python
VNX-1054GUI Input without ValidationMediumGo, Java, Node.js, PHP, Python

Community Rule Packs

In addition to the built-in rules above, the following official community packs can be loaded on-demand with --rule:

PackRulesLanguagesDescription
Vulnetix/opa-py-ruff956PythonClean-room OPA/Rego implementations of all Ruff Python linting rules — pyflakes, pycodestyle, flake8-bandit, flake8-bugbear, pyupgrade, and 50+ more linters. Rule IDs use the RUFF- prefix (e.g. RUFF-S101, RUFF-E711).
Vulnetix/opa-gosec60Gogosec security rules for Go
Vulnetix/opa-fugue-regula275Terraform, CloudFormationFugue Regula IaC security rules
Vulnetix/opa-aquasecurity-trivy107Terraform, KubernetesTrivy misconfiguration rules
Vulnetix/opa-checkmarx-kics205Terraform, Dockerfile, KubernetesKICS IaC security queries
Vulnetix/opa-cigna-tf88TerraformCigna Terraform compliance rules

Load any pack alongside the built-in rules:

vulnetix scan --rule Vulnetix/opa-py-ruff

# Python-only scan with Ruff rules, no built-in rules
vulnetix sast --rule Vulnetix/opa-py-ruff --disable-default-rules

See Custom Rule Repositories for authoring your own rules.

Custom SAST Rule Repositories
Author your own Rego-based SAST rules, publish them to a Git repository, and load them with the --rule flag — alongside or instead of the built-in rules.
Placeholder for CWE-114
This rule is a placeholder for CWE-114. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-122
This rule is a placeholder for CWE-122. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-315
This rule is a placeholder for CWE-315. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-337
This rule is a placeholder for CWE-337. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-339
This rule is a placeholder for CWE-339. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-363
This rule is a placeholder for CWE-363. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-91
This rule is a placeholder for CWE-91. Please refer to the CWE website for details and implement specific checks.
Placeholder for CWE-93
This rule is a placeholder for CWE-93. Please refer to the CWE website for details and implement specific checks.
VNX-1004 – CWE-1004
Detects Detects source patterns associated with CWE-1004 (CWE-1004). Each finding should be manually reviewed for exploitability in context.
VNX-1007 – Insufficient Visual Distinction of Homoglyphs Presented to User
Detects Detects source patterns associated with CWE-1007 (Insufficient Visual Distinction of Homoglyphs Presented to User). Each finding should be manually reviewed for exploitability in context.
VNX-1021 – Improper Restriction of Rendered UI Layers
Detects patterns associated with dynamic UI rendering and template output in Java, Node.js, PHP, Python, and Ruby that may indicate clickjacking or cross-site scripting exposure.
VNX-1022 – CWE-1022
Detects Detects source patterns associated with CWE-1022 (CWE-1022). Each finding should be manually reviewed for exploitability in context.
VNX-1023 – CWE-1023
Detects Detects source patterns associated with CWE-1023 (CWE-1023). Each finding should be manually reviewed for exploitability in context.
VNX-1024 – Comparison of Incompatible Types
Detects Detects source patterns associated with CWE-1024 (Comparison of Incompatible Types). Each finding should be manually reviewed for exploitability in context.
VNX-1025 – Improper Comparison of User-Supplied Input
Detects equality comparison operators in Go, Node.js, and Python that may indicate non-constant-time comparisons of security-sensitive values such as tokens, passwords, or MACs.
VNX-1027 – CWE-1027
Detects Detects source patterns associated with CWE-1027 (CWE-1027). Each finding should be manually reviewed for exploitability in context.
VNX-1037 – Process Injection
Detects use of OS process execution APIs across Go, Java, Node.js, PHP, Python, and Ruby that may allow command injection when input is not properly sanitised.
VNX-1039 – CWE-1039
Detects Detects source patterns associated with CWE-1039 (CWE-1039). Each finding should be manually reviewed for exploitability in context.
VNX-1041 – SQL Injection via External Input
Detects SQL execution patterns across Go, Java, Node.js, PHP, and Python that may allow SQL injection when queries are constructed with unsanitised user input.
VNX-1043 – Non-Thread-Safe Lock
Detects synchronisation and threading primitives in Go, Java, and Python that may indicate concurrency issues, including non-thread-safe lock usage or race conditions.
VNX-1044 – File Upload without Size Limit
Detects file read and upload API calls across Go, Java, Node.js, PHP, and Python that may lack upload size restrictions, enabling denial-of-service via resource exhaustion.
VNX-1045 – File Upload without Type Restriction
Detects file save and upload API calls across Go, Java, Node.js, PHP, and Python that may lack content-type validation, enabling upload of dangerous file types.
VNX-1046 – Open Redirect to Untrusted Site
Detects HTTP redirect functions across Go, Java, Node.js, PHP, and Python that may forward users to attacker-controlled URLs when redirect targets are derived from unvalidated input.
VNX-1047 – SSRF without Timeout
Detects outbound HTTP request patterns across Go, Java, Node.js, PHP, and Python that may be vulnerable to Server-Side Request Forgery when request targets are derived from user input.
VNX-1048 – Sensitive Data in Referrer
Detects outbound HTTP client patterns across Go, Java, Node.js, PHP, and Python that may expose sensitive data through Referer headers or query strings in GET requests.
VNX-1049 – Excessive Data Query Operations in a Large Data Table
Detects Detects source patterns associated with CWE-1049 (Excessive Data Query Operations in a Large Data Table). Each finding should be manually reviewed for exploitability in context.
VNX-1050 – Excessive Platform Resource Consumption within a Loop
Detects Detects source patterns associated with CWE-1050 (Excessive Platform Resource Consumption within a Loop). Each finding should be manually reviewed for exploitability in context.
VNX-1051 – Initialization with Hard-Coded Network Resource Configuration Data
Detects Detects source patterns associated with CWE-1051 (Initialization with Hard-Coded Network Resource Configuration Data). Each finding should be manually reviewed for exploitability in context.
VNX-1052 – Excessive Resource Usage
Detects sleep and delay functions across Go, Java, Node.js, and Python that may indicate uncontrolled blocking, unbounded delays, or denial-of-service vectors.
VNX-1053 – Missing Documentation for Design
Detects Detects source patterns associated with CWE-1053 (Missing Documentation for Design). Each finding should be manually reviewed for exploitability in context.
VNX-1054 – GUI Input without Validation
Detects user input collection patterns across Go, Java, Node.js, PHP, and Python that may lack input validation, enabling injection, XSS, or other data-integrity attacks.
VNX-1055 – Multiple Inheritance from Concrete Classes
Detects Detects source patterns associated with CWE-1055 (Multiple Inheritance from Concrete Classes). Each finding should be manually reviewed for exploitability in context.
VNX-1056 – Invokable Control Element with Variadic Parameters
Detects Detects source patterns associated with CWE-1056 (Invokable Control Element with Variadic Parameters). Each finding should be manually reviewed for exploitability in context.
VNX-1057 – Data Access Operations Outside of Expected Data Manager Component
Detects Detects source patterns associated with CWE-1057 (Data Access Operations Outside of Expected Data Manager Component). Each finding should be manually reviewed for exploitability in context.
VNX-1058 – Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
Detects Detects source patterns associated with CWE-1058 (Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element). Each finding should be manually reviewed for exploitability in context.
VNX-1060 – Excessive Number of Inefficient Server-Side Data Accesses
Detects Detects source patterns associated with CWE-1060 (Excessive Number of Inefficient Server-Side Data Accesses). Each finding should be manually reviewed for exploitability in context.
VNX-1062 – Parent Class with References to Child Class
Detects Detects source patterns associated with CWE-1062 (Parent Class with References to Child Class). Each finding should be manually reviewed for exploitability in context.
VNX-1063 – Creation of Class Instance within a Static Code Block
Detects Detects source patterns associated with CWE-1063 (Creation of Class Instance within a Static Code Block). Each finding should be manually reviewed for exploitability in context.
VNX-1064 – Invokable Control Element with Signature Containing an Excessive Number of Parameters
Detects Detects source patterns associated with CWE-1064 (Invokable Control Element with Signature Containing an Excessive Number of Parameters). Each finding should be manually reviewed for exploitability in context.
VNX-1065 – Runtime Resource Management Control Element in a Component Built to Run on Application Servers
Detects Detects source patterns associated with CWE-1065 (Runtime Resource Management Control Element in a Component Built to Run on Application Servers). Each finding should be manually reviewed for exploitability in context.
VNX-1066 – Missing Serialization Control Element
Detects Detects source patterns associated with CWE-1066 (Missing Serialization Control Element). Each finding should be manually reviewed for exploitability in context.
VNX-1067 – Excessive Execution of Sequential Searches of Data Resource
Detects Detects source patterns associated with CWE-1067 (Excessive Execution of Sequential Searches of Data Resource). Each finding should be manually reviewed for exploitability in context.
VNX-1068 – Inconsistency Between Implementation and Documented Design
Detects Detects source patterns associated with CWE-1068 (Inconsistency Between Implementation and Documented Design). Each finding should be manually reviewed for exploitability in context.
VNX-1069 – CWE-1069
Detects Detects source patterns associated with CWE-1069 (CWE-1069). Each finding should be manually reviewed for exploitability in context.
VNX-1070 – Serializable Data Element Containing non-Serializable Item Elements
Detects Detects source patterns associated with CWE-1070 (Serializable Data Element Containing non-Serializable Item Elements). Each finding should be manually reviewed for exploitability in context.
VNX-1071 – Empty Code Block
Detects Detects source patterns associated with CWE-1071 (Empty Code Block). Each finding should be manually reviewed for exploitability in context.
VNX-1072 – Data Resource Access without Use of Connection Pooling
Detects Detects source patterns associated with CWE-1072 (Data Resource Access without Use of Connection Pooling). Each finding should be manually reviewed for exploitability in context.
VNX-1073 – Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
Detects Detects source patterns associated with CWE-1073 (Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses). Each finding should be manually reviewed for exploitability in context.
VNX-1074 – Class with Excessively Deep Inheritance
Detects Detects source patterns associated with CWE-1074 (Class with Excessively Deep Inheritance). Each finding should be manually reviewed for exploitability in context.
VNX-1075 – Unconditional Control Flow Transfer outside of Switch Block
Detects Detects source patterns associated with CWE-1075 (Unconditional Control Flow Transfer outside of Switch Block). Each finding should be manually reviewed for exploitability in context.
VNX-1079 – Parent Class without Virtual Destructor Method
Detects Detects source patterns associated with CWE-1079 (Parent Class without Virtual Destructor Method). Each finding should be manually reviewed for exploitability in context.
VNX-1080 – Source Code File with Excessive Number of Lines of Code
Detects Detects source patterns associated with CWE-1080 (Source Code File with Excessive Number of Lines of Code). Each finding should be manually reviewed for exploitability in context.
VNX-1082 – Class Instance Self Destruction Control Element
Detects Detects source patterns associated with CWE-1082 (Class Instance Self Destruction Control Element). Each finding should be manually reviewed for exploitability in context.
VNX-1083 – Data Access from Outside Expected Data Manager Component
Detects Detects source patterns associated with CWE-1083 (Data Access from Outside Expected Data Manager Component). Each finding should be manually reviewed for exploitability in context.
VNX-1084 – Invokable Control Element with Excessive File or Data Access Operations
Detects Detects source patterns associated with CWE-1084 (Invokable Control Element with Excessive File or Data Access Operations). Each finding should be manually reviewed for exploitability in context.
VNX-1085 – Invokable Control Element with Excessive Volume of Commented-out Code
Detects Detects source patterns associated with CWE-1085 (Invokable Control Element with Excessive Volume of Commented-out Code). Each finding should be manually reviewed for exploitability in context.
VNX-1086 – Class with Excessive Number of Child Classes
Detects Detects source patterns associated with CWE-1086 (Class with Excessive Number of Child Classes). Each finding should be manually reviewed for exploitability in context.
VNX-1087 – Class with Virtual Method without a Virtual Destructor
Detects Detects source patterns associated with CWE-1087 (Class with Virtual Method without a Virtual Destructor). Each finding should be manually reviewed for exploitability in context.
VNX-1089 – Large Data Table with Excessive Number of Indices
Detects Detects source patterns associated with CWE-1089 (Large Data Table with Excessive Number of Indices). Each finding should be manually reviewed for exploitability in context.
VNX-1090 – Method Containing Access of a Member Element from Another Class
Detects Detects source patterns associated with CWE-1090 (Method Containing Access of a Member Element from Another Class). Each finding should be manually reviewed for exploitability in context.
VNX-1092 – Use of Same Invokable Control Element in Multiple Architectural Layers
Detects Detects source patterns associated with CWE-1092 (Use of Same Invokable Control Element in Multiple Architectural Layers). Each finding should be manually reviewed for exploitability in context.
VNX-1094 – Excessive Index Range Scan for a Data Resource
Detects Detects source patterns associated with CWE-1094 (Excessive Index Range Scan for a Data Resource). Each finding should be manually reviewed for exploitability in context.
VNX-1095 – Loop Condition Value Update within the Loop
Detects Detects source patterns associated with CWE-1095 (Loop Condition Value Update within the Loop). Each finding should be manually reviewed for exploitability in context.
VNX-1097 – Persistent Storable Data Element without Associated Comparison Control Element
Detects Detects source patterns associated with CWE-1097 (Persistent Storable Data Element without Associated Comparison Control Element). Each finding should be manually reviewed for exploitability in context.
VNX-1098 – Data Element containing Pointer Item without Proper Copy Control Element
Detects Detects source patterns associated with CWE-1098 (Data Element containing Pointer Item without Proper Copy Control Element). Each finding should be manually reviewed for exploitability in context.
VNX-1099 – Inconsistent Naming Conventions for Identifiers
Detects Detects source patterns associated with CWE-1099 (Inconsistent Naming Conventions for Identifiers). Each finding should be manually reviewed for exploitability in context.
VNX-1100 – Insufficient Isolation of System-Dependent Functions
Detects Detects source patterns associated with CWE-1100 (Insufficient Isolation of System-Dependent Functions). Each finding should be manually reviewed for exploitability in context.
VNX-1101 – Reliance on Runtime Component in Generated Code
Detects Detects source patterns associated with CWE-1101 (Reliance on Runtime Component in Generated Code). Each finding should be manually reviewed for exploitability in context.
VNX-1102 – Reliance on Machine-Dependent Data Representation
Detects Detects source patterns associated with CWE-1102 (Reliance on Machine-Dependent Data Representation). Each finding should be manually reviewed for exploitability in context.
VNX-1103 – Use of Platform-Dependent Third Party Components
Detects Detects source patterns associated with CWE-1103 (Use of Platform-Dependent Third Party Components). Each finding should be manually reviewed for exploitability in context.
VNX-1104 – Use of Unmaintained Third Party Components
Detects Detects source patterns associated with CWE-1104 (Use of Unmaintained Third Party Components). Each finding should be manually reviewed for exploitability in context.
VNX-1105 – Insufficient Encapsulation of Machine-Dependent Functionality
Detects Detects source patterns associated with CWE-1105 (Insufficient Encapsulation of Machine-Dependent Functionality). Each finding should be manually reviewed for exploitability in context.
VNX-1106 – Insufficient Use of Symbolic Constants
Detects Detects source patterns associated with CWE-1106 (Insufficient Use of Symbolic Constants). Each finding should be manually reviewed for exploitability in context.
VNX-1107 – Insufficient Isolation of Symbolic Constant Definitions
Detects Detects source patterns associated with CWE-1107 (Insufficient Isolation of Symbolic Constant Definitions). Each finding should be manually reviewed for exploitability in context.
VNX-1108 – Excessive Reliance on Global Variables
Detects Detects source patterns associated with CWE-1108 (Excessive Reliance on Global Variables). Each finding should be manually reviewed for exploitability in context.
VNX-1109 – Use of Same Variable for Multiple Purposes
Detects Detects source patterns associated with CWE-1109 (Use of Same Variable for Multiple Purposes). Each finding should be manually reviewed for exploitability in context.
VNX-1110 – Incomplete Design Documentation
Detects Detects source patterns associated with CWE-1110 (Incomplete Design Documentation). Each finding should be manually reviewed for exploitability in context.
VNX-1111 – Incomplete I/O Documentation
Detects Detects source patterns associated with CWE-1111 (Incomplete I/O Documentation). Each finding should be manually reviewed for exploitability in context.
VNX-1112 – Incomplete Documentation of Program Execution
Detects Detects source patterns associated with CWE-1112 (Incomplete Documentation of Program Execution). Each finding should be manually reviewed for exploitability in context.
VNX-1113 – Inappropriate Comment Style
Detects Detects source patterns associated with CWE-1113 (Inappropriate Comment Style). Each finding should be manually reviewed for exploitability in context.
VNX-1114 – Inappropriate Whitespace Style
Detects Detects source patterns associated with CWE-1114 (Inappropriate Whitespace Style). Each finding should be manually reviewed for exploitability in context.
VNX-1115 – Source Code Element without Standard Prologue
Detects Detects source patterns associated with CWE-1115 (Source Code Element without Standard Prologue). Each finding should be manually reviewed for exploitability in context.
VNX-1116 – Inaccurate Source Code Comments
Detects Detects source patterns associated with CWE-1116 (Inaccurate Source Code Comments). Each finding should be manually reviewed for exploitability in context.
VNX-1117 – Callable with Insufficient Behavioral Summary
Detects Detects source patterns associated with CWE-1117 (Callable with Insufficient Behavioral Summary). Each finding should be manually reviewed for exploitability in context.
VNX-1118 – Insufficient Documentation of Error Handling Techniques
Detects Detects source patterns associated with CWE-1118 (Insufficient Documentation of Error Handling Techniques). Each finding should be manually reviewed for exploitability in context.
VNX-1119 – Excessive Use of Unconditional Branching
Detects Detects source patterns associated with CWE-1119 (Excessive Use of Unconditional Branching). Each finding should be manually reviewed for exploitability in context.
VNX-112 – Missing XML Validation
Detects Detects source patterns associated with CWE-112 (Missing XML Validation). Each finding should be manually reviewed for exploitability in context.
VNX-1121 – Excessive McCabe Cyclomatic Complexity
Detects Detects source patterns associated with CWE-1121 (Excessive McCabe Cyclomatic Complexity). Each finding should be manually reviewed for exploitability in context.
VNX-1122 – Excessive Halstead Complexity
Detects Detects source patterns associated with CWE-1122 (Excessive Halstead Complexity). Each finding should be manually reviewed for exploitability in context.
VNX-1123 – Excessive Use of Self-Modifying Code
Detects Detects source patterns associated with CWE-1123 (Excessive Use of Self-Modifying Code). Each finding should be manually reviewed for exploitability in context.
VNX-1124 – Excessively Deep Nesting
Detects Detects source patterns associated with CWE-1124 (Excessively Deep Nesting). Each finding should be manually reviewed for exploitability in context.
VNX-1125 – Excessive Attack Surface
Detects Detects source patterns associated with CWE-1125 (Excessive Attack Surface). Each finding should be manually reviewed for exploitability in context.
VNX-1126 – Declaration of Variable with Unnecessarily Wide Scope
Detects Detects source patterns associated with CWE-1126 (Declaration of Variable with Unnecessarily Wide Scope). Each finding should be manually reviewed for exploitability in context.
VNX-1127 – Compilation with Insufficient Warnings or Errors
Detects Detects source patterns associated with CWE-1127 (Compilation with Insufficient Warnings or Errors). Each finding should be manually reviewed for exploitability in context.
VNX-115 – Misinterpretation of Input
Detects Detects source patterns associated with CWE-115 (Misinterpretation of Input). Each finding should be manually reviewed for exploitability in context.
VNX-117 – Improper Output Neutralization for Logs
Detects Detects source patterns associated with CWE-117 (Improper Output Neutralization for Logs). Each finding should be manually reviewed for exploitability in context.
VNX-1173 – Improper Use of Validation Framework
Detects Detects source patterns associated with CWE-1173 (Improper Use of Validation Framework). Each finding should be manually reviewed for exploitability in context.
VNX-1188 – Initialization of a Resource with an Insecure Default
Detects Detects source patterns associated with CWE-1188 (Initialization of a Resource with an Insecure Default). Each finding should be manually reviewed for exploitability in context.
VNX-1204 – Generation of Weak Initialization Vector (IV)
Detects Detects source patterns associated with CWE-1204 (Generation of Weak Initialization Vector (IV)). Each finding should be manually reviewed for exploitability in context.
VNX-1230 – Exposure of Sensitive Information Through Metadata
Detects Detects source patterns associated with CWE-1230 (Exposure of Sensitive Information Through Metadata). Each finding should be manually reviewed for exploitability in context.
VNX-1235 – Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations
Detects Detects source patterns associated with CWE-1235 (Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations). Each finding should be manually reviewed for exploitability in context.
VNX-1236 – Improper Neutralization of Formula Elements in a CSV File
Detects Detects source patterns associated with CWE-1236 (Improper Neutralization of Formula Elements in a CSV File). Each finding should be manually reviewed for exploitability in context.
VNX-124 – Buffer Underwrite ('Buffer Underflow')
Detects Detects source patterns associated with CWE-124 (Buffer Underwrite ('Buffer Underflow')). Each finding should be manually reviewed for exploitability in context.
VNX-1240 – Use of a Cryptographic Primitive with a Risky Implementation
Detects Detects source patterns associated with CWE-1240 (Use of a Cryptographic Primitive with a Risky Implementation). Each finding should be manually reviewed for exploitability in context.
VNX-1241 – Use of Predictable Algorithm in Random Number Generator
Detects Detects source patterns associated with CWE-1241 (Use of Predictable Algorithm in Random Number Generator). Each finding should be manually reviewed for exploitability in context.
VNX-125 – Out-of-bounds Read
Detects Detects source patterns associated with CWE-125 (Out-of-bounds Read). Each finding should be manually reviewed for exploitability in context.
VNX-1254 – CWE-1254
Detects Detects source patterns associated with CWE-1254 (CWE-1254). Each finding should be manually reviewed for exploitability in context.
VNX-1265 – Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
Detects Detects source patterns associated with CWE-1265 (Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls). Each finding should be manually reviewed for exploitability in context.
VNX-1269 – CWE-1269
Detects Detects source patterns associated with CWE-1269 (CWE-1269). Each finding should be manually reviewed for exploitability in context.
VNX-1275 – CWE-1275
Detects Detects source patterns associated with CWE-1275 (CWE-1275). Each finding should be manually reviewed for exploitability in context.
VNX-128 – Wrap-around Error
Detects Detects source patterns associated with CWE-128 (Wrap-around Error). Each finding should be manually reviewed for exploitability in context.
VNX-1284 – Improper Validation of Specified Quantity in Input
Detects Detects source patterns associated with CWE-1284 (Improper Validation of Specified Quantity in Input). Each finding should be manually reviewed for exploitability in context.
VNX-1285 – Improper Validation of Specified Index, Position, or Offset in Input
Detects Detects source patterns associated with CWE-1285 (Improper Validation of Specified Index, Position, or Offset in Input). Each finding should be manually reviewed for exploitability in context.
VNX-1286 – Improper Validation of Syntactic Correctness of Input
Detects Detects source patterns associated with CWE-1286 (Improper Validation of Syntactic Correctness of Input). Each finding should be manually reviewed for exploitability in context.
VNX-1287 – Improper Validation of Specified Type of Input
Detects Detects source patterns associated with CWE-1287 (Improper Validation of Specified Type of Input). Each finding should be manually reviewed for exploitability in context.
VNX-1288 – Improper Validation of Consistency within Input
Detects Detects source patterns associated with CWE-1288 (Improper Validation of Consistency within Input). Each finding should be manually reviewed for exploitability in context.
VNX-1289 – Improper Validation of Unsafe Equivalence in Input
Detects Detects source patterns associated with CWE-1289 (Improper Validation of Unsafe Equivalence in Input). Each finding should be manually reviewed for exploitability in context.
VNX-1290 – CWE-1290
Detects Detects source patterns associated with CWE-1290 (CWE-1290). Each finding should be manually reviewed for exploitability in context.
VNX-130 – Improper Handling of Length Parameter Inconsistency
Detects Detects source patterns associated with CWE-130 (Improper Handling of Length Parameter Inconsistency). Each finding should be manually reviewed for exploitability in context.
VNX-1304 – CWE-1304
Detects Detects source patterns associated with CWE-1304 (CWE-1304). Each finding should be manually reviewed for exploitability in context.
VNX-1320 – CWE-1320
Detects Detects source patterns associated with CWE-1320 (CWE-1320). Each finding should be manually reviewed for exploitability in context.
VNX-1321 – CWE-1321
Detects Detects source patterns associated with CWE-1321 (CWE-1321). Each finding should be manually reviewed for exploitability in context.
VNX-1322 – Use of Blocking Code in Single-threaded, Non-blocking Context
Detects Detects source patterns associated with CWE-1322 (Use of Blocking Code in Single-threaded, Non-blocking Context). Each finding should be manually reviewed for exploitability in context.
VNX-1324 – DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
Detect JTAG/SWD debug interface enable patterns in firmware source code that may expose debug access in production hardware.
VNX-1325 – Improperly Controlled Sequential Memory Allocation
Detect memory allocations (malloc, calloc, make, new byte[]) that may occur in loops driven by user-controlled counts without a total size limit, leading to memory exhaustion DoS.
VNX-1327 – Binding to an Unrestricted IP Address
Detects Detects source patterns associated with CWE-1327 (Binding to an Unrestricted IP Address). Each finding should be manually reviewed for exploitability in context.
VNX-1335 – Incorrect Bitwise Shift of Integer
Detects Detects source patterns associated with CWE-1335 (Incorrect Bitwise Shift of Integer). Each finding should be manually reviewed for exploitability in context.
VNX-1336 – CWE-1336
Detects Detects source patterns associated with CWE-1336 (CWE-1336). Each finding should be manually reviewed for exploitability in context.
VNX-1339 – Insufficient Precision or Accuracy of a Real Number
Detects Detects source patterns associated with CWE-1339 (Insufficient Precision or Accuracy of a Real Number). Each finding should be manually reviewed for exploitability in context.
VNX-1341 – Multiple Releases of Same Resource or Handle
Detects Detects source patterns associated with CWE-1341 (Multiple Releases of Same Resource or Handle). Each finding should be manually reviewed for exploitability in context.
VNX-135 – Incorrect Calculation of Multi-Byte String Length
Detects Detects source patterns associated with CWE-135 (Incorrect Calculation of Multi-Byte String Length). Each finding should be manually reviewed for exploitability in context.
VNX-1389 – Incorrect Parsing of Numbers with Different Radices
Detects Detects source patterns associated with CWE-1389 (Incorrect Parsing of Numbers with Different Radices). Each finding should be manually reviewed for exploitability in context.
VNX-1390 – CWE-1390
Detects Detects source patterns associated with CWE-1390 (CWE-1390). Each finding should be manually reviewed for exploitability in context.
VNX-1391 – CWE-1391
Detects Detects source patterns associated with CWE-1391 (CWE-1391). Each finding should be manually reviewed for exploitability in context.
VNX-1392 – Use of Default Credentials
Detects Detects source patterns associated with CWE-1392 (Use of Default Credentials). Each finding should be manually reviewed for exploitability in context.
VNX-1393 – CWE-1393
Detects Detects source patterns associated with CWE-1393 (CWE-1393). Each finding should be manually reviewed for exploitability in context.
VNX-1395 – CWE-1395
Detects Detects source patterns associated with CWE-1395 (CWE-1395). Each finding should be manually reviewed for exploitability in context.
VNX-140 – Improper Neutralization of Delimiters
Detects Detects source patterns associated with CWE-140 (Improper Neutralization of Delimiters). Each finding should be manually reviewed for exploitability in context.
VNX-1427 – Improper Neutralization of Input Used in an Assertion
Detect Python assert statements used for security-critical validation (authentication checks, permission enforcement, input validation), which are silently disabled when Python runs with optimisation (-O or -OO flags).
VNX-15 – External Control of System or Configuration Setting
Detects Detects source patterns associated with CWE-15 (External Control of System or Configuration Setting). Each finding should be manually reviewed for exploitability in context.
VNX-166 – Improper Handling of Missing Special Element
Detects Detects source patterns associated with CWE-166 (Improper Handling of Missing Special Element). Each finding should be manually reviewed for exploitability in context.
VNX-167 – Improper Handling of Additional Special Element
Detects Detects source patterns associated with CWE-167 (Improper Handling of Additional Special Element). Each finding should be manually reviewed for exploitability in context.
VNX-168 – Improper Handling of Inconsistent Special Elements
Detects Detects source patterns associated with CWE-168 (Improper Handling of Inconsistent Special Elements). Each finding should be manually reviewed for exploitability in context.
VNX-170 – Improper Null Termination
Detects Detects source patterns associated with CWE-170 (Improper Null Termination). Each finding should be manually reviewed for exploitability in context.
VNX-178 – Improper Handling of Case Sensitivity
Detects Detects source patterns associated with CWE-178 (Improper Handling of Case Sensitivity). Each finding should be manually reviewed for exploitability in context.
VNX-179 – Incorrect Behavior Order: Early Validation
Detects Detects source patterns associated with CWE-179 (Incorrect Behavior Order: Early Validation). Each finding should be manually reviewed for exploitability in context.
VNX-182 – Collapse of Data into Unsafe Value
Detects Detects source patterns associated with CWE-182 (Collapse of Data into Unsafe Value). Each finding should be manually reviewed for exploitability in context.
VNX-183 – Permissive List of Allowed Inputs
Detects Detects source patterns associated with CWE-183 (Permissive List of Allowed Inputs). Each finding should be manually reviewed for exploitability in context.
VNX-184 – Incomplete List of Disallowed Inputs
Detects Detects source patterns associated with CWE-184 (Incomplete List of Disallowed Inputs). Each finding should be manually reviewed for exploitability in context.
VNX-186 – Overly Restrictive Regular Expression
Detects Detects source patterns associated with CWE-186 (Overly Restrictive Regular Expression). Each finding should be manually reviewed for exploitability in context.
VNX-191 – Integer Underflow (Wrap or Wraparound)
Detects Detects source patterns associated with CWE-191 (Integer Underflow (Wrap or Wraparound)). Each finding should be manually reviewed for exploitability in context.
VNX-192 – Integer Coercion Error
Detect signed/unsigned comparison mismatches and int-to-byte narrowing casts from user input.
VNX-193 – Off-by-one Error
Detects Detects source patterns associated with CWE-193 (Off-by-one Error). Each finding should be manually reviewed for exploitability in context.
VNX-194 – Unexpected Sign Extension
Detect char values widened to int or used as array indices without unsigned cast, causing sign extension.
VNX-20 – CWE-20
Detects Detects request data flowing to sensitive sinks without an intervening validation call.
VNX-201 – Insertion of Sensitive Information Into Sent Data
Detects Detects source patterns associated with CWE-201 (Insertion of Sensitive Information Into Sent Data). Each finding should be manually reviewed for exploitability in context.
VNX-204 – Observable Response Discrepancy
Detects Detects source patterns associated with CWE-204 (Observable Response Discrepancy). Each finding should be manually reviewed for exploitability in context.
VNX-205 – Observable Behavioral Discrepancy
Detects Detects source patterns associated with CWE-205 (Observable Behavioral Discrepancy). Each finding should be manually reviewed for exploitability in context.
VNX-209 – Generation of Error Message Containing Sensitive Information
Detects Detects source patterns associated with CWE-209 (Generation of Error Message Containing Sensitive Information). Each finding should be manually reviewed for exploitability in context.
VNX-210 – CWE-210
Detects Detects source patterns associated with CWE-210 (CWE-210). Each finding should be manually reviewed for exploitability in context.
VNX-212 – Improper Removal of Sensitive Information Before Storage or Transfer
Detects Detects source patterns associated with CWE-212 (Improper Removal of Sensitive Information Before Storage or Transfer). Each finding should be manually reviewed for exploitability in context.
VNX-213 – Exposure of Sensitive Information Due to Incompatible Policies
Detects Detects source patterns associated with CWE-213 (Exposure of Sensitive Information Due to Incompatible Policies). Each finding should be manually reviewed for exploitability in context.
VNX-214 – Invocation of Process Using Visible Sensitive Information
Detects Detects source patterns associated with CWE-214 (Invocation of Process Using Visible Sensitive Information). Each finding should be manually reviewed for exploitability in context.
VNX-215 – Insertion of Sensitive Information Into Debugging Code
Detects Detects source patterns associated with CWE-215 (Insertion of Sensitive Information Into Debugging Code). Each finding should be manually reviewed for exploitability in context.
VNX-222 – Truncation of Security-relevant Information
Detects Detects source patterns associated with CWE-222 (Truncation of Security-relevant Information). Each finding should be manually reviewed for exploitability in context.
VNX-223 – Omission of Security-relevant Information
Detects Detects source patterns associated with CWE-223 (Omission of Security-relevant Information). Each finding should be manually reviewed for exploitability in context.
VNX-224 – Obscured Security-relevant Information by Alternate Name
Detects Detects source patterns associated with CWE-224 (Obscured Security-relevant Information by Alternate Name). Each finding should be manually reviewed for exploitability in context.
VNX-227 – Improper Fulfillment of API Contract
Detect security API calls where the return value is not checked or preconditions are not met.
VNX-229 – Improper Handling of Values
Detects Detects source patterns associated with CWE-229 (Improper Handling of Values). Each finding should be manually reviewed for exploitability in context.
VNX-233 – Improper Handling of Parameters
Detects Detects source patterns associated with CWE-233 (Improper Handling of Parameters). Each finding should be manually reviewed for exploitability in context.
VNX-237 – Improper Handling of Structural Elements
Detects Detects source patterns associated with CWE-237 (Improper Handling of Structural Elements). Each finding should be manually reviewed for exploitability in context.
VNX-241 – Improper Handling of Unexpected Data Type
Detects Detects source patterns associated with CWE-241 (Improper Handling of Unexpected Data Type). Each finding should be manually reviewed for exploitability in context.
VNX-242 – Use of Inherently Dangerous Function
Detects Detects source patterns associated with CWE-242 (Use of Inherently Dangerous Function). Each finding should be manually reviewed for exploitability in context.
VNX-243 – Creation of chroot Jail Without Changing Working Directory
Detects Detects source patterns associated with CWE-243 (Creation of chroot Jail Without Changing Working Directory). Each finding should be manually reviewed for exploitability in context.
VNX-244 – Improper Clearing of Heap Memory Before Release
Detect heap free() on sensitive buffers without prior memset_s() or explicit_bzero().
VNX-248 – Uncaught Exception
Detects Detects source patterns associated with CWE-248 (Uncaught Exception). Each finding should be manually reviewed for exploitability in context.
VNX-252 – Unchecked Return Value
Detects Detects source patterns associated with CWE-252 (Unchecked Return Value). Each finding should be manually reviewed for exploitability in context.
VNX-253 – Incorrect Check of Function Return Value
Detects Detects source patterns associated with CWE-253 (Incorrect Check of Function Return Value). Each finding should be manually reviewed for exploitability in context.
VNX-256 – Plaintext Storage of a Password
Detects Detects source patterns associated with CWE-256 (Plaintext Storage of a Password). Each finding should be manually reviewed for exploitability in context.
VNX-257 – Storing Passwords in a Recoverable Format
Detects Detects source patterns associated with CWE-257 (Storing Passwords in a Recoverable Format). Each finding should be manually reviewed for exploitability in context.
VNX-259 – CWE-259
Detects Detects source patterns associated with CWE-259 (CWE-259). Each finding should be manually reviewed for exploitability in context.
VNX-260 – Password in Configuration File
Detects Detects source patterns associated with CWE-260 (Password in Configuration File). Each finding should be manually reviewed for exploitability in context.
VNX-261 – Weak Encoding for Password
Detects Detects source patterns associated with CWE-261 (Weak Encoding for Password). Each finding should be manually reviewed for exploitability in context.
VNX-262 – Not Using Password Aging
Detects Detects source patterns associated with CWE-262 (Not Using Password Aging). Each finding should be manually reviewed for exploitability in context.
VNX-263 – Password Aging with Long Expiration
Detects Detects source patterns associated with CWE-263 (Password Aging with Long Expiration). Each finding should be manually reviewed for exploitability in context.
VNX-266 – Incorrect Privilege Assignment
Detects Detects source patterns associated with CWE-266 (Incorrect Privilege Assignment). Each finding should be manually reviewed for exploitability in context.
VNX-267 – Privilege Defined With Unsafe Actions
Detects Detects source patterns associated with CWE-267 (Privilege Defined With Unsafe Actions). Each finding should be manually reviewed for exploitability in context.
VNX-268 – Privilege Chaining
Detects Detects source patterns associated with CWE-268 (Privilege Chaining). Each finding should be manually reviewed for exploitability in context.
VNX-269 – CWE-269
Detects Detects source patterns associated with CWE-269 (CWE-269). Each finding should be manually reviewed for exploitability in context.
VNX-270 – Privilege Context Switching Error
Detects Detects source patterns associated with CWE-270 (Privilege Context Switching Error). Each finding should be manually reviewed for exploitability in context.
VNX-272 – Least Privilege Violation
Detects Detects source patterns associated with CWE-272 (Least Privilege Violation). Each finding should be manually reviewed for exploitability in context.
VNX-273 – Improper Check for Dropped Privileges
Detects Detects source patterns associated with CWE-273 (Improper Check for Dropped Privileges). Each finding should be manually reviewed for exploitability in context.
VNX-274 – Improper Handling of Insufficient Privileges
Detects Detects source patterns associated with CWE-274 (Improper Handling of Insufficient Privileges). Each finding should be manually reviewed for exploitability in context.
VNX-276 – Incorrect Default Permissions
Detects Detects source patterns associated with CWE-276 (Incorrect Default Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-277 – Insecure Inherited Permissions
Detects Detects source patterns associated with CWE-277 (Insecure Inherited Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-278 – Insecure Preserved Inherited Permissions
Detects Detects source patterns associated with CWE-278 (Insecure Preserved Inherited Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-279 – Incorrect Execution-Assigned Permissions
Detects Detects source patterns associated with CWE-279 (Incorrect Execution-Assigned Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-280 – Improper Handling of Insufficient Permissions or Privileges
Detects Detects source patterns associated with CWE-280 (Improper Handling of Insufficient Permissions or Privileges ). Each finding should be manually reviewed for exploitability in context.
VNX-281 – Improper Preservation of Permissions
Detects Detects source patterns associated with CWE-281 (Improper Preservation of Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-283 – Unverified Ownership
Detects Detects source patterns associated with CWE-283 (Unverified Ownership). Each finding should be manually reviewed for exploitability in context.
VNX-287 – CWE-287
Detects Detects source patterns associated with CWE-287 (CWE-287). Each finding should be manually reviewed for exploitability in context.
VNX-289 – Authentication Bypass by Alternate Name
Detects Detects source patterns associated with CWE-289 (Authentication Bypass by Alternate Name). Each finding should be manually reviewed for exploitability in context.
VNX-290 – Authentication Bypass by Spoofing
Detects Detects source patterns associated with CWE-290 (Authentication Bypass by Spoofing). Each finding should be manually reviewed for exploitability in context.
VNX-294 – Authentication Bypass by Capture-replay
Detects Detects source patterns associated with CWE-294 (Authentication Bypass by Capture-replay). Each finding should be manually reviewed for exploitability in context.
VNX-301 – Reflection Attack in an Authentication Protocol
Detects Detects source patterns associated with CWE-301 (Reflection Attack in an Authentication Protocol). Each finding should be manually reviewed for exploitability in context.
VNX-303 – Incorrect Implementation of Authentication Algorithm
Detects Detects source patterns associated with CWE-303 (Incorrect Implementation of Authentication Algorithm). Each finding should be manually reviewed for exploitability in context.
VNX-305 – Authentication Bypass by Primary Weakness
Detects Detects source patterns associated with CWE-305 (Authentication Bypass by Primary Weakness). Each finding should be manually reviewed for exploitability in context.
VNX-306 – Missing Authentication for Critical Function
Detects Detects source patterns associated with CWE-306 (Missing Authentication for Critical Function). Each finding should be manually reviewed for exploitability in context.
VNX-308 – Use of Single-factor Authentication
Detects Detects source patterns associated with CWE-308 (Use of Single-factor Authentication). Each finding should be manually reviewed for exploitability in context.
VNX-309 – Use of Password System for Primary Authentication
Detects Detects source patterns associated with CWE-309 (Use of Password System for Primary Authentication). Each finding should be manually reviewed for exploitability in context.
VNX-319 – Cleartext Transmission of Sensitive Information
Detects Detects embedded cleartext HTTP/FTP URLs that suggest credentials or data transmitted without encryption.
VNX-321 – CWE-321
Detects Detects source patterns associated with CWE-321 (CWE-321). Each finding should be manually reviewed for exploitability in context.
VNX-323 – Reusing a Nonce, Key Pair in Encryption
Detects Detects source patterns associated with CWE-323 (Reusing a Nonce, Key Pair in Encryption). Each finding should be manually reviewed for exploitability in context.
VNX-324 – Use of a Key Past its Expiration Date
Detects Detects source patterns associated with CWE-324 (Use of a Key Past its Expiration Date). Each finding should be manually reviewed for exploitability in context.
VNX-325 – Missing Cryptographic Step
Detects Detects source patterns associated with CWE-325 (Missing Cryptographic Step). Each finding should be manually reviewed for exploitability in context.
VNX-326 – CWE-326
Detects Detects source patterns associated with CWE-326 (CWE-326). Each finding should be manually reviewed for exploitability in context.
VNX-327 – CWE-327
Detects Detects source patterns associated with CWE-327 (CWE-327). Each finding should be manually reviewed for exploitability in context.
VNX-329 – CWE-329
Detects Detects source patterns associated with CWE-329 (CWE-329). Each finding should be manually reviewed for exploitability in context.
VNX-331 – Insufficient Entropy
Detects Detects source patterns associated with CWE-331 (Insufficient Entropy). Each finding should be manually reviewed for exploitability in context.
VNX-334 – Small Space of Random Values
Detects Detects source patterns associated with CWE-334 (Small Space of Random Values). Each finding should be manually reviewed for exploitability in context.
VNX-335 – Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Detects Detects source patterns associated with CWE-335 (Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)). Each finding should be manually reviewed for exploitability in context.
VNX-336 – CWE-336
Detects Detects source patterns associated with CWE-336 (CWE-336). Each finding should be manually reviewed for exploitability in context.
VNX-338 – Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Detects Detects source patterns associated with CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)). Each finding should be manually reviewed for exploitability in context.
VNX-340 – CWE-340
Detects Detects source patterns associated with CWE-340 (CWE-340). Each finding should be manually reviewed for exploitability in context.
VNX-341 – Predictable from Observable State
Detects Detects source patterns associated with CWE-341 (Predictable from Observable State). Each finding should be manually reviewed for exploitability in context.
VNX-342 – Predictable Exact Value from Previous Values
Detects Detects source patterns associated with CWE-342 (Predictable Exact Value from Previous Values). Each finding should be manually reviewed for exploitability in context.
VNX-343 – Predictable Value Range from Previous Values
Detects Detects source patterns associated with CWE-343 (Predictable Value Range from Previous Values). Each finding should be manually reviewed for exploitability in context.
VNX-344 – Use of Invariant Value in Dynamically Changing Context
Detects Detects source patterns associated with CWE-344 (Use of Invariant Value in Dynamically Changing Context). Each finding should be manually reviewed for exploitability in context.
VNX-345 – CWE-345
Detects Detects source patterns associated with CWE-345 (CWE-345). Each finding should be manually reviewed for exploitability in context.
VNX-346 – Origin Validation Error
Detects Detects source patterns associated with CWE-346 (Origin Validation Error). Each finding should be manually reviewed for exploitability in context.
VNX-347 – Improper Verification of Cryptographic Signature
Detects Detects source patterns associated with CWE-347 (Improper Verification of Cryptographic Signature). Each finding should be manually reviewed for exploitability in context.
VNX-348 – Use of Less Trusted Source
Detects Detects source patterns associated with CWE-348 (Use of Less Trusted Source). Each finding should be manually reviewed for exploitability in context.
VNX-349 – Acceptance of Extraneous Untrusted Data With Trusted Data
Detects Detects source patterns associated with CWE-349 (Acceptance of Extraneous Untrusted Data With Trusted Data). Each finding should be manually reviewed for exploitability in context.
VNX-350 – CWE-350
Detects Detects source patterns associated with CWE-350 (CWE-350). Each finding should be manually reviewed for exploitability in context.
VNX-351 – Insufficient Type Distinction
Detects Detects source patterns associated with CWE-351 (Insufficient Type Distinction). Each finding should be manually reviewed for exploitability in context.
VNX-352 – CWE-352
Detects Detects source patterns associated with CWE-352 (CWE-352). Each finding should be manually reviewed for exploitability in context.
VNX-353 – Missing Support for Integrity Check
Detects Detects source patterns associated with CWE-353 (Missing Support for Integrity Check). Each finding should be manually reviewed for exploitability in context.
VNX-354 – Improper Validation of Integrity Check Value
Detects Detects source patterns associated with CWE-354 (Improper Validation of Integrity Check Value). Each finding should be manually reviewed for exploitability in context.
VNX-356 – Product UI does not Warn User of Unsafe Actions
Detects Detects source patterns associated with CWE-356 (Product UI does not Warn User of Unsafe Actions). Each finding should be manually reviewed for exploitability in context.
VNX-357 – Insufficient UI Warning of Dangerous Operations
Detects Detects source patterns associated with CWE-357 (Insufficient UI Warning of Dangerous Operations). Each finding should be manually reviewed for exploitability in context.
VNX-358 – Improperly Implemented Security Check for Standard
Detects Detects source patterns associated with CWE-358 (Improperly Implemented Security Check for Standard). Each finding should be manually reviewed for exploitability in context.
VNX-359 – Exposure of Private Personal Information to an Unauthorized Actor
Detects Detects source patterns associated with CWE-359 (Exposure of Private Personal Information to an Unauthorized Actor). Each finding should be manually reviewed for exploitability in context.
VNX-360 – Trust of System Event Data
Detects Detects source patterns associated with CWE-360 (Trust of System Event Data). Each finding should be manually reviewed for exploitability in context.
VNX-362 – CWE-362
Detects Detects source patterns associated with CWE-362 (CWE-362). Each finding should be manually reviewed for exploitability in context.
VNX-364 – Signal Handler Race Condition
Detects Detects source patterns associated with CWE-364 (Signal Handler Race Condition). Each finding should be manually reviewed for exploitability in context.
VNX-366 – Race Condition within a Thread
Detects Detects source patterns associated with CWE-366 (Race Condition within a Thread). Each finding should be manually reviewed for exploitability in context.
VNX-367 – Time-of-check Time-of-use (TOCTOU) Race Condition
Detects Detects source patterns associated with CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition). Each finding should be manually reviewed for exploitability in context.
VNX-368 – Context Switching Race Condition
Detects Detects source patterns associated with CWE-368 (Context Switching Race Condition). Each finding should be manually reviewed for exploitability in context.
VNX-369 – Divide By Zero
Detects Detects source patterns associated with CWE-369 (Divide By Zero). Each finding should be manually reviewed for exploitability in context.
VNX-372 – Incomplete Internal State Distinction
Detects Detects source patterns associated with CWE-372 (Incomplete Internal State Distinction). Each finding should be manually reviewed for exploitability in context.
VNX-374 – Passing Mutable Objects to an Untrusted Method
Detects Detects source patterns associated with CWE-374 (Passing Mutable Objects to an Untrusted Method). Each finding should be manually reviewed for exploitability in context.
VNX-375 – Returning a Mutable Object to an Untrusted Caller
Detects Detects source patterns associated with CWE-375 (Returning a Mutable Object to an Untrusted Caller). Each finding should be manually reviewed for exploitability in context.
VNX-378 – Creation of Temporary File With Insecure Permissions
Detects Detects source patterns associated with CWE-378 (Creation of Temporary File With Insecure Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-379 – Creation of Temporary File in Directory with Insecure Permissions
Detects Detects source patterns associated with CWE-379 (Creation of Temporary File in Directory with Insecure Permissions). Each finding should be manually reviewed for exploitability in context.
VNX-384 – CWE-384
Detects Detects source patterns associated with CWE-384 (CWE-384). Each finding should be manually reviewed for exploitability in context.
VNX-385 – Covert Timing Channel
Detects Detects source patterns associated with CWE-385 (Covert Timing Channel). Each finding should be manually reviewed for exploitability in context.
VNX-386 – Symbolic Name not Mapping to Correct Object
Detects Detects source patterns associated with CWE-386 (Symbolic Name not Mapping to Correct Object). Each finding should be manually reviewed for exploitability in context.
VNX-390 – Detection of Error Condition Without Action
Detects Detects source patterns associated with CWE-390 (Detection of Error Condition Without Action). Each finding should be manually reviewed for exploitability in context.
VNX-391 – Unchecked Error Condition
Detects Detects source patterns associated with CWE-391 (Unchecked Error Condition). Each finding should be manually reviewed for exploitability in context.
VNX-392 – Missing Report of Error Condition
Detects Detects source patterns associated with CWE-392 (Missing Report of Error Condition). Each finding should be manually reviewed for exploitability in context.
VNX-393 – Return of Wrong Status Code
Detects Detects source patterns associated with CWE-393 (Return of Wrong Status Code). Each finding should be manually reviewed for exploitability in context.
VNX-394 – Unexpected Status Code or Return Value
Detects Detects source patterns associated with CWE-394 (Unexpected Status Code or Return Value). Each finding should be manually reviewed for exploitability in context.
VNX-395 – Use of NullPointerException Catch to Detect NULL Pointer Dereference
Detects Detects source patterns associated with CWE-395 (Use of NullPointerException Catch to Detect NULL Pointer Dereference). Each finding should be manually reviewed for exploitability in context.
VNX-396 – Declaration of Catch for Generic Exception
Detects Detects source patterns associated with CWE-396 (Declaration of Catch for Generic Exception). Each finding should be manually reviewed for exploitability in context.
VNX-397 – Declaration of Throws for Generic Exception
Detects Detects source patterns associated with CWE-397 (Declaration of Throws for Generic Exception). Each finding should be manually reviewed for exploitability in context.
VNX-400 – CWE-400
Detects Detects source patterns associated with CWE-400 (CWE-400). Each finding should be manually reviewed for exploitability in context.
VNX-401 – CWE-401
Detects Detects source patterns associated with CWE-401 (CWE-401). Each finding should be manually reviewed for exploitability in context.
VNX-403 – Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Detects Detects source patterns associated with CWE-403 (Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')). Each finding should be manually reviewed for exploitability in context.
VNX-404 – CWE-404
Detects Detects source patterns associated with CWE-404 (CWE-404). Each finding should be manually reviewed for exploitability in context.
VNX-408 – Incorrect Behavior Order: Early Amplification
Detects Detects source patterns associated with CWE-408 (Incorrect Behavior Order: Early Amplification). Each finding should be manually reviewed for exploitability in context.
VNX-409 – Improper Handling of Highly Compressed Data (Data Amplification)
Detects Detects source patterns associated with CWE-409 (Improper Handling of Highly Compressed Data (Data Amplification)). Each finding should be manually reviewed for exploitability in context.
VNX-41 – Improper Resolution of Path Equivalence
Detects Detects source patterns associated with CWE-41 (Improper Resolution of Path Equivalence). Each finding should be manually reviewed for exploitability in context.
VNX-410 – Insufficient Resource Pool
Detects Detects source patterns associated with CWE-410 (Insufficient Resource Pool). Each finding should be manually reviewed for exploitability in context.
VNX-412 – Unrestricted Externally Accessible Lock
Detects Detects source patterns associated with CWE-412 (Unrestricted Externally Accessible Lock). Each finding should be manually reviewed for exploitability in context.
VNX-413 – Improper Resource Locking
Detects Detects source patterns associated with CWE-413 (Improper Resource Locking). Each finding should be manually reviewed for exploitability in context.
VNX-414 – Missing Lock Check
Detects Detects source patterns associated with CWE-414 (Missing Lock Check). Each finding should be manually reviewed for exploitability in context.
VNX-415 – CWE-415
Detects Detects source patterns associated with CWE-415 (CWE-415). Each finding should be manually reviewed for exploitability in context.
VNX-416 – CWE-416
Detects Detects source patterns associated with CWE-416 (CWE-416). Each finding should be manually reviewed for exploitability in context.
VNX-419 – Unprotected Primary Channel
Detects Detects source patterns associated with CWE-419 (Unprotected Primary Channel). Each finding should be manually reviewed for exploitability in context.
VNX-420 – Unprotected Alternate Channel
Detects Detects source patterns associated with CWE-420 (Unprotected Alternate Channel). Each finding should be manually reviewed for exploitability in context.
VNX-421 – Race Condition During Access to Alternate Channel
Detects Detects source patterns associated with CWE-421 (Race Condition During Access to Alternate Channel). Each finding should be manually reviewed for exploitability in context.
VNX-425 – Direct Request ('Forced Browsing')
Detects Detects source patterns associated with CWE-425 (Direct Request ('Forced Browsing')). Each finding should be manually reviewed for exploitability in context.
VNX-426 – Untrusted Search Path
Detects Detects source patterns associated with CWE-426 (Untrusted Search Path). Each finding should be manually reviewed for exploitability in context.
VNX-427 – Uncontrolled Search Path Element
Detects Detects source patterns associated with CWE-427 (Uncontrolled Search Path Element). Each finding should be manually reviewed for exploitability in context.
VNX-428 – Unquoted Search Path or Element
Detects Detects source patterns associated with CWE-428 (Unquoted Search Path or Element). Each finding should be manually reviewed for exploitability in context.
VNX-430 – Deployment of Wrong Handler
Detects Detects source patterns associated with CWE-430 (Deployment of Wrong Handler). Each finding should be manually reviewed for exploitability in context.
VNX-431 – Missing Handler
Detects Detects source patterns associated with CWE-431 (Missing Handler). Each finding should be manually reviewed for exploitability in context.
VNX-432 – CWE-432
Detects Detects source patterns associated with CWE-432 (CWE-432). Each finding should be manually reviewed for exploitability in context.
VNX-437 – Incomplete Model of Endpoint Features
Detects Detects source patterns associated with CWE-437 (Incomplete Model of Endpoint Features). Each finding should be manually reviewed for exploitability in context.
VNX-439 – Behavioral Change in New Version or Environment
Detects Detects source patterns associated with CWE-439 (Behavioral Change in New Version or Environment). Each finding should be manually reviewed for exploitability in context.
VNX-440 – Expected Behavior Violation
Detects Detects source patterns associated with CWE-440 (Expected Behavior Violation). Each finding should be manually reviewed for exploitability in context.
VNX-441 – CWE-441
Detects Detects source patterns associated with CWE-441 (CWE-441). Each finding should be manually reviewed for exploitability in context.
VNX-444 – Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Detects Detects source patterns associated with CWE-444 (Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')). Each finding should be manually reviewed for exploitability in context.
VNX-447 – Unimplemented or Unsupported Feature in UI
Detects Detects source patterns associated with CWE-447 (Unimplemented or Unsupported Feature in UI). Each finding should be manually reviewed for exploitability in context.
VNX-448 – Obsolete Feature in UI
Detects Detects source patterns associated with CWE-448 (Obsolete Feature in UI). Each finding should be manually reviewed for exploitability in context.
VNX-449 – The UI Performs the Wrong Action
Detects Detects source patterns associated with CWE-449 (The UI Performs the Wrong Action). Each finding should be manually reviewed for exploitability in context.
VNX-450 – CWE-450
Detects Detects source patterns associated with CWE-450 (CWE-450). Each finding should be manually reviewed for exploitability in context.
VNX-451 – CWE-451
Detects Detects source patterns associated with CWE-451 (CWE-451). Each finding should be manually reviewed for exploitability in context.
VNX-453 – CWE-453
Detects Detects source patterns associated with CWE-453 (CWE-453). Each finding should be manually reviewed for exploitability in context.
VNX-454 – External Initialization of Trusted Variables or Data Stores
Detects Detects source patterns associated with CWE-454 (External Initialization of Trusted Variables or Data Stores). Each finding should be manually reviewed for exploitability in context.
VNX-455 – Non-exit on Failed Initialization
Detects Detects source patterns associated with CWE-455 (Non-exit on Failed Initialization). Each finding should be manually reviewed for exploitability in context.
VNX-457 – CWE-457
Detects Detects source patterns associated with CWE-457 (CWE-457). Each finding should be manually reviewed for exploitability in context.
VNX-459 – Incomplete Cleanup
Detects Detects source patterns associated with CWE-459 (Incomplete Cleanup). Each finding should be manually reviewed for exploitability in context.
VNX-460 – CWE-460
Detects Detects source patterns associated with CWE-460 (CWE-460). Each finding should be manually reviewed for exploitability in context.
VNX-462 – CWE-462
Detects Detects source patterns associated with CWE-462 (CWE-462). Each finding should be manually reviewed for exploitability in context.
VNX-463 – Deletion of Data Structure Sentinel
Detects Detects source patterns associated with CWE-463 (Deletion of Data Structure Sentinel). Each finding should be manually reviewed for exploitability in context.
VNX-464 – Addition of Data Structure Sentinel
Detects Detects source patterns associated with CWE-464 (Addition of Data Structure Sentinel). Each finding should be manually reviewed for exploitability in context.
VNX-466 – Return of Pointer Value Outside of Expected Range
Detects Detects source patterns associated with CWE-466 (Return of Pointer Value Outside of Expected Range). Each finding should be manually reviewed for exploitability in context.
VNX-468 – Incorrect Pointer Scaling
Detects Detects source patterns associated with CWE-468 (Incorrect Pointer Scaling). Each finding should be manually reviewed for exploitability in context.
VNX-469 – Use of Pointer Subtraction to Determine Size
Detects Detects source patterns associated with CWE-469 (Use of Pointer Subtraction to Determine Size). Each finding should be manually reviewed for exploitability in context.
VNX-470 – Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Detects Detects source patterns associated with CWE-470 (Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')). Each finding should be manually reviewed for exploitability in context.
VNX-471 – CWE-471
Detects Detects source patterns associated with CWE-471 (CWE-471). Each finding should be manually reviewed for exploitability in context.
VNX-472 – External Control of Assumed-Immutable Web Parameter
Detects Detects source patterns associated with CWE-472 (External Control of Assumed-Immutable Web Parameter). Each finding should be manually reviewed for exploitability in context.
VNX-474 – Use of Function with Inconsistent Implementations
Detects Detects source patterns associated with CWE-474 (Use of Function with Inconsistent Implementations). Each finding should be manually reviewed for exploitability in context.
VNX-475 – Undefined Behavior for Input to API
Detects Detects source patterns associated with CWE-475 (Undefined Behavior for Input to API). Each finding should be manually reviewed for exploitability in context.
VNX-476 – NULL Pointer Dereference
Detects Detects source patterns associated with CWE-476 (NULL Pointer Dereference). Each finding should be manually reviewed for exploitability in context.
VNX-477 – Use of Obsolete Function
Detects Detects source patterns associated with CWE-477 (Use of Obsolete Function). Each finding should be manually reviewed for exploitability in context.
VNX-478 – Missing Default Case in Multiple Condition Expression
Detects Detects source patterns associated with CWE-478 (Missing Default Case in Multiple Condition Expression). Each finding should be manually reviewed for exploitability in context.
VNX-479 – CWE-479
Detects Detects source patterns associated with CWE-479 (CWE-479). Each finding should be manually reviewed for exploitability in context.
VNX-480 – Use of Incorrect Operator
Detects Detects source patterns associated with CWE-480 (Use of Incorrect Operator). Each finding should be manually reviewed for exploitability in context.
VNX-481 – CWE-481
Detects Detects source patterns associated with CWE-481 (CWE-481). Each finding should be manually reviewed for exploitability in context.
VNX-482 – CWE-482
Detects Detects source patterns associated with CWE-482 (CWE-482). Each finding should be manually reviewed for exploitability in context.
VNX-483 – Incorrect Block Delimitation
Detects Detects source patterns associated with CWE-483 (Incorrect Block Delimitation). Each finding should be manually reviewed for exploitability in context.
VNX-484 – Omitted Break Statement in Switch
Detects Detects source patterns associated with CWE-484 (Omitted Break Statement in Switch). Each finding should be manually reviewed for exploitability in context.
VNX-486 – CWE-486
Detects Detects source patterns associated with CWE-486 (CWE-486). Each finding should be manually reviewed for exploitability in context.
VNX-487 – Reliance on Package-level Scope
Detects Detects source patterns associated with CWE-487 (Reliance on Package-level Scope). Each finding should be manually reviewed for exploitability in context.
VNX-488 – Exposure of Data Element to Wrong Session
Detects Detects source patterns associated with CWE-488 (Exposure of Data Element to Wrong Session). Each finding should be manually reviewed for exploitability in context.
VNX-491 – CWE-491
Detects Detects source patterns associated with CWE-491 (CWE-491). Each finding should be manually reviewed for exploitability in context.
VNX-492 – CWE-492
Detects Detects source patterns associated with CWE-492 (CWE-492). Each finding should be manually reviewed for exploitability in context.
VNX-493 – CWE-493
Detects Detects source patterns associated with CWE-493 (CWE-493). Each finding should be manually reviewed for exploitability in context.
VNX-495 – CWE-495
Detects Detects source patterns associated with CWE-495 (CWE-495). Each finding should be manually reviewed for exploitability in context.
VNX-497 – Exposure of Sensitive System Information to an Unauthorized Control Sphere
Detects Detects source patterns associated with CWE-497 (Exposure of Sensitive System Information to an Unauthorized Control Sphere). Each finding should be manually reviewed for exploitability in context.
VNX-498 – CWE-498
Detects Detects source patterns associated with CWE-498 (CWE-498). Each finding should be manually reviewed for exploitability in context.
VNX-499 – CWE-499
Detects Detects source patterns associated with CWE-499 (CWE-499). Each finding should be manually reviewed for exploitability in context.
VNX-500 – CWE-500
Detects Detects source patterns associated with CWE-500 (CWE-500). Each finding should be manually reviewed for exploitability in context.
VNX-501 – Trust Boundary Violation
Detects Detects source patterns associated with CWE-501 (Trust Boundary Violation). Each finding should be manually reviewed for exploitability in context.
VNX-506 – CWE-506
Detects Detects source patterns associated with CWE-506 (CWE-506). Each finding should be manually reviewed for exploitability in context.
VNX-511 – CWE-511
Detects Detects source patterns associated with CWE-511 (CWE-511). Each finding should be manually reviewed for exploitability in context.
VNX-514 – CWE-514
Detects Detects source patterns associated with CWE-514 (CWE-514). Each finding should be manually reviewed for exploitability in context.
VNX-515 – Covert Storage Channel
Detects Detects source patterns associated with CWE-515 (Covert Storage Channel). Each finding should be manually reviewed for exploitability in context.
VNX-521 – Weak Password Requirements
Detects Detects source patterns associated with CWE-521 (Weak Password Requirements). Each finding should be manually reviewed for exploitability in context.
VNX-522 – CWE-522
Detects Detects source patterns associated with CWE-522 (CWE-522). Each finding should be manually reviewed for exploitability in context.
VNX-523 – Unprotected Transport of Credentials
Detects Detects source patterns associated with CWE-523 (Unprotected Transport of Credentials). Each finding should be manually reviewed for exploitability in context.
VNX-524 – Use of Cache Containing Sensitive Information
Detects Detects source patterns associated with CWE-524 (Use of Cache Containing Sensitive Information). Each finding should be manually reviewed for exploitability in context.
VNX-525 – CWE-525
Detects Detects source patterns associated with CWE-525 (CWE-525). Each finding should be manually reviewed for exploitability in context.
VNX-532 – CWE-532
Detects Detects source patterns associated with CWE-532 (CWE-532). Each finding should be manually reviewed for exploitability in context.
VNX-536 – Servlet Runtime Error Message Containing Sensitive Information
Detect Java Servlet error handlers that write stack traces or exception details to the HTTP response.
VNX-538 – Insertion of Sensitive Information into Externally-Accessible File or Directory
Detects Detects source patterns associated with CWE-538 (Insertion of Sensitive Information into Externally-Accessible File or Directory). Each finding should be manually reviewed for exploitability in context.
VNX-539 – CWE-539
Detects Detects source patterns associated with CWE-539 (CWE-539). Each finding should be manually reviewed for exploitability in context.
VNX-540 – CWE-540
Detects Detects source patterns associated with CWE-540 (CWE-540). Each finding should be manually reviewed for exploitability in context.
VNX-544 – Missing Standardized Error Handling Mechanism
Detects Detects source patterns associated with CWE-544 (Missing Standardized Error Handling Mechanism). Each finding should be manually reviewed for exploitability in context.
VNX-546 – CWE-546
Detects Detects source patterns associated with CWE-546 (CWE-546). Each finding should be manually reviewed for exploitability in context.
VNX-547 – Use of Hard-coded, Security-relevant Constants
Detects Detects source patterns associated with CWE-547 (Use of Hard-coded, Security-relevant Constants). Each finding should be manually reviewed for exploitability in context.
VNX-548 – CWE-548
Detects Detects source patterns associated with CWE-548 (CWE-548). Each finding should be manually reviewed for exploitability in context.
VNX-549 – Missing Password Field Masking
Detects Detects source patterns associated with CWE-549 (Missing Password Field Masking). Each finding should be manually reviewed for exploitability in context.
VNX-551 – Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Detects Detects source patterns associated with CWE-551 (Incorrect Behavior Order: Authorization Before Parsing and Canonicalization). Each finding should be manually reviewed for exploitability in context.
VNX-553 – CWE-553
Detects Detects source patterns associated with CWE-553 (CWE-553). Each finding should be manually reviewed for exploitability in context.
VNX-554 – CWE-554
Detects Detects source patterns associated with CWE-554 (CWE-554). Each finding should be manually reviewed for exploitability in context.
VNX-555 – CWE-555
Detects Detects source patterns associated with CWE-555 (CWE-555). Each finding should be manually reviewed for exploitability in context.
VNX-561 – Dead Code
Detects Detects source patterns associated with CWE-561 (Dead Code). Each finding should be manually reviewed for exploitability in context.
VNX-562 – Return of Stack Variable Address
Detects Detects source patterns associated with CWE-562 (Return of Stack Variable Address). Each finding should be manually reviewed for exploitability in context.
VNX-563 – Assignment to Variable without Use
Detects Detects source patterns associated with CWE-563 (Assignment to Variable without Use). Each finding should be manually reviewed for exploitability in context.
VNX-565 – Reliance on Cookies without Validation and Integrity Checking
Detects Detects source patterns associated with CWE-565 (Reliance on Cookies without Validation and Integrity Checking). Each finding should be manually reviewed for exploitability in context.
VNX-566 – CWE-566
Detects Detects source patterns associated with CWE-566 (CWE-566). Each finding should be manually reviewed for exploitability in context.
VNX-570 – Expression is Always False
Detects Detects source patterns associated with CWE-570 (Expression is Always False). Each finding should be manually reviewed for exploitability in context.
VNX-571 – Expression is Always True
Detects Detects source patterns associated with CWE-571 (Expression is Always True). Each finding should be manually reviewed for exploitability in context.
VNX-572 – CWE-572
Detects Detects source patterns associated with CWE-572 (CWE-572). Each finding should be manually reviewed for exploitability in context.
VNX-573 – CWE-573
Detects Detects source patterns associated with CWE-573 (CWE-573). Each finding should be manually reviewed for exploitability in context.
VNX-578 – CWE-578
Detects Detects source patterns associated with CWE-578 (CWE-578). Each finding should be manually reviewed for exploitability in context.
VNX-580 – clone() Method Without super.clone()
Detects Detects source patterns associated with CWE-580 (clone() Method Without super.clone()). Each finding should be manually reviewed for exploitability in context.
VNX-581 – Object Model Violation: Just One of Equals and Hashcode Defined
Detects Detects source patterns associated with CWE-581 (Object Model Violation: Just One of Equals and Hashcode Defined). Each finding should be manually reviewed for exploitability in context.
VNX-582 – CWE-582
Detects Detects source patterns associated with CWE-582 (CWE-582). Each finding should be manually reviewed for exploitability in context.
VNX-583 – CWE-583
Detects Detects source patterns associated with CWE-583 (CWE-583). Each finding should be manually reviewed for exploitability in context.
VNX-584 – Return Inside Finally Block
Detects Detects source patterns associated with CWE-584 (Return Inside Finally Block). Each finding should be manually reviewed for exploitability in context.
VNX-585 – CWE-585
Detects Detects source patterns associated with CWE-585 (CWE-585). Each finding should be manually reviewed for exploitability in context.
VNX-586 – Explicit Call to Finalize()
Detects Detects source patterns associated with CWE-586 (Explicit Call to Finalize()). Each finding should be manually reviewed for exploitability in context.
VNX-587 – Assignment of a Fixed Address to a Pointer
Detects Detects source patterns associated with CWE-587 (Assignment of a Fixed Address to a Pointer). Each finding should be manually reviewed for exploitability in context.
VNX-588 – CWE-588
Detects Detects source patterns associated with CWE-588 (CWE-588). Each finding should be manually reviewed for exploitability in context.
VNX-589 – CWE-589
Detects Detects source patterns associated with CWE-589 (CWE-589). Each finding should be manually reviewed for exploitability in context.
VNX-59 – Improper Link Resolution Before File Access ('Link Following')
Detects Detects source patterns associated with CWE-59 (Improper Link Resolution Before File Access ('Link Following')). Each finding should be manually reviewed for exploitability in context.
VNX-591 – CWE-591
Detects Detects source patterns associated with CWE-591 (CWE-591). Each finding should be manually reviewed for exploitability in context.
VNX-594 – CWE-594
Detects Detects source patterns associated with CWE-594 (CWE-594). Each finding should be manually reviewed for exploitability in context.
VNX-595 – CWE-595
Detects Detects source patterns associated with CWE-595 (CWE-595). Each finding should be manually reviewed for exploitability in context.
VNX-597 – CWE-597
Detects Detects source patterns associated with CWE-597 (CWE-597). Each finding should be manually reviewed for exploitability in context.
VNX-598 – CWE-598
Detects Detects source patterns associated with CWE-598 (CWE-598). Each finding should be manually reviewed for exploitability in context.
VNX-600 – CWE-600
Detects Detects source patterns associated with CWE-600 (CWE-600). Each finding should be manually reviewed for exploitability in context.
VNX-602 – CWE-602
Detects Detects source patterns associated with CWE-602 (CWE-602). Each finding should be manually reviewed for exploitability in context.
VNX-603 – Use of Client-Side Authentication
Detects Detects source patterns associated with CWE-603 (Use of Client-Side Authentication). Each finding should be manually reviewed for exploitability in context.
VNX-605 – Multiple Binds to the Same Port
Detects Detects source patterns associated with CWE-605 (Multiple Binds to the Same Port). Each finding should be manually reviewed for exploitability in context.
VNX-606 – Unchecked Input for Loop Condition
Detects Detects source patterns associated with CWE-606 (Unchecked Input for Loop Condition). Each finding should be manually reviewed for exploitability in context.
VNX-607 – CWE-607
Detects Detects source patterns associated with CWE-607 (CWE-607). Each finding should be manually reviewed for exploitability in context.
VNX-609 – Double-Checked Locking
Detects Detects source patterns associated with CWE-609 (Double-Checked Locking). Each finding should be manually reviewed for exploitability in context.
VNX-610 – CWE-610
Detects Detects source patterns associated with CWE-610 (CWE-610). Each finding should be manually reviewed for exploitability in context.
VNX-614 – CWE-614
Detects Detects source patterns associated with CWE-614 (CWE-614). Each finding should be manually reviewed for exploitability in context.
VNX-615 – CWE-615
Detects Detects source patterns associated with CWE-615 (CWE-615). Each finding should be manually reviewed for exploitability in context.
VNX-617 – Reachable Assertion
Detects Detects source patterns associated with CWE-617 (Reachable Assertion). Each finding should be manually reviewed for exploitability in context.
VNX-618 – Exposed Unsafe ActiveX Method
Detects Detects source patterns associated with CWE-618 (Exposed Unsafe ActiveX Method). Each finding should be manually reviewed for exploitability in context.
VNX-619 – Dangling Database Cursor ('Cursor Injection')
Detects Detects source patterns associated with CWE-619 (Dangling Database Cursor ('Cursor Injection')). Each finding should be manually reviewed for exploitability in context.
VNX-620 – Unverified Password Change
Detects Detects source patterns associated with CWE-620 (Unverified Password Change). Each finding should be manually reviewed for exploitability in context.
VNX-621 – CWE-621
Detects Detects source patterns associated with CWE-621 (CWE-621). Each finding should be manually reviewed for exploitability in context.
VNX-622 – CWE-622
Detects Detects source patterns associated with CWE-622 (CWE-622). Each finding should be manually reviewed for exploitability in context.
VNX-624 – Executable Regular Expression Error
Detects Detects source patterns associated with CWE-624 (Executable Regular Expression Error). Each finding should be manually reviewed for exploitability in context.
VNX-625 – Permissive Regular Expression
Detects Detects source patterns associated with CWE-625 (Permissive Regular Expression). Each finding should be manually reviewed for exploitability in context.
VNX-626 – Null Byte Interaction Error (Null Byte Injection)
Detect file path operations vulnerable to null byte injection that can bypass extension restrictions.
VNX-627 – CWE-627
Detects Detects source patterns associated with CWE-627 (CWE-627). Each finding should be manually reviewed for exploitability in context.
VNX-628 – Function Call with Incorrectly Specified Arguments
Detects Detects source patterns associated with CWE-628 (Function Call with Incorrectly Specified Arguments). Each finding should be manually reviewed for exploitability in context.
VNX-635 – Weaknesses in OWASP Top Ten (Security TODO/FIXME)
Detect security-related TODO and FIXME comments indicating unresolved security concerns left in production code.
VNX-636 – CWE-636
Detects Detects source patterns associated with CWE-636 (CWE-636). Each finding should be manually reviewed for exploitability in context.
VNX-638 – CWE-638
Detects Detects source patterns associated with CWE-638 (CWE-638). Each finding should be manually reviewed for exploitability in context.
VNX-639 – Authorization Bypass Through User-Controlled Key
Detects Detects source patterns associated with CWE-639 (Authorization Bypass Through User-Controlled Key). Each finding should be manually reviewed for exploitability in context.
VNX-640 – Weak Password Recovery Mechanism for Forgotten Password
Detects Detects source patterns associated with CWE-640 (Weak Password Recovery Mechanism for Forgotten Password). Each finding should be manually reviewed for exploitability in context.
VNX-641 – Improper Restriction of Names for Files and Other Resources
Detects Detects source patterns associated with CWE-641 (Improper Restriction of Names for Files and Other Resources). Each finding should be manually reviewed for exploitability in context.
VNX-642 – CWE-642
Detects Detects source patterns associated with CWE-642 (CWE-642). Each finding should be manually reviewed for exploitability in context.
VNX-643 – CWE-643
Detects Detects source patterns associated with CWE-643 (CWE-643). Each finding should be manually reviewed for exploitability in context.
VNX-644 – CWE-644
Detects Detects source patterns associated with CWE-644 (CWE-644). Each finding should be manually reviewed for exploitability in context.
VNX-645 – Overly Restrictive Account Lockout Mechanism
Detects Detects source patterns associated with CWE-645 (Overly Restrictive Account Lockout Mechanism). Each finding should be manually reviewed for exploitability in context.
VNX-646 – CWE-646
Detects Detects source patterns associated with CWE-646 (CWE-646). Each finding should be manually reviewed for exploitability in context.
VNX-647 – CWE-647
Detects Detects source patterns associated with CWE-647 (CWE-647). Each finding should be manually reviewed for exploitability in context.
VNX-648 – Incorrect Use of Privileged APIs
Detects Detects source patterns associated with CWE-648 (Incorrect Use of Privileged APIs). Each finding should be manually reviewed for exploitability in context.
VNX-649 – Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Detects Detects source patterns associated with CWE-649 (Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking). Each finding should be manually reviewed for exploitability in context.
VNX-651 – CWE-651
Detects Detects source patterns associated with CWE-651 (CWE-651). Each finding should be manually reviewed for exploitability in context.
VNX-652 – CWE-652
Detects Detects source patterns associated with CWE-652 (CWE-652). Each finding should be manually reviewed for exploitability in context.
VNX-653 – Improper Isolation or Compartmentalization
Detects Detects source patterns associated with CWE-653 (Improper Isolation or Compartmentalization). Each finding should be manually reviewed for exploitability in context.
VNX-654 – Reliance on a Single Factor in a Security Decision
Detects Detects source patterns associated with CWE-654 (Reliance on a Single Factor in a Security Decision). Each finding should be manually reviewed for exploitability in context.
VNX-656 – Reliance on Security Through Obscurity
Detects Detects source patterns associated with CWE-656 (Reliance on Security Through Obscurity). Each finding should be manually reviewed for exploitability in context.
VNX-657 – CWE-657
Detects Detects source patterns associated with CWE-657 (CWE-657). Each finding should be manually reviewed for exploitability in context.
VNX-66 – Improper Handling of File Names that Identify Virtual Resources
Detects Detects source patterns associated with CWE-66 (Improper Handling of File Names that Identify Virtual Resources). Each finding should be manually reviewed for exploitability in context.
VNX-663 – Use of a Non-reentrant Function in a Concurrent Context
Detects Detects source patterns associated with CWE-663 (Use of a Non-reentrant Function in a Concurrent Context). Each finding should be manually reviewed for exploitability in context.
VNX-665 – CWE-665
Detects Detects source patterns associated with CWE-665 (CWE-665). Each finding should be manually reviewed for exploitability in context.
VNX-666 – CWE-666
Detects Detects source patterns associated with CWE-666 (CWE-666). Each finding should be manually reviewed for exploitability in context.
VNX-667 – CWE-667
Detects Detects source patterns associated with CWE-667 (CWE-667). Each finding should be manually reviewed for exploitability in context.
VNX-671 – CWE-671
Detects Detects source patterns associated with CWE-671 (CWE-671). Each finding should be manually reviewed for exploitability in context.
VNX-672 – CWE-672
Detects Detects source patterns associated with CWE-672 (CWE-672). Each finding should be manually reviewed for exploitability in context.
VNX-673 – CWE-673
Detects Detects source patterns associated with CWE-673 (CWE-673). Each finding should be manually reviewed for exploitability in context.
VNX-674 – CWE-674
Detects Detects source patterns associated with CWE-674 (CWE-674). Each finding should be manually reviewed for exploitability in context.
VNX-675 – CWE-675
Detects Detects source patterns associated with CWE-675 (CWE-675). Each finding should be manually reviewed for exploitability in context.
VNX-676 – Use of Potentially Dangerous Function
Detects Detects source patterns associated with CWE-676 (Use of Potentially Dangerous Function). Each finding should be manually reviewed for exploitability in context.
VNX-680 – CWE-680
Detects Detects source patterns associated with CWE-680 (CWE-680). Each finding should be manually reviewed for exploitability in context.
VNX-681 – Incorrect Conversion between Numeric Types
Detects Detects source patterns associated with CWE-681 (Incorrect Conversion between Numeric Types). Each finding should be manually reviewed for exploitability in context.
VNX-682 – CWE-682
Detects Detects source patterns associated with CWE-682 (CWE-682). Each finding should be manually reviewed for exploitability in context.
VNX-683 – CWE-683
Detects Detects source patterns associated with CWE-683 (CWE-683). Each finding should be manually reviewed for exploitability in context.
VNX-685 – CWE-685
Detects Detects source patterns associated with CWE-685 (CWE-685). Each finding should be manually reviewed for exploitability in context.
VNX-686 – CWE-686
Detects Detects source patterns associated with CWE-686 (CWE-686). Each finding should be manually reviewed for exploitability in context.
VNX-687 – CWE-687
Detects Detects source patterns associated with CWE-687 (CWE-687). Each finding should be manually reviewed for exploitability in context.
VNX-688 – CWE-688
Detects Detects source patterns associated with CWE-688 (CWE-688). Each finding should be manually reviewed for exploitability in context.
VNX-690 – CWE-690
Detects Detects source patterns associated with CWE-690 (CWE-690). Each finding should be manually reviewed for exploitability in context.
VNX-694 – Use of Multiple Resources with Duplicate Identifier
Detects Detects source patterns associated with CWE-694 (Use of Multiple Resources with Duplicate Identifier). Each finding should be manually reviewed for exploitability in context.
VNX-695 – Use of Low-Level Functionality
Detects Detects source patterns associated with CWE-695 (Use of Low-Level Functionality). Each finding should be manually reviewed for exploitability in context.
VNX-697 – CWE-697
Detects Detects source patterns associated with CWE-697 (CWE-697). Each finding should be manually reviewed for exploitability in context.
VNX-698 – Execution After Redirect (EAR)
Detects Detects source patterns associated with CWE-698 (Execution After Redirect (EAR)). Each finding should be manually reviewed for exploitability in context.
VNX-703 – CWE-703
Detects Detects source patterns associated with CWE-703 (CWE-703). Each finding should be manually reviewed for exploitability in context.
VNX-704 – CWE-704
Detects Detects source patterns associated with CWE-704 (CWE-704). Each finding should be manually reviewed for exploitability in context.
VNX-706 – CWE-706
Detects Detects source patterns associated with CWE-706 (CWE-706). Each finding should be manually reviewed for exploitability in context.
VNX-708 – Incorrect Ownership Assignment
Detects Detects source patterns associated with CWE-708 (Incorrect Ownership Assignment). Each finding should be manually reviewed for exploitability in context.
VNX-710 – CWE-710
Detects Detects source patterns associated with CWE-710 (CWE-710). Each finding should be manually reviewed for exploitability in context.
VNX-73 – External Control of File Name or Path
Detects Detects source patterns associated with CWE-73 (External Control of File Name or Path). Each finding should be manually reviewed for exploitability in context.
VNX-732 – CWE-732
Detects Detects source patterns associated with CWE-732 (CWE-732). Each finding should be manually reviewed for exploitability in context.
VNX-733 – Compiler Optimization Removal or Modification of Security-critical Code
Detects Detects source patterns associated with CWE-733 (Compiler Optimization Removal or Modification of Security-critical Code). Each finding should be manually reviewed for exploitability in context.
VNX-749 – Exposed Dangerous Method or Function
Detects Detects source patterns associated with CWE-749 (Exposed Dangerous Method or Function). Each finding should be manually reviewed for exploitability in context.
VNX-754 – CWE-754
Detects Detects source patterns associated with CWE-754 (CWE-754). Each finding should be manually reviewed for exploitability in context.
VNX-755 – CWE-755
Detects Detects source patterns associated with CWE-755 (CWE-755). Each finding should be manually reviewed for exploitability in context.
VNX-756 – Missing Custom Error Page
Detects Detects source patterns associated with CWE-756 (Missing Custom Error Page). Each finding should be manually reviewed for exploitability in context.
VNX-757 – CWE-757
Detects Detects source patterns associated with CWE-757 (CWE-757). Each finding should be manually reviewed for exploitability in context.
VNX-759 – CWE-759
Detects Detects source patterns associated with CWE-759 (CWE-759). Each finding should be manually reviewed for exploitability in context.
VNX-76 – Improper Neutralization of Equivalent Special Elements
Detects Detects source patterns associated with CWE-76 (Improper Neutralization of Equivalent Special Elements). Each finding should be manually reviewed for exploitability in context.
VNX-760 – CWE-760
Detects Detects source patterns associated with CWE-760 (CWE-760). Each finding should be manually reviewed for exploitability in context.
VNX-761 – CWE-761
Detects Detects source patterns associated with CWE-761 (CWE-761). Each finding should be manually reviewed for exploitability in context.
VNX-762 – CWE-762
Detects Detects source patterns associated with CWE-762 (CWE-762). Each finding should be manually reviewed for exploitability in context.
VNX-763 – Release of Invalid Pointer or Reference
Detects Detects source patterns associated with CWE-763 (Release of Invalid Pointer or Reference). Each finding should be manually reviewed for exploitability in context.
VNX-764 – Multiple Locks of a Critical Resource
Detects Detects source patterns associated with CWE-764 (Multiple Locks of a Critical Resource). Each finding should be manually reviewed for exploitability in context.
VNX-765 – Multiple Unlocks of a Critical Resource
Detects Detects source patterns associated with CWE-765 (Multiple Unlocks of a Critical Resource). Each finding should be manually reviewed for exploitability in context.
VNX-766 – Critical Data Element Declared Public
Detects Detects source patterns associated with CWE-766 (Critical Data Element Declared Public). Each finding should be manually reviewed for exploitability in context.
VNX-767 – Access to Critical Private Variable via Public Method
Detects Detects source patterns associated with CWE-767 (Access to Critical Private Variable via Public Method). Each finding should be manually reviewed for exploitability in context.
VNX-768 – CWE-768
Detects Detects source patterns associated with CWE-768 (CWE-768). Each finding should be manually reviewed for exploitability in context.
VNX-769 – CWE-769
Detects Detects source patterns associated with CWE-769 (CWE-769). Each finding should be manually reviewed for exploitability in context.
VNX-770 – Allocation of Resources Without Limits or Throttling
Detects Detects source patterns associated with CWE-770 (Allocation of Resources Without Limits or Throttling). Each finding should be manually reviewed for exploitability in context.
VNX-771 – Missing Reference to Active Allocated Resource
Detects Detects source patterns associated with CWE-771 (Missing Reference to Active Allocated Resource). Each finding should be manually reviewed for exploitability in context.
VNX-772 – Missing Release of Resource after Effective Lifetime
Detects Detects source patterns associated with CWE-772 (Missing Release of Resource after Effective Lifetime). Each finding should be manually reviewed for exploitability in context.
VNX-775 – CWE-775
Detects Detects source patterns associated with CWE-775 (CWE-775). Each finding should be manually reviewed for exploitability in context.
VNX-776 – Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Detects Detects source patterns associated with CWE-776 (Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')). Each finding should be manually reviewed for exploitability in context.
VNX-777 – Regular Expression without Anchors
Detect regex validation patterns without ^ and $ anchors that allow partial matches to bypass input validation.
VNX-778 – Insufficient Logging
Detects Detects source patterns associated with CWE-778 (Insufficient Logging). Each finding should be manually reviewed for exploitability in context.
VNX-779 – Logging of Excessive Data
Detects Detects source patterns associated with CWE-779 (Logging of Excessive Data). Each finding should be manually reviewed for exploitability in context.
VNX-780 – CWE-780
Detects Detects source patterns associated with CWE-780 (CWE-780). Each finding should be manually reviewed for exploitability in context.
VNX-781 – Improper Address Validation in IOCTL
Detect Windows kernel driver IOCTL handlers that do not validate user-space buffer addresses with ProbeForRead/ProbeForWrite.
VNX-783 – Operator Precedence Logic Error
Detects Detects source patterns associated with CWE-783 (Operator Precedence Logic Error). Each finding should be manually reviewed for exploitability in context.
VNX-784 – CWE-784
Detects Detects source patterns associated with CWE-784 (CWE-784). Each finding should be manually reviewed for exploitability in context.
VNX-785 – CWE-785
Detects Detects source patterns associated with CWE-785 (CWE-785). Each finding should be manually reviewed for exploitability in context.
VNX-786 – Access of Memory Location Before Start of Buffer
Detects Detects source patterns associated with CWE-786 (Access of Memory Location Before Start of Buffer). Each finding should be manually reviewed for exploitability in context.
VNX-788 – Access of Memory Location After End of Buffer
Detects Detects source patterns associated with CWE-788 (Access of Memory Location After End of Buffer). Each finding should be manually reviewed for exploitability in context.
VNX-789 – CWE-789
Detects Detects source patterns associated with CWE-789 (CWE-789). Each finding should be manually reviewed for exploitability in context.
VNX-791 – Incomplete Filtering of Special Elements
Detects Detects source patterns associated with CWE-791 (Incomplete Filtering of Special Elements). Each finding should be manually reviewed for exploitability in context.
VNX-792 – CWE-792
Detects Detects source patterns associated with CWE-792 (CWE-792). Each finding should be manually reviewed for exploitability in context.
VNX-793 – CWE-793
Detects Detects source patterns associated with CWE-793 (CWE-793). Each finding should be manually reviewed for exploitability in context.
VNX-796 – CWE-796
Detects Detects source patterns associated with CWE-796 (CWE-796). Each finding should be manually reviewed for exploitability in context.
VNX-799 – CWE-799
Detects Detects source patterns associated with CWE-799 (CWE-799). Each finding should be manually reviewed for exploitability in context.
VNX-804 – Guessable CAPTCHA
Detects Detects source patterns associated with CWE-804 (Guessable CAPTCHA). Each finding should be manually reviewed for exploitability in context.
VNX-805 – Buffer Access with Incorrect Length Value
Detects Detects source patterns associated with CWE-805 (Buffer Access with Incorrect Length Value). Each finding should be manually reviewed for exploitability in context.
VNX-806 – CWE-806
Detects Detects source patterns associated with CWE-806 (CWE-806). Each finding should be manually reviewed for exploitability in context.
VNX-807 – Reliance on Untrusted Inputs in a Security Decision
Detects Detects source patterns associated with CWE-807 (Reliance on Untrusted Inputs in a Security Decision). Each finding should be manually reviewed for exploitability in context.
VNX-820 – Missing Synchronization
Detects Detects source patterns associated with CWE-820 (Missing Synchronization). Each finding should be manually reviewed for exploitability in context.
VNX-821 – Incorrect Synchronization
Detects Detects source patterns associated with CWE-821 (Incorrect Synchronization). Each finding should be manually reviewed for exploitability in context.
VNX-822 – Untrusted Pointer Dereference
Detects Detects source patterns associated with CWE-822 (Untrusted Pointer Dereference). Each finding should be manually reviewed for exploitability in context.
VNX-823 – Use of Out-of-range Pointer Offset
Detects Detects source patterns associated with CWE-823 (Use of Out-of-range Pointer Offset). Each finding should be manually reviewed for exploitability in context.
VNX-824 – Access of Uninitialized Pointer
Detects Detects source patterns associated with CWE-824 (Access of Uninitialized Pointer). Each finding should be manually reviewed for exploitability in context.
VNX-825 – Expired Pointer Dereference
Detects Detects source patterns associated with CWE-825 (Expired Pointer Dereference). Each finding should be manually reviewed for exploitability in context.
VNX-826 – Premature Release of Resource During Expected Lifetime
Detects Detects source patterns associated with CWE-826 (Premature Release of Resource During Expected Lifetime). Each finding should be manually reviewed for exploitability in context.
VNX-827 – CWE-827
Detects Detects source patterns associated with CWE-827 (CWE-827). Each finding should be manually reviewed for exploitability in context.
VNX-828 – Signal Handler with Functionality that is not Asynchronous-Signal-Safe
Detect signal handler functions calling non-async-signal-safe functions like printf, malloc, free, or syslog.
VNX-831 – Signal Handler for Multiple Signals
Detect a single signal handler registered for multiple signals, which can cause re-entrant execution and non-deterministic behavior.
VNX-832 – Unlock of a Resource that is not Locked
Detects Detects source patterns associated with CWE-832 (Unlock of a Resource that is not Locked). Each finding should be manually reviewed for exploitability in context.
VNX-833 – Deadlock
Detects Detects source patterns associated with CWE-833 (Deadlock). Each finding should be manually reviewed for exploitability in context.
VNX-835 – Loop with Unreachable Exit Condition ('Infinite Loop')
Detects Detects source patterns associated with CWE-835 (Loop with Unreachable Exit Condition ('Infinite Loop')). Each finding should be manually reviewed for exploitability in context.
VNX-836 – Use of Password Hash Instead of Password for Authentication
Detects Detects source patterns associated with CWE-836 (Use of Password Hash Instead of Password for Authentication). Each finding should be manually reviewed for exploitability in context.
VNX-837 – Improper Enforcement of a Single, Unique Action
Detects Detects source patterns associated with CWE-837 (Improper Enforcement of a Single, Unique Action). Each finding should be manually reviewed for exploitability in context.
VNX-838 – Inappropriate Encoding for Output Context
Detects Detects source patterns associated with CWE-838 (Inappropriate Encoding for Output Context). Each finding should be manually reviewed for exploitability in context.
VNX-839 – Numeric Range Comparison Without Minimum Check
Detects Detects source patterns associated with CWE-839 (Numeric Range Comparison Without Minimum Check). Each finding should be manually reviewed for exploitability in context.
VNX-840 – CWE-840
Detects Detects source patterns associated with CWE-840 (CWE-840). Each finding should be manually reviewed for exploitability in context.
VNX-841 – Improper Enforcement of Behavioral Workflow
Detects Detects source patterns associated with CWE-841 (Improper Enforcement of Behavioral Workflow). Each finding should be manually reviewed for exploitability in context.
VNX-842 – Placement of User into Incorrect Group
Detects Detects source patterns associated with CWE-842 (Placement of User into Incorrect Group). Each finding should be manually reviewed for exploitability in context.
VNX-843 – Access of Resource Using Incompatible Type ('Type Confusion')
Detects Detects source patterns associated with CWE-843 (Access of Resource Using Incompatible Type ('Type Confusion')). Each finding should be manually reviewed for exploitability in context.
VNX-862 – CWE-862
Detects Detects source patterns associated with CWE-862 (CWE-862). Each finding should be manually reviewed for exploitability in context.
VNX-863 – CWE-863
Detects Detects source patterns associated with CWE-863 (CWE-863). Each finding should be manually reviewed for exploitability in context.
VNX-908 – Use of Uninitialized Resource
Detects Detects source patterns associated with CWE-908 (Use of Uninitialized Resource). Each finding should be manually reviewed for exploitability in context.
VNX-909 – Missing Initialization of Resource
Detects Detects source patterns associated with CWE-909 (Missing Initialization of Resource). Each finding should be manually reviewed for exploitability in context.
VNX-910 – Use of Expired File Descriptor
Detects Detects source patterns associated with CWE-910 (Use of Expired File Descriptor). Each finding should be manually reviewed for exploitability in context.
VNX-911 – Improper Update of Reference Count
Detects Detects source patterns associated with CWE-911 (Improper Update of Reference Count). Each finding should be manually reviewed for exploitability in context.
VNX-912 – Hidden Functionality (Backdoor)
Detect hardcoded backdoor accounts, hidden debug endpoints, and magic command sequences that bypass normal security controls.
VNX-913 – CWE-913
Detects Detects source patterns associated with CWE-913 (CWE-913). Each finding should be manually reviewed for exploitability in context.
VNX-914 – Improper Control of Dynamically-Identified Variables
Detects Detects source patterns associated with CWE-914 (Improper Control of Dynamically-Identified Variables). Each finding should be manually reviewed for exploitability in context.
VNX-915 – Improperly Controlled Modification of Dynamically-Determined Object Attributes
Detects Detects source patterns associated with CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes). Each finding should be manually reviewed for exploitability in context.
VNX-918 – Server-Side Request Forgery (SSRF)
Detects Detects source patterns associated with CWE-918 (Server-Side Request Forgery (SSRF)). Each finding should be manually reviewed for exploitability in context.
VNX-920 – Improper Restriction of Power Consumption
Detects Detects source patterns associated with CWE-920 (Improper Restriction of Power Consumption). Each finding should be manually reviewed for exploitability in context.
VNX-924 – Improper Enforcement of Message Integrity During Transmission in a Communication Channel
Detects Detects source patterns associated with CWE-924 (Improper Enforcement of Message Integrity During Transmission in a Communication Channel). Each finding should be manually reviewed for exploitability in context.
VNX-925 – CWE-925
Detects Detects source patterns associated with CWE-925 (CWE-925). Each finding should be manually reviewed for exploitability in context.
VNX-926 – CWE-926
Detects Detects source patterns associated with CWE-926 (CWE-926). Each finding should be manually reviewed for exploitability in context.
VNX-927 – CWE-927
Detects Detects source patterns associated with CWE-927 (CWE-927). Each finding should be manually reviewed for exploitability in context.
VNX-928 – CWE-928
Detects Detects source patterns associated with CWE-928 (CWE-928). Each finding should be manually reviewed for exploitability in context.
VNX-929 – CWE-929
Detects Detects source patterns associated with CWE-929 (CWE-929). Each finding should be manually reviewed for exploitability in context.
VNX-930 – CWE-930
Detects Detects source patterns associated with CWE-930 (CWE-930). Each finding should be manually reviewed for exploitability in context.
VNX-931 – CWE-931
Detects Detects source patterns associated with CWE-931 (CWE-931). Each finding should be manually reviewed for exploitability in context.
VNX-932 – CWE-932
Detects Detects source patterns associated with CWE-932 (CWE-932). Each finding should be manually reviewed for exploitability in context.
VNX-933 – CWE-933
Detects Detects source patterns associated with CWE-933 (CWE-933). Each finding should be manually reviewed for exploitability in context.
VNX-935 – CWE-935
Detects Detects source patterns associated with CWE-935 (CWE-935). Each finding should be manually reviewed for exploitability in context.
VNX-936 – CWE-936
Detects Detects source patterns associated with CWE-936 (CWE-936). Each finding should be manually reviewed for exploitability in context.
VNX-937 – CWE-937
Detects Detects source patterns associated with CWE-937 (CWE-937). Each finding should be manually reviewed for exploitability in context.
VNX-938 – CWE-938
Detects Detects source patterns associated with CWE-938 (CWE-938). Each finding should be manually reviewed for exploitability in context.
VNX-939 – Improper Authorization in Handler for Custom URL Scheme
Detects Detects source patterns associated with CWE-939 (Improper Authorization in Handler for Custom URL Scheme). Each finding should be manually reviewed for exploitability in context.
VNX-94 – Code Injection
Detect dynamic code evaluation functions (eval, exec, new Function, etc.) called with user-controlled or dynamic input, enabling arbitrary code execution.
VNX-940 – Improper Verification of Source of a Communication Channel
Detects Detects source patterns associated with CWE-940 (Improper Verification of Source of a Communication Channel). Each finding should be manually reviewed for exploitability in context.
VNX-941 – Incorrectly Specified Destination in a Communication Channel
Detects Detects source patterns associated with CWE-941 (Incorrectly Specified Destination in a Communication Channel). Each finding should be manually reviewed for exploitability in context.
VNX-942 – CWE-942
Detects Detects source patterns associated with CWE-942 (CWE-942). Each finding should be manually reviewed for exploitability in context.
VNX-943 – CWE-943
Detects Detects source patterns associated with CWE-943 (CWE-943). Each finding should be manually reviewed for exploitability in context.
VNX-95 – Template Injection (Eval Injection)
Detect server-side template engines rendering user-controlled strings as template source, enabling Server-Side Template Injection (SSTI) and arbitrary code execution.
VNX-98 – PHP Remote File Inclusion
Detect PHP include/require statements that use user-controlled superglobal variables as the file path, enabling attackers to load and execute arbitrary remote code.
VNX-ANDROID-001 – Android Insecure Manifest Configuration
Detects insecure AndroidManifest.xml settings such as android:debuggable='true' and android:allowBackup='true' that expose apps to debugging attacks and data extraction.
VNX-ANDROID-002 – Android WebView JavaScript Enabled
Detects insecure WebView configuration in Android apps including enabled JavaScript, file access, and addJavascriptInterface calls that expose apps to XSS and remote code execution.
VNX-ANDROID-003 – Android Exported Component Without Permission Check
Detects Activity, Service, BroadcastReceiver, or ContentProvider components declared with android:exported='true' in the AndroidManifest without a required permission, allowing any third-party app to invoke them.
VNX-ANDROID-004 – Android SharedPreferences Used for Sensitive Data Storage
Detects calls to SharedPreferences.putString() that store password, token, secret, or key values in the plaintext SharedPreferences XML store, exposing credentials to root access, backups, and memory forensics.
VNX-ANDROID-005 – Android Network Security Config Allows Plaintext HTTP Traffic
Detects cleartextTrafficPermitted='true' in Android network security configuration XML files, which permits unencrypted HTTP connections that can be intercepted by network attackers.
VNX-ANDROID-006 – Android Hardcoded API Key in strings.xml
Detects string resources in Android XML value files whose names suggest they hold credentials (api_key, secret, token, password, private_key, auth) and contain non-placeholder values that will be bundled into the APK.
VNX-ANDROID-007 – Android Weak Cryptography Using AES in ECB Mode
Detects Cipher.getInstance() calls that specify AES/ECB or plain 'AES' (which defaults to ECB mode on Android), a deterministic cipher mode that leaks data patterns and does not provide semantic security.
VNX-BASH-001 – eval with Potentially User-Controlled Input
Detects eval calls that use a variable, command substitution, or concatenation rather than a static string literal, enabling arbitrary shell command injection if any part of the evaluated string originates from external input.
VNX-BASH-002 – curl or wget Output Piped Directly to Shell Interpreter
Detects shell scripts that pipe the output of curl or wget directly to bash, sh, zsh, ksh, or dash, executing remote code without any integrity verification and creating a supply-chain attack surface.
VNX-BASH-003 – Missing set -euo pipefail in Bash Script
Detects Bash scripts with a valid shebang that do not contain 'set -euo pipefail' or equivalent error-handling options, causing silent failure propagation and undefined-variable bugs.
VNX-BASH-004 – Unquoted Variable Used in Command or Test
Detects shell variables used inside single-bracket [ ] test expressions without double-quotes, making them vulnerable to word splitting, glob expansion, and argument injection.
VNX-BASH-005 – Hardcoded Secret or Password in Shell Script
Detects shell variable assignments where the variable name indicates a secret, password, token, or API key and the value is a non-empty string literal rather than a runtime reference.
VNX-BASH-006 – Global IFS Reassignment in Shell Script
Detects global reassignment of the IFS (Internal Field Separator) variable in Bash scripts, which alters word-splitting behaviour for all subsequent commands and can cause security-sensitive parsing to behave unexpectedly.
VNX-BASH-007 – Unquoted Command Substitution in Shell Script
Detects command substitutions using $(...) that are not wrapped in double-quotes, exposing the result to word splitting and glob expansion and enabling argument injection if the output is attacker-influenced.
VNX-C-001 – Use of Unbounded String Copy Function (strcpy/strcat/gets)
Detects calls to strcpy, stpcpy, strcat, gets, wcscpy, wcscat, and related unbounded string copy functions in C and C++ code. These functions copy data without checking the destination buffer size, enabling classic stack and heap buffer overflow attacks.
VNX-C-002 – Format String Injection via Non-Literal Format Argument
Detects calls to printf, fprintf, sprintf, syslog, and related format-string functions where the format argument is not a string literal. An attacker who controls the format string can read from or write to arbitrary memory via %n and other format specifiers.
VNX-C-003 – OS Command Injection via system() or popen() with Non-Literal Argument
Detects calls to system(), popen(), p2open(), and wordexp() in C and C++ where the command argument is not a string literal. When user-controlled input reaches these shell-invoking functions, an attacker can inject arbitrary OS commands.
VNX-C-004 – Use-After-Free: Pointer Used After free()
Detects patterns where a pointer is freed with free() and then referenced on the immediately following non-blank, non-comment line without being reassigned to NULL or a new allocation, indicating a use-after-free bug.
VNX-C-005 – Integer Overflow in malloc/calloc Size Arithmetic
Detects calls to malloc(), realloc(), valloc(), and aligned_alloc() where the size argument contains arithmetic operations (multiplication or addition) without prior overflow validation, which can produce an undersized allocation and a subsequent heap buffer overflow.
VNX-C-006 – Use of alloca() for Dynamic Stack Allocation
Detects calls to alloca() in C and C++ code, which allocates memory on the stack based on a runtime-determined size with no bounds checking, enabling stack overflow or stack frame corruption when the size is large or attacker-controlled.
VNX-CRYPTO-001 – MD5 Usage Detected
Detects use of the MD5 hash algorithm across Python, Node.js, Go, Java, Ruby, and PHP, flagging code that relies on a cryptographically broken hash function.
VNX-CRYPTO-002 – SHA-1 Usage Detected
Detects use of the SHA-1 hash algorithm across Python, Node.js, Go, Java, Ruby, and PHP, flagging code that relies on a cryptographically broken hash function.
VNX-CRYPTO-003 – AES in ECB Mode
Detects use of AES in ECB (Electronic Codebook) mode, which leaks data patterns and is semantically insecure, across Python, Node.js, Go, Java, Ruby, and PHP.
VNX-CRYPTO-004 – Broken or Obsolete Cipher
Detects use of DES, 3DES, RC4, and Blowfish — cryptographically broken or deprecated symmetric ciphers — across Python, Node.js, Go, Java, Ruby, and PHP.
VNX-CRYPTO-005 – TLS Certificate Validation Disabled
Detects code that disables TLS certificate verification in Python, Node.js, Go, and Java, exposing connections to man-in-the-middle attacks.
VNX-CRYPTO-006 – Weak RSA Key Size
Detects RSA key generation using key sizes below 2048 bits (512, 768, or 1024 bits) in Python, Go, and Java, where the keys can be factored by modern hardware.
VNX-CRYPTO-007 – Weak Password Hashing (Insufficient Iterations or Missing KDF)
Detects passwords hashed with MD5, SHA-1, SHA-256, or similar general-purpose algorithms instead of a proper key derivation function, making stored passwords recoverable through brute-force or rainbow-table attacks.
VNX-CRYPTO-008 – Timing Attack via Direct Comparison of Secrets
Detects direct == or === comparison of HMAC digests, hashes, tokens, or signatures, which leaks timing information that allows attackers to incrementally reconstruct the expected value.
VNX-CRYPTO-009 – Use of Cryptographically Weak PRNG (rand/srand/random in C/C++)
Detects use of rand(), srand(), drand48(), lrand48(), and related non-cryptographic pseudo-random number generator functions in C and C++ code where cryptographically secure randomness is required.
VNX-CRYPTO-010 – Hardcoded IV, Nonce, or Salt in Cryptographic Operation
Detects hardcoded or zero-filled initialization vectors, nonces, and salts assigned to variables named iv, nonce, or salt across multiple languages, which destroys the security properties of stream ciphers, AEAD schemes, and key derivation functions.
VNX-CS-001 – C# SQL Injection via String Concatenation in SqlCommand
Detects SQL queries constructed by concatenating or interpolating user-supplied input into SqlCommand, OleDbCommand, OdbcCommand, or OracleCommand instead of using parameterised queries.
VNX-CS-002 – C# Command Injection via Process.Start with User Input
Detects calls to System.Diagnostics.Process.Start or ProcessStartInfo.FileName/Arguments assignments that incorporate user-controlled input through string concatenation or interpolation.
VNX-CS-003 – C# XXE via XmlDocument with XmlResolver Enabled
Detects XML parsing configurations in C# that enable external entity resolution or DTD processing, exposing applications to XML External Entity (XXE) injection attacks.
VNX-CS-004 – C# Insecure Deserialization via BinaryFormatter or SoapFormatter
Detects use of BinaryFormatter, SoapFormatter, NetDataContractSerializer, LosFormatter, ObjectStateFormatter, and JavaScriptSerializer, which deserialise arbitrary .NET object graphs and can execute attacker-controlled code.
VNX-CS-005 – C# Missing ValidateAntiForgeryToken on State-Changing MVC Actions
Detects ASP.NET MVC controller actions decorated with [HttpPost], [HttpPut], [HttpDelete], or [HttpPatch] that lack the [ValidateAntiForgeryToken] attribute, leaving them vulnerable to Cross-Site Request Forgery.
VNX-CS-006 – C# Insecure Random Number Generator (System.Random for Security)
Detects use of System.Random in security-sensitive contexts such as token, password, key, nonce, salt, or session generation, where a cryptographically secure random number generator is required.
VNX-CS-007 – C# Path Traversal via Path.Combine with User Input
Detects uses of Path.Combine in C# where the arguments include user-supplied input from HTTP request sources, without prior canonicalisation or validation that the resulting path stays within the intended base directory.
VNX-CS-008 – C# SSRF via WebClient or HttpClient with User-Supplied URL
Detects C# code where WebClient, HttpClient, HttpWebRequest, or WebRequest HTTP methods are invoked with a non-literal URL argument, enabling Server-Side Request Forgery when the URL contains attacker-controlled input.
VNX-CS-009 – C# Use of Weak Cryptographic Algorithm (MD5, SHA1, DES, RC2, 3DES)
Detects instantiation of broken or weak cryptographic algorithm classes in C# including MD5, SHA-1, DES, RC2, and TripleDES, which should not be used for security-sensitive operations such as password hashing, message authentication, or data encryption.
VNX-CS-010 – C# Hardcoded Connection String with Credentials
Detects database connection string literals in C# source files that contain a Password= or pwd= key-value pair with a plaintext value, indicating hardcoded database credentials that cannot be rotated without a code change.
VNX-DOCKER-001 – Dockerfile Missing USER Directive
Detects Dockerfiles that do not include a USER directive, causing containers to run as root and significantly expanding the blast radius of any container compromise.
VNX-DOCKER-002 – Dockerfile FROM :latest Tag
Detects Dockerfile FROM instructions that use the :latest tag or no tag at all, making builds non-reproducible and vulnerable to silent supply chain compromise.
VNX-DOCKER-003 – Secret in Dockerfile ARG or ENV
Detects Dockerfile ARG and ENV instructions whose names suggest credentials (PASSWORD, SECRET, TOKEN, KEY, CREDENTIAL, API_KEY) and include an assigned value, baking secrets into image layers.
VNX-DOCKER-004 – Dockerfile ADD with Remote URL
Detects Dockerfile ADD instructions that download content from HTTP or HTTPS URLs, bypassing integrity verification and creating a supply chain attack vector.
VNX-DOCKER-005 – Dockerfile Privileged Container Flag
Detects --privileged mode in Dockerfiles and docker-compose files, which disables all container security boundaries and grants full access to the host kernel.
VNX-DOCKER-006 – Dockerfile Uses ADD Instead of COPY for Local Files
Detects ADD instructions used to copy local files or directories, where the simpler and more explicit COPY instruction should be used instead.
VNX-DOCKER-007 – Dockerfile Missing HEALTHCHECK Instruction
Detects runtime Dockerfiles that define a CMD or ENTRYPOINT but omit a HEALTHCHECK instruction, preventing container orchestrators from detecting unhealthy application states.
VNX-DOCKER-008 – Dockerfile Package Manager Install Without Version Pinning
Detects apt-get install, apk add, or yum install instructions in Dockerfiles that do not pin package versions, making builds non-reproducible and introducing supply chain risk.
VNX-GO-001 – Missing go.sum
Detect Go projects that are missing a go.sum lockfile, leaving them vulnerable to software supply chain attacks via tampered or substituted modules.
VNX-GO-002 – Command Injection via exec.Command
Detect Go code that passes fmt.Sprintf-formatted strings to exec.Command, enabling command injection when any part of the format string is user-controlled.
VNX-GO-003 – SQL Injection via fmt.Sprintf
Detect Go database queries built with fmt.Sprintf or string concatenation, which allow SQL injection when any part of the query string originates from user input.
VNX-GO-004 – TLS InsecureSkipVerify Enabled
Detect Go TLS configurations that set InsecureSkipVerify to true, disabling certificate validation and enabling man-in-the-middle attacks.
VNX-GO-005 – Go Open Redirect
Detect Go HTTP handlers that pass user-controlled query parameters or form values directly to http.Redirect, enabling open redirect attacks used in phishing campaigns.
VNX-GO-006 – Go Server-Side Request Forgery
Detect Go HTTP handlers that use user-controlled input to construct outbound HTTP requests, enabling server-side request forgery attacks against internal services and cloud metadata endpoints.
VNX-GO-007 – Go Path Traversal
Detect Go code that passes user-controlled input from HTTP requests directly to file system functions without path sanitization, enabling directory traversal attacks.
VNX-GO-008 – Go Weak PRNG for Security
Detect Go code that imports math/rand for use in security-sensitive contexts such as token generation, password creation, or session ID assignment, where a cryptographically secure PRNG is required.
VNX-GO-009 – Go text/template Used for HTML
Detect Go code that imports text/template for rendering HTML output, bypassing automatic HTML escaping and enabling cross-site scripting (XSS) attacks.
VNX-GO-010 – Go Weak Cipher Usage
Detect Go code that imports or uses DES, Triple DES, or RC4 ciphers, which are cryptographically broken and must not be used to protect sensitive data.
VNX-GO-011 – Go gob Deserialization from HTTP Request Body
Detect Go code that decodes gob data directly from an HTTP request body, which can cause denial of service or trigger unexpected behaviour in complex types.
VNX-GO-012 – Go HTTP Response Header Injection (CRLF)
Detect Go code that passes user-controlled query or form input directly into HTTP response headers, enabling CRLF injection and response splitting attacks.
VNX-GO-013 – Go Zip/Tar Slip via Archive Entry Name
Detect Go code that joins an archive entry header.Name into a file path via filepath.Join() without validating the result stays within the target directory.
VNX-GO-014 – sync.Mutex Lock() Without Deferred Unlock()
Detects sync.Mutex.Lock() or sync.RWMutex.RLock() calls that are not immediately followed by a deferred Unlock or RUnlock, risking goroutine deadlocks on panic or early return.
VNX-GO-015 – sync.WaitGroup.Add() Called Inside Goroutine
Detects WaitGroup.Add() calls placed inside an anonymous goroutine body, which creates a race condition between Add() and Wait() that can cause premature completion or a panic.
VNX-GO-016 – Integer Downcast After strconv.Atoi/ParseInt/ParseUint
Detects integer values parsed with strconv.Atoi, ParseInt, or ParseUint that are immediately cast to a narrower integer type without range validation, risking silent truncation or sign flip.
VNX-GO-017 – Go SQL Injection via fmt.Sprintf in Database Call
Detects database/sql queries constructed with fmt.Sprintf or string concatenation before being passed to db.Exec, db.Query, or related methods, enabling SQL injection when any interpolated value is user-controlled.
VNX-GO-018 – Go Arbitrary File Write via User-Controlled Path
Detects os.WriteFile, os.Create, or ioutil.WriteFile calls whose path argument may be derived from HTTP request input without filepath.Clean validation, enabling path traversal attacks.
VNX-GO-019 – Go Server Binding to All Interfaces (0.0.0.0)
Detects net.Listen, tls.Listen, or http.ListenAndServe calls that bind to 0.0.0.0 or all interfaces with :PORT notation, exposing the service on every network interface including public ones.
VNX-GO-020 – Use of template.HTML with potential user input
Detects usage of template.HTML function that may mark user input as safe, potentially leading to Cross-Site Scripting (XSS) vulnerabilities.
VNX-GO-021 – Potential XSS via fmt.Fprintf with HTML tags
Detects usage of fmt.Fprintf to output HTML tags combined with variables, which can lead to Cross-Site Scripting (XSS) if variables contain user-controlled data.
VNX-GO-022 – Use of eval() or dynamic code execution
Detects usage of eval() or similar dynamic code execution functions with user input, which can lead to Remote Code Execution (RCE) vulnerabilities.
VNX-GO-023 – SQL injection via string concatenation
Detects SQL query construction using string concatenation with user input, which can lead to SQL injection vulnerabilities.
VNX-GO-024 – Missing input validation on HTTP request parameters
Detects direct usage of HTTP request parameters without apparent validation, which can lead to injection and business logic bypass vulnerabilities.
VNX-GO-025 – Potential open redirect via HTTP redirect
Detects HTTP redirects that use user-controlled input without validation, which can lead to open redirect vulnerabilities.
VNX-GO-026 – Missing file type validation on upload
Detects file upload handling without apparent file type validation, which can lead to malicious file upload vulnerabilities.
VNX-GO-027 – Potential path traversal via file path construction
Detects file path construction using user input without proper validation, which can lead to path traversal vulnerabilities.
VNX-GO-028 – Use of weak cryptographic hash for password hashing
Detects use of MD5 or SHA-1 for password hashing, which are cryptographically broken algorithms unsuitable for storing credentials.
VNX-GO-029 – Hardcoded weak or default password
Detects password, passwd, or similar credential variables assigned common weak or default string values such as 'admin', 'password', or '123456'.
VNX-GO-030 – Missing Secure flag on cookie
Detects http.Cookie creation without the Secure attribute set to true, which allows session cookies to be transmitted over unencrypted HTTP connections.
VNX-GO-031 – Missing signature validation on JWT
Detects JWT parsing that does not verify the token's cryptographic signature, allowing attackers to forge arbitrary claims.
VNX-GO-032 – JWT missing expiration validation
Detects JWT parsing that does not verify the token's expiration claim, allowing expired or non-expiring tokens to be accepted indefinitely.
VNX-GO-033 – JWT missing audience validation
Detects JWT parsing that does not verify the audience claim, allowing tokens issued for one service to be replayed against other services.
VNX-GO-034 – OAuth redirect URI without validation against allowlist
Detect Go HTTP handlers that pass user-controlled redirect URI values directly to http.Redirect without validating against an explicit allowlist, enabling open redirect attacks in OAuth flows.
VNX-GO-035 – Missing HttpOnly flag on cookie
Detect Go http.Cookie struct literals where HttpOnly is not set to true, leaving session cookies accessible to JavaScript and vulnerable to cross-site scripting theft.
VNX-GO-036 – Use of ECB block mode
Detect Go cryptographic code that implements or references Electronic Codebook (ECB) block cipher mode, which leaks data patterns and must not be used to protect sensitive data.
VNX-GO-037 – Missing security headers in HTTP response
Detect Go HTTP handlers that write responses via WriteHeader, Header().Set, or http.ResponseWriter without setting essential browser security headers such as X-Frame-Options, X-Content-Type-Options, and Content-Security-Policy.
VNX-GO-038 – Potential mass assignment via struct binding
Detect Go code that binds or decodes request bodies directly into structs without field-level restrictions, enabling attackers to set privileged or internal fields that were not intended to be user-controlled.
VNX-GO-039 – Missing rate limiting on login endpoint
Detect Go HTTP handler functions named after login or sign-in operations that do not apply rate limiting, throttling, or lockout mechanisms, leaving authentication endpoints open to brute-force and credential-stuffing attacks.
VNX-GO-040 – Logging of sensitive data
Detect Go code that passes sensitive values such as passwords, secrets, tokens, or credentials directly to log output functions, which persists plaintext secrets in log files, SIEM systems, and log aggregation pipelines.
VNX-GO-041 – Use of deprecated TLS version
Detect Go TLS configuration that sets MinVersion or MaxVersion to tls.VersionTLS10 or tls.VersionTLS11, enabling negotiation of deprecated protocol versions that are vulnerable to known attacks.
VNX-GQL-001 – GraphQL Introspection Enabled in Production
Detects Apollo Server configured with introspection: true or express-graphql with graphiql: true, exposing the full API schema to unauthenticated attackers.
VNX-GQL-002 – GraphQL Query Batching or No Depth Limit (DoS)
Detects Apollo Server configured with allowBatchedHttpRequests: true, which allows attackers to send many operations in a single request and bypass rate limiting controls.
VNX-GQL-003 – GraphQL Query String Injection via String Concatenation
Detects GraphQL operation documents built by concatenating or interpolating user-controlled input into the query string, allowing attackers to inject arbitrary fields, aliases, or directives.
VNX-GQL-004 – GraphQL Field Suggestion Disclosure Enabled
Detects Apollo Server and graphql-yoga configurations that do not explicitly disable field suggestions, leaking internal schema field names through error messages in production.
VNX-HTML-001 – Use of Jinja2 |safe filter
Detects use of the |safe filter in Jinja2/HTML templates which bypasses auto-escaping and can lead to XSS.
VNX-JAVA-001 – Command Injection via Runtime.exec()
Detects Runtime.getRuntime().exec() calls that concatenate user-controlled input into a shell command string, enabling OS command injection.
VNX-JAVA-002 – Spring Actuator Endpoints Exposed
Detects Spring Boot configuration that exposes all actuator endpoints via management.endpoints.web.exposure.include=*, leaking heap dumps, environment variables, and enabling remote shutdown.
VNX-JAVA-003 – SQL Injection via String Concatenation
Detects JDBC and JPA queries built by concatenating user-controlled input into a SQL string instead of using PreparedStatement with parameterized placeholders.
VNX-JAVA-004 – XML External Entity (XXE) Injection
Detects Java XML parsers instantiated without XXE protection features, enabling attackers to read arbitrary server files, trigger SSRF, or cause denial of service via entity expansion.
VNX-JAVA-005 – Insecure Deserialization
Detects use of ObjectInputStream.readObject(), XMLDecoder, XStream, and Jackson default typing, all of which can execute arbitrary code when deserializing attacker-controlled data via gadget chains.
VNX-JAVA-006 – Insecure TLS Trust Manager
Detects Java TLS configurations that disable certificate validation via empty checkServerTrusted() implementations or always-true HostnameVerifier instances, enabling man-in-the-middle attacks.
VNX-JAVA-007 – Java Open Redirect
Detects Java servlet and Spring MVC code that passes user-controlled request parameters directly to response.sendRedirect() or ModelAndView redirect, enabling phishing via URL redirection.
VNX-JAVA-008 – Java Server-Side Request Forgery (SSRF)
Detects Java code that constructs HTTP URLs from user-controlled request parameters and uses them for server-side requests, enabling SSRF attacks against internal services and cloud metadata endpoints.
VNX-JAVA-009 – Java Path Traversal
Detects Java code that constructs file paths or streams from user-controlled request parameters without validation, enabling directory traversal attacks to read or write arbitrary server files.
VNX-JAVA-010 – Spring CSRF Protection Disabled
Detects Spring Security configurations that call csrf().disable() or use equivalent patterns to turn off Cross-Site Request Forgery protection, exposing authenticated users to state-change attacks.
VNX-JAVA-011 – Java Expression Language Injection
Detects use of SpEL, OGNL, and ScriptEngine to evaluate user-controlled input as expressions, enabling remote code execution through expression language sandbox bypass.
VNX-JAVA-012 – Java LDAP Injection
Detects Java JNDI/LDAP search calls that incorporate user-controlled request parameters directly into LDAP filter strings, enabling authentication bypass and directory data exfiltration.
VNX-JAVA-013 – Java XPath Injection
Detects Java code that constructs XPath expressions from user input via xpath.evaluate() or xpath.compile() with request parameters or string concatenation, enabling XML data extraction and authentication bypass.
VNX-JAVA-014 – Java Zip Slip via ZipEntry getName()
Detects Java code that passes ZipEntry.getName() to File or Paths constructors without validating for path traversal sequences, enabling arbitrary file write outside the intended extraction directory.
VNX-JAVA-015 – Java JPQL/HQL Injection via String Concatenation
Detect Java code that builds JPQL, HQL, or native SQL queries using string concatenation or String.format() in EntityManager.createQuery() or Session.createQuery(), enabling query injection attacks that can expose, modify, or delete data.
VNX-JAVA-016 – Java Weak PRNG (java.util.Random) Used for Security-Sensitive Value
Detect use of java.util.Random or Math.random() where a cryptographically secure random number generator is required — such as for tokens, session IDs, nonces, passwords, or cryptographic keys.
VNX-JAVA-017 – Java HTTP Response Splitting via Unsanitised Header Value
Detect Java servlet and Spring code that passes user-controlled request parameters directly to addHeader(), setHeader(), or sendRedirect() without stripping CR and LF characters, enabling HTTP response splitting and header injection attacks.
VNX-JAVA-018 – Java RSA cipher without OAEP padding
Detects RSA encryption using PKCS#1 v1.5 padding or no padding, both of which are vulnerable to Bleichenbacher-style padding oracle attacks. Use RSA/ECB/OAEPWithSHA-256AndMGF1Padding instead.
VNX-JAVA-019 – Java hardcoded cryptographic key literal
Detects cryptographic keys, secrets, and IVs hardcoded as string or byte literals passed to SecretKeySpec, IvParameterSpec, or similar constructors — keys embedded in source code can be extracted from any copy of the binary.
VNX-JAVA-020 – Java static IV reuse in block cipher
Detects hardcoded or static initialization vectors (IVs) passed to IvParameterSpec in Java cipher operations. Reusing the same IV with the same key undermines the security of CBC, CTR, and GCM modes.
VNX-JAVA-021 – Java Sensitive Data Logged
Detects logger calls that include variables or strings containing passwords, tokens, secrets, or API keys, which exposes credentials in log files and monitoring systems.
VNX-JAVA-022 – Java Insecure Temporary File Creation
Detects use of File.createTempFile() and predictable /tmp/ path construction that are vulnerable to TOCTOU race conditions and symlink attacks.
VNX-JAVA-023 – Java Unrestricted File Upload
Detects MultipartFile upload handlers that store files using the original filename or without validating content type or extension against an allowlist, enabling remote code execution via malicious file upload.
VNX-JAVA-024 – Java XML Entity Expansion (Billion Laughs)
Detects DocumentBuilderFactory and SAXParserFactory usage without DOCTYPE declarations disabled, leaving the application vulnerable to XML entity expansion denial-of-service attacks.
VNX-JAVA-025 – Java Hardcoded Password or Credential
Detects passwords, credentials, and database connection strings hardcoded as string literals in Java source code, which can be extracted from source or compiled binaries and are difficult to rotate.
VNX-JAVA-026 – Java Spring File Serving Without Access Control
Detects Spring and servlet file-serving handlers that return FileSystemResource or InputStreamResource from user-supplied path parameters without verifying the requesting user is authorised to access that file.
VNX-JAVA-027 – Java Spring Security Headers Disabled
Detects Spring Security configurations that explicitly disable X-Frame-Options, Content-Security-Policy, or all HTTP security headers, leaving the application vulnerable to clickjacking and UI-redressing attacks.
VNX-JAVA-028 – SQL injection via string concatenation in Java
Detects JDBC execute/executeQuery/executeUpdate calls that construct SQL queries using string concatenation, making them vulnerable to SQL injection.
VNX-JAVA-029 – XML External Entity (XXE) via DocumentBuilderFactory
Detects XML parsers created via DocumentBuilderFactory, SAXParserFactory, or XMLReader that do not disable external entity processing, leaving them open to XXE attacks.
VNX-JWT-001 – JWT Signature Verification Disabled
JWT decode is called with signature verification disabled, or the 'none' algorithm is permitted in the allowed-algorithms list, allowing any forged or tampered token to be accepted as valid.
VNX-JWT-002 – JWT Token Signed Without Expiration
Detects jwt.sign() or jwt.encode() calls missing an expiration claim, producing tokens that remain valid indefinitely and cannot be invalidated after compromise.
VNX-JWT-003 – JWT Signing with Hardcoded Secret
Detects jwt.sign() or jwt.encode() using a hardcoded string literal as the signing secret, allowing anyone with source code access to forge valid tokens.
VNX-JWT-004 – JWT Algorithm Explicitly Set to 'none'
Detects JWT encode or decode calls that use the 'none' algorithm, which disables cryptographic signing and allows any party to forge valid tokens.
VNX-JWT-005 – Sensitive Credential Data Stored in JWT Payload
Detects JWT payloads that contain a 'password' or 'secret' key, which are readable by anyone who holds the token since JWT payloads are only base64-encoded, not encrypted.
VNX-JWT-006 – JWT Missing Audience or Issuer Verification
Detects jwt.decode() and jwt.verify() calls that do not specify audience or issuer claim verification, allowing tokens issued for one service to be replayed against another.
VNX-KOTLIN-001 – Kotlin ECB Cipher Mode
Detects Cipher.getInstance() calls using ECB mode in Kotlin, which produces deterministic ciphertext that reveals plaintext patterns and provides no integrity protection.
VNX-KOTLIN-002 – Kotlin RSA Key Smaller Than 2048 Bits
Detects RSA KeyPairGenerator initialisation with fewer than 2048 bits in Kotlin, producing keys that can be factored with modern computing resources.
VNX-KOTLIN-003 – Kotlin Cookie Missing HttpOnly Flag
Detects cookies added to HTTP responses in Kotlin without the HttpOnly flag, making session cookies readable by client-side JavaScript and vulnerable to XSS-based session hijacking.
VNX-KOTLIN-004 – Kotlin Unencrypted Plain Socket
Detects plain java.net.Socket and ServerSocket usage in Kotlin without TLS, transmitting data in cleartext that can be intercepted and modified by network attackers.
VNX-KOTLIN-005 – Kotlin MD5 or SHA-1 Used as Cryptographic Hash
Detects MessageDigest.getInstance() calls with MD5 or SHA-1 in Kotlin, both of which are cryptographically broken and should be replaced with SHA-256 or stronger algorithms.
VNX-LLM-001 – LLM Prompt Injection via User-Controlled Input
Detects user-controlled input directly interpolated or concatenated into LLM prompt strings, enabling attackers to override system instructions and cause unintended model behaviour.
VNX-LLM-002 – LLM Output Passed to Code Execution (RCE)
Detects LLM model response content passed directly to eval(), exec(), os.system(), or subprocess — enabling remote code execution if the model is manipulated via prompt injection.
VNX-LLM-003 – Hardcoded LLM API Key
An LLM provider API key is hardcoded in source code, enabling unauthorized model usage and billing abuse by anyone with repository access.
VNX-LLM-004 – User Input Directly in LLM System Prompt
Detects user-controlled input interpolated directly into LLM system prompts via f-strings or string concatenation, enabling prompt injection attacks that override system instructions or leak confidential context.
VNX-LLM-005 – LangChain Arbitrary Code Execution Tool
Detects LangChain tools that allow arbitrary code or shell command execution by LLM agents, which can escalate prompt injection attacks to full remote code execution on the host.
VNX-LLM-006 – LLM Output Interpolated into SQL Query
Detects LLM completion output used directly in SQL query construction via f-strings or string concatenation, creating a SQL injection vulnerability that can be triggered by prompt injection.
VNX-LLM-007 – torch.load() Without weights_only=True
Detects torch.load() calls without the weights_only=True parameter, which allows arbitrary code execution when loading untrusted or attacker-supplied PyTorch model files via Python's pickle protocol.
VNX-NODE-001 – Missing npm Lock File
No package-lock.json, yarn.lock, or pnpm-lock.yaml found alongside package.json, enabling dependency confusion and supply chain attacks.
VNX-NODE-002 – eval() or new Function() in JavaScript
Detects use of eval() and new Function() which execute arbitrary JavaScript and enable remote code execution when called with user-controlled input.
VNX-NODE-003 – Command Injection via child_process
Detects child_process.exec() and execSync() calls that use template literals or string concatenation, which enable OS command injection when arguments contain user input.
VNX-NODE-004 – Express App Without Helmet
Detects Express applications that do not use helmet middleware, leaving them without critical HTTP security headers such as CSP, HSTS, and X-Frame-Options.
VNX-NODE-005 – innerHTML or dangerouslySetInnerHTML Usage
Detects innerHTML assignment and React's dangerouslySetInnerHTML, which enable cross-site scripting (XSS) when used with unsanitized user-controlled content.
VNX-NODE-006 – Prototype Pollution via Merge
Detects deep-merge operations (lodash _.merge, _.defaultsDeep, Object.assign) applied to user-controlled input, which can inject properties into Object.prototype and cause denial of service or remote code execution.
VNX-NODE-007 – Node.js SQL Injection
Detects SQL queries built with string concatenation or template literals in Node.js database libraries (mysql2, pg, knex, sequelize), enabling SQL injection attacks.
VNX-NODE-008 – Node.js Open Redirect
Detects user input from req.query, req.params, or req.body passed directly to res.redirect(), enabling phishing attacks via open redirect.
VNX-NODE-009 – Node.js Server-Side Request Forgery
Detects user input from req.query, req.body, or req.params used to construct server-side HTTP requests with fetch, axios, or http.get, enabling SSRF attacks against internal services.
VNX-NODE-010 – Node.js Path Traversal
Detects user input from req.params or req.query used to construct file paths with fs.readFile, createReadStream, or path.join, enabling directory traversal attacks.
VNX-NODE-011 – Node.js Server-Side Template Injection
Detects user input passed as the template string to render/compile functions in ejs, pug, Handlebars, or nunjucks, enabling server-side template injection and remote code execution.
VNX-NODE-012 – Client-Side XSS via innerHTML or v-html
Detects client-side XSS sinks including innerHTML, outerHTML, document.write, jQuery .html(), and Vue v-html that inject raw HTML from dynamic content.
VNX-NODE-013 – Node.js Command Injection via child_process
Detects direct user input (req.* or request.*) passed to child_process.exec(), execSync(), or similar functions, enabling OS command injection and remote code execution.
VNX-NODE-014 – NoSQL Injection in MongoDB
Detects unsanitized user input (req.body, req.query) passed directly to MongoDB query methods, enabling NoSQL injection attacks that bypass authentication or extract arbitrary data.
VNX-NODE-015 – WebSocket Server Without Origin Verification (CSWSH)
Detect WebSocket or Socket.IO servers created without origin validation, enabling Cross-Site WebSocket Hijacking attacks.
VNX-NODE-016 – ReDoS via User-Controlled Regular Expression
Detect Node.js code that passes user-controlled input to the RegExp constructor or string match/search methods, enabling Regular Expression Denial of Service (ReDoS) attacks.
VNX-NODE-017 – Deserialization of Untrusted Data via node-serialize or serialize-to-js
Detects use of node-serialize or serialize-to-js to deserialize user-controlled data, which allows remote code execution via embedded JavaScript IIFE expressions.
VNX-NODE-018 – JWT Decoded Without Signature Verification
Detects use of jwt.decode() instead of jwt.verify(), and JWT configurations that accept the 'none' algorithm, both of which allow forged tokens to be accepted as valid.
VNX-NODE-019 – Hardcoded JWT or Session Secret
Detects hardcoded string literals used as JWT signing secrets, session secrets, or HMAC keys instead of environment variables or a secrets manager.
VNX-NODE-020 – Deprecated crypto.createCipher/createDecipher Without IV
Detects use of the deprecated crypto.createCipher() and crypto.createDecipher() functions that derive the initialization vector deterministically, breaking encryption security for stream and counter modes.
VNX-NODE-021 – XXE via libxmljs with noent:true
Detects libxmljs or libxmljs2 XML parsing with the noent option set to true, enabling XML External Entity (XXE) attacks that can read arbitrary server files or trigger SSRF.
VNX-NODE-022 – Shell injection via shelljs exec()
Detects shelljs exec() or shell.exec() called with a variable argument that may contain user-controlled data, enabling shell metacharacter injection and arbitrary command execution.
VNX-NODE-023 – Unsafe YAML.load() with untrusted input
Detects js-yaml YAML.load() calls that omit a safe schema, allowing attacker-controlled YAML to execute arbitrary JavaScript code during parsing.
VNX-NODE-024 – postMessage without origin validation (CSWSH/XSS)
Detects window.addEventListener('message') handlers that do not validate event.origin, and postMessage calls that use the wildcard target origin '*', allowing cross-origin message injection.
VNX-NODE-025 – Insecure express-session or cookie-session configuration
Detects express-session or cookie-session configured with secure:false or httpOnly:false cookie flags, which allow session tokens to be transmitted over HTTP or accessed by client-side JavaScript.
VNX-NODE-026 – Child process spawn with shell:true enables command injection
Detects Node.js spawn() or spawnSync() calls that use {shell:true}, which routes execution through a shell interpreter and enables injection of shell metacharacters from user-controlled arguments.
VNX-NODE-027 – Assignment to innerHTML without sanitization
Detects direct assignment to .innerHTML in JavaScript files, which can introduce DOM-based XSS when the assigned value originates from user-controlled input.
VNX-NODE-028 – Missing Content-Security-Policy header
Detects Node.js HTTP response header calls that do not include a Content-Security-Policy header, leaving browsers without a defense-in-depth control against XSS.
VNX-NODE-029 – Missing HttpOnly flag on cookie
Detects Express cookie() or res.cookie() calls that do not set the httpOnly option, exposing cookies to JavaScript access and session hijacking via XSS.
VNX-NODE-030 – TURN server allowing reserved IP addresses
Detects WebRTC TURN server IP filtering logic in Node.js that may permit connections to reserved or private IP ranges, enabling SSRF via WebRTC relay.
VNX-NODE-031 – Logging of sensitive data
Detects Node.js logging calls that include arguments containing sensitive keywords such as password, token, secret, or credit card data, risking credential and PII exposure in log files.
VNX-PHP-001 – Missing composer.lock
Detect PHP projects that have a composer.json but no composer.lock, leaving dependency resolution non-deterministic and the supply chain open to substitution attacks.
VNX-PHP-002 – Dangerous Function in PHP
Detect calls to eval(), exec(), system(), passthru(), shell_exec(), popen(), and proc_open() which execute OS commands or arbitrary PHP code and can lead to remote code execution when arguments are user-controlled.
VNX-PHP-003 – PHP File Inclusion with Variable Path
Detect PHP include/require statements that use user-controlled or variable paths, enabling Local File Inclusion (LFI) and potentially Remote File Inclusion (RFI) leading to arbitrary code execution.
VNX-PHP-004 – PHP Open Redirect
Detect PHP redirect calls that pass user-supplied input directly to header('Location: ...'), enabling attackers to redirect users to malicious external sites for phishing and credential theft.
VNX-PHP-005 – PHP Server-Side Request Forgery
Detect PHP code that passes user-supplied input directly to file_get_contents(), fopen(), or curl_setopt(CURLOPT_URL), enabling SSRF attacks against internal services and cloud metadata endpoints.
VNX-PHP-006 – PHP Object Injection via unserialize()
Detect calls to unserialize() or maybe_unserialize() on user-controlled data, enabling PHP object injection attacks that can lead to arbitrary code execution, file deletion, or authentication bypass.
VNX-PHP-007 – PHP extract() on Superglobal
Detect calls to extract() on PHP superglobals ($_GET, $_POST, $_REQUEST, $_COOKIE, $_SERVER, $_FILES), which import user-controlled data as local variables and can silently overwrite security-critical variables.
VNX-PHP-008 – PHP phpinfo() Exposure
Detect calls to phpinfo() in PHP source files, which disclose detailed server configuration, installed modules, environment variables, and file system paths useful for reconnaissance.
VNX-PHP-009 – PHP preg_replace() with /e Modifier
Detect use of the /e (eval) modifier in preg_replace() calls, which evaluates the replacement string as PHP code and enables remote code execution. This modifier was deprecated in PHP 5.5 and removed in PHP 7.0.
VNX-PHP-010 – PHP Type Juggling in Comparison
Detect loose comparisons (==) between user-supplied input and application values in PHP, which are vulnerable to type juggling attacks including authentication bypass via magic hash strings.
VNX-PHP-011 – PHP SQL injection via string concatenation
Detects user-controlled input from PHP superglobals concatenated directly into SQL queries passed to mysql_query(), mysqli_query(), or pg_query(), enabling SQL injection attacks.
VNX-PHP-012 – PHP reflected XSS via echo/print of user input
Detects user-controlled input from PHP superglobals passed directly to echo, print, or printf without HTML encoding, enabling reflected cross-site scripting attacks.
VNX-PHP-013 – PHP XXE via LIBXML_NOENT or LIBXML_DTDLOAD flag
Detects simplexml_load_string() or simplexml_load_file() called with LIBXML_NOENT or LIBXML_DTDLOAD flags, which enable XML external entity expansion and can expose arbitrary server files.
VNX-PHP-014 – PHP Session Fixation via User-Controlled Session ID
Detects session_id() called with user-controlled input from PHP superglobals, enabling session fixation attacks where an attacker pre-sets the session ID before a victim authenticates.
VNX-PHP-015 – PHP Unrestricted File Upload via move_uploaded_file
Detects move_uploaded_file() usage, which requires review to confirm that MIME type, file extension, content, upload destination, and filename are all validated to prevent webshell upload and remote code execution.
VNX-PHP-016 – PHP weak hash function (md5/sha1)
Detects md5() or sha1() used in contexts suggesting password or credential hashing, where these cryptographically broken algorithms are unsuitable for protecting secrets.
VNX-PHP-017 – PHP LDAP injection via user-controlled filter
Detects ldap_search() called with a filter string that concatenates user-controlled superglobal values, enabling LDAP filter manipulation that can bypass authentication or exfiltrate directory data.
VNX-PHP-018 – PHP sensitive debug output disclosure
Detects var_dump(), print_r(), or var_export() called with sensitive PHP superglobals ($_SESSION, $_SERVER, $_ENV), exposing session tokens, credentials, and server configuration in the HTTP response.
VNX-PHP-019 – PHP insecure cipher mode (AES-CBC)
Detects openssl_encrypt() or openssl_decrypt() called with an AES-CBC cipher mode, which is unauthenticated and vulnerable to padding oracle and bit-flipping attacks.
VNX-PHP-020 – PHP curl SSL certificate verification disabled
Detects CURLOPT_SSL_VERIFYPEER or CURLOPT_SSL_VERIFYHOST set to false or 0 in PHP curl requests, which disables TLS certificate validation and enables man-in-the-middle attacks.
VNX-PHP-021 – Laravel mass assignment via empty guarded array
Detects Laravel Eloquent models that set $guarded to an empty array or call Model::unguard(), disabling mass-assignment protection and allowing attackers to set any model attribute via request data.
VNX-PHP-022 – PHP open redirect via non-literal redirect destination
Detects header('Location:') or framework redirect calls with user-controlled or non-literal URLs, enabling open redirect attacks that facilitate phishing and credential theft.
VNX-PHP-023 – PHP anonymous LDAP bind without password
Detects ldap_bind() called without a password, with NULL, or with an empty string, enabling anonymous LDAP access that exposes directory data without authentication.
VNX-PHP-024 – PHP mb_ereg_replace with variable options enabling eval modifier
Detects mb_ereg_replace() or mb_eregi_replace() called with a non-literal options parameter or an options string containing the 'e' modifier, which causes PHP to evaluate the replacement string as executable PHP code.
VNX-PHP-025 – PHP deprecated mcrypt encryption functions
Detects use of the mcrypt extension functions (mcrypt_encrypt, mcrypt_decrypt, etc.), which were deprecated in PHP 7.1 and removed in PHP 7.2 due to their insecure cipher implementations and unmaintained codebase.
VNX-PHP-026 – PHP session poisoning via user-controlled session key
Detects user-controlled input from PHP superglobals used as the key when writing to $_SESSION, enabling session poisoning that can overwrite authentication flags, roles, or CSRF tokens.
VNX-PY-001 – Missing Python Lock File
Detect Python projects that have a manifest (pyproject.toml or Pipfile) without a corresponding lock file, leaving them exposed to non-deterministic dependency resolution and supply chain attacks.
VNX-PY-002 – eval() / exec() Usage
Detect use of Python's eval() and exec() built-in functions, which execute arbitrary code and enable remote code execution when any part of their input is user-controlled.
VNX-PY-003 – Insecure Deserialization with pickle
Detect use of Python's pickle and cPickle deserializers, which execute arbitrary code embedded in serialized data and have no safe way to load untrusted input.
VNX-PY-004 – yaml.load() Without SafeLoader
Detect calls to yaml.load() that omit a safe Loader argument, allowing YAML documents to execute arbitrary Python code during parsing.
VNX-PY-005 – Weak PRNG for Security Operations
Detect use of the random module in security-sensitive contexts (passwords, tokens, nonces, salts, sessions), where a cryptographically secure PRNG from the secrets module is required.
VNX-PY-006 – Django DEBUG=True in Production
Detect Django settings files that have DEBUG set to True, which exposes detailed error tracebacks, SQL queries, and application internals to any visitor.
VNX-PY-007 – subprocess with shell=True
Detect subprocess calls that use shell=True, which passes the command through the system shell and enables command injection when any part of the command string is user-controlled.
VNX-PY-008 – Flask Debug Mode Enabled
Detect Flask applications started with debug=True, which enables the Werkzeug interactive debugger and allows remote code execution through the debugger console.
VNX-PY-009 – Jinja2 Autoescape Disabled
Detect Jinja2 Environment instances created with autoescape=False, which renders user-supplied template variables without HTML escaping and enables cross-site scripting.
VNX-PY-010 – SSL Certificate Verification Disabled in requests
Detect requests library calls that use verify=False, which disables TLS certificate validation and exposes HTTPS connections to man-in-the-middle attacks.
VNX-PY-011 – Python SQL Injection
Detect SQL queries built with string formatting or concatenation in Python code, which are vulnerable to SQL injection attacks that can expose or destroy database contents.
VNX-PY-012 – Server-Side Template Injection (SSTI)
Detect Flask and Jinja2 code that passes user-controlled input directly to render_template_string() or Template(), enabling server-side template injection with arbitrary code execution.
VNX-PY-013 – ML/AI Insecure Deserialization
Detect Python ML and data science code that loads model or data files using pickle-based deserializers, which can execute arbitrary code embedded in a malicious model file.
VNX-PY-014 – Python XML External Entity (XXE) Injection
Detect Python XML parsing code that uses stdlib parsers vulnerable to XXE attacks, which can expose local files and internal network resources to an attacker who controls the XML input.
VNX-PY-015 – Python ReDoS via User-Controlled Regex
Detect Python code that passes user-controlled input directly to re.compile, re.match, or re.search, enabling Regular Expression Denial of Service (ReDoS) attacks.
VNX-PY-016 – Django Mass Assignment via Request Data Unpacking
Detect Django code that creates or updates model instances by unpacking request data (**request.data, **request.POST) or uses fields='__all__' in serializers, enabling mass assignment attacks.
VNX-PY-017 – MD5 or SHA1 Used as Password Hash
Detect Python code that uses hashlib.md5() or hashlib.sha1() to hash passwords — both algorithms are cryptographically broken and unsuitable for password storage.
VNX-PY-018 – Insecure Temporary File Creation via tempfile.mktemp()
Detect Python code that uses tempfile.mktemp(), which is vulnerable to a TOCTOU race condition allowing an attacker to intercept the temporary file path before creation.
VNX-PY-019 – Paramiko Implicit Host Key Trust
Detect Python code that configures a paramiko SSHClient with AutoAddPolicy or WarningPolicy, silently accepting unverified SSH host keys and enabling man-in-the-middle attacks.
VNX-PY-020 – tarfile.extractall() Without Path Validation (Zip Slip)
Detect Python code that calls tarfile.extractall() without a members filter or path validation, leaving the application vulnerable to zip-slip path traversal attacks.
VNX-PY-021 – Weak or Deprecated SSL/TLS Protocol Version
Detect Python code that references deprecated SSL/TLS protocol constants (SSLv2, SSLv3, TLSv1, TLSv1.1), which have documented cryptographic weaknesses and are rejected by modern servers.
VNX-PY-022 – SQL injection via string concatenation in Python
Detects Python cursor.execute() and cursor.executescript() calls that construct SQL queries using string concatenation, % formatting, or .format(), leaving them vulnerable to SQL injection.
VNX-RUBY-001 – Missing Gemfile.lock
Detect Ruby projects that have a Gemfile but no Gemfile.lock, leaving dependencies unpinned and vulnerable to non-deterministic resolution and supply chain attacks.
VNX-RUBY-002 – eval() or system() in Ruby
Detect calls to eval() and system() in Ruby source files, which can execute arbitrary code or OS commands when called with user-controlled input.
VNX-RUBY-003 – Insecure Deserialization in Ruby
Detect use of Marshal.load(), Marshal.restore(), YAML.load(), and YAML.unsafe_load() in Ruby source files, which can execute arbitrary code when deserializing attacker-controlled data.
VNX-RUBY-004 – Ruby SQL Injection
Detect ActiveRecord queries built with string interpolation in where(), find_by_sql(), and execute(), enabling SQL injection attacks that can leak data, bypass authentication, or destroy the database.
VNX-RUBY-005 – Ruby XSS via html_safe or raw
Detect use of .html_safe and raw() in Rails views and helpers, which bypass Rails' automatic HTML escaping and can introduce cross-site scripting (XSS) vulnerabilities when applied to user-controlled strings.
VNX-RUBY-006 – Ruby Mass Assignment
Detect ActiveRecord create, update, new, update_attributes, and assign_attributes calls that receive unfiltered params directly, enabling mass assignment attacks where attackers set protected attributes like admin flags and roles.
VNX-RUBY-007 – YAML.load() Insecure Deserialization
Detect Ruby code that calls YAML.load() on untrusted input, enabling remote code execution through arbitrary Ruby object deserialization.
VNX-RUBY-008 – Open3.pipeline with Dynamic Command
Detect calls to Open3.pipeline, pipeline_r, pipeline_rw, pipeline_w, or pipeline_start with non-literal command arguments, which can allow an attacker to inject arbitrary OS commands when user-controlled data reaches these calls.
VNX-RUBY-009 – Dynamic Method Dispatch via send with User-Controlled Method Name
Detect calls to Object#send, public_send, or __send__ where the method name is derived from params or request data, allowing attackers to invoke arbitrary methods including dangerous system-level calls.
VNX-RUBY-010 – OpenSSL Certificate Verification Disabled (VERIFY_NONE)
Detect use of OpenSSL::SSL::VERIFY_NONE in Ruby code, which disables TLS certificate chain validation and exposes all connections to man-in-the-middle interception.
VNX-RUST-001 – Missing Cargo.lock
Detects Rust projects that have a Cargo.toml but no Cargo.lock file, allowing non-deterministic dependency resolution that enables supply chain attacks.
VNX-RUST-002 – Rust unwrap May Panic
Detects .unwrap() and .expect() calls on Result and Option types in Rust source files, which can cause unexpected panics and denial of service in production.
VNX-RUST-003 – Rust Unsafe Block or Function
Detect Rust code using unsafe blocks or unsafe function declarations that bypass the compiler's memory safety guarantees.
VNX-RUST-004 – Rust Command Injection via process::Command
Detect Rust code that constructs process::Command using format! macro or shell invocation, enabling command injection when user input is interpolated.
VNX-RUST-005 – panic!() or unwrap()/expect() in a Result-Returning Function
Detect use of panic!(), .unwrap(), or .expect() inside functions that declare a Result return type, where callers expect errors to be returned rather than the process aborted.
VNX-RUST-006 – Integer Truncation or Sign-Change Cast After Parsing
Detect Rust code that parses a value into a wide integer type (i64, u64, isize, usize) then immediately casts it to a narrower or sign-changed type without range validation, risking silent value truncation or sign inversion.
VNX-RUST-007 – Integer Arithmetic Overflow Without Checked Arithmetic
Detect Rust integer arithmetic on size, count, offset, or length variables that does not use checked_add, checked_sub, checked_mul, saturating, or wrapping variants, risking silent wraparound in release builds.
VNX-RUST-008 – Path Traversal in Actix-web or Axum File-Serving Handler
Detect Rust web handlers that join a base directory with a user-supplied path parameter without verifying that the resolved path stays within the base directory, enabling attackers to read arbitrary server files.
VNX-SEC-001 – AWS Access Key ID
Detects hardcoded AWS access key IDs (AKIA prefix) in source code, which enable account takeover and unauthorized resource access if exposed.
VNX-SEC-002 – Private Key Committed
Detects RSA, EC, DSA, and OpenSSH private keys committed to source code, which permanently expose cryptographic material even after deletion.
VNX-SEC-003 – AWS Secret Access Key
Detects hardcoded AWS secret access keys in source code, which combined with an access key ID grant full programmatic access to AWS services.
VNX-SEC-004 – GitHub or GitLab Token
Detects hardcoded GitHub personal access tokens (ghp_/ghs_ prefix) and GitLab personal access tokens (glpat- prefix) in source code.
VNX-SEC-005 – GCP API Key
Detects hardcoded Google Cloud Platform API keys (AIza prefix) in source code, which can be used to access billable GCP services and exfiltrate data.
VNX-SEC-006 – Stripe Secret Key
Detects hardcoded Stripe secret API keys (sk_live_ or sk_test_ prefix) in source code, which grant full access to Stripe account payment operations.
VNX-SEC-007 – Slack Token or Webhook
Detects hardcoded Slack bot/user/app tokens (xoxb-, xoxp-, xoxa-) and webhook URLs in source code, which grant access to Slack workspaces and channels.
VNX-SEC-008 – Database Connection String with Credentials
Detects database connection strings with embedded usernames and passwords for PostgreSQL, MySQL, MongoDB, Redis, and MSSQL in source code.
VNX-SEC-009 – SendGrid API Key
Detects hardcoded SendGrid API keys (SG. prefix) in source code, which grant access to email sending services and can be abused for phishing or spam.
VNX-SEC-010 – Package Registry Token
Detects hardcoded npm access tokens (npm_ prefix) and PyPI upload tokens in source code, which grant publish access to package registries and enable supply chain attacks.
VNX-SEC-011 – Hardcoded JWT Token
Detects hardcoded JSON Web Tokens in source code, which expose authentication material and session claims in version history.
VNX-SEC-012 – CORS Wildcard or Origin Reflection
Detects CORS configurations that allow all origins via wildcards or origin reflection, which enables cross-site credential theft and data exfiltration.
VNX-SEC-013 – Insecure Cookie Configuration
Detects cookies configured without HttpOnly, Secure, or SameSite flags, leaving sessions vulnerable to XSS theft, cleartext transmission, and CSRF attacks.
VNX-SEC-014 – Hardcoded Password in Variable
Detects variable assignments where the name indicates a password or secret and the value is a string literal of at least 8 characters.
VNX-SEC-015 – JWT Algorithm None Attack
Detects JWT configurations that allow the 'none' algorithm, which completely disables signature verification and allows arbitrary token forgery.
VNX-SEC-016 – TLS Verification Disabled in Shell Command
Detects curl -k/--insecure and wget --no-check-certificate in shell scripts and commands, which disable TLS certificate validation and enable man-in-the-middle attacks.
VNX-SEC-017 – Plaintext Protocol URL
Detects unencrypted protocol URLs (redis://, amqp://, ftp://, telnet://, ldap://) in source code, which transmit data and credentials in cleartext over the network.
VNX-SEC-018 – AI Provider API Key
Detects hardcoded Anthropic (sk-ant-), OpenAI (sk-proj-), and Hugging Face (hf_) API keys in source code, which grant access to paid AI services.
VNX-SEC-019 – GCP Service Account Key
Detects Google Cloud service account key JSON files committed to source code, which grant broad GCP resource access and should never be stored in version control.
VNX-SEC-020 – GitLab Access Token
Detects hardcoded GitLab personal, project, and group access tokens (glpat- prefix) in source code, which grant API access to GitLab resources.
VNX-SEC-021 – Twilio API Credentials
Detects hardcoded Twilio API keys (SK prefix) and Account SIDs (AC prefix) in source code, which grant access to SMS, voice, and video communication services.
VNX-SEC-022 – Sensitive Data in Log Statement
Detects log statements that may include passwords, tokens, API keys, or other secrets, which exposes credentials in log files, monitoring systems, and log aggregators.
VNX-SEC-023 – GitHub Actions Expression Injection
Detect GitHub Actions workflows that inject untrusted event data (PR title, branch name, comment body) directly into run: commands, enabling shell command injection in CI/CD pipelines.
VNX-SEC-024 – OAuth Token Stored in localStorage
Detect JavaScript/TypeScript code that stores OAuth access tokens, refresh tokens, or ID tokens in localStorage, which is vulnerable to XSS-based theft.
VNX-SEC-025 – Azure Storage Account Key Hardcoded
Detect Azure Storage Account keys hardcoded in source code — base64-encoded strings of approximately 88 characters associated with Azure Storage key variable names — which provide full read/write access to all storage resources in the account.
VNX-SEC-026 – DigitalOcean Personal Access Token Hardcoded
Detect DigitalOcean personal access tokens (dop_v1_ prefix) hardcoded in source code, which provide full API access to Droplets, databases, and Kubernetes clusters in the associated account.
VNX-SEC-027 – Hugging Face API Token Hardcoded
Detect Hugging Face API tokens (hf_ prefix) hardcoded in source code, which provide access to private model repositories, datasets, and the inference API.
VNX-SEC-028 – npm Access Token Hardcoded
Detect npm access tokens (npm_ prefix) hardcoded in source code, which can be used to publish packages, access private registries, and modify organization settings depending on their scope.
VNX-SEC-029 – PyPI Upload Token Hardcoded
Detect PyPI upload tokens (pypi-AgEIcHlwaS5vcmc prefix) hardcoded in source code, which allow publishing packages to PyPI and can enable supply chain attacks if compromised.
VNX-SEC-030 – Google OAuth Client Secret Hardcoded
Detect Google OAuth 2.0 client secrets (GOCSPX- prefix) hardcoded in source code, which enable application impersonation and OAuth token theft when combined with the corresponding client ID.
VNX-SEC-031 – Mailgun API Key Hardcoded
Detect Mailgun API keys hardcoded in source code — identified by the key- prefix pattern combined with Mailgun-related variable names — which allow sending email on behalf of your domain and accessing account logs.
VNX-SEC-032 – PGP Private Key Block Hardcoded
Detect PGP/GPG private key blocks committed to source code, which permanently expose the private key in git history and require immediate revocation and replacement.
VNX-SWIFT-001 – Swift Hardcoded API Key or Secret in Source
Detects API keys, secret tokens, and private keys hardcoded as string literals in Swift source files, which can be extracted from the binary or source and cannot be rotated without a code change.
VNX-SWIFT-002 – Swift NSLog with Potentially Sensitive Data
Detects NSLog calls that include sensitive terms such as passwords, tokens, and PII, which write data to the system console log readable by any application on the device.
VNX-SWIFT-003 – Swift Insecure Data Storage via UserDefaults for Sensitive Values
Detects sensitive data such as passwords, tokens, and keys being written to UserDefaults, which stores data as an unencrypted plist file accessible via device backup and privileged processes.
VNX-SWIFT-004 – Swift TLS Certificate Validation Disabled in URLSession or Alamofire
Detects patterns that bypass TLS certificate validation in URLSession delegate callbacks and Alamofire trust policies, making the app vulnerable to man-in-the-middle attacks.
VNX-SWIFT-005 – Swift WKWebView JavaScript Auto-Open-Windows Enabled
Detects WKPreferences.javaScriptCanOpenWindowsAutomatically set to true and usage of the deprecated UIWebView, both of which introduce cross-site scripting escalation risks in iOS applications.
VNX-SWIFT-006 – Swift Insecure Random Number Generator Used in Security-Sensitive Context
Detects arc4random, rand, random, and SystemRandomNumberGenerator calls in code blocks that generate tokens, keys, passwords, nonces, salts, or IVs, where a cryptographically secure RNG is required.
VNX-TF-001 – Terraform AWS S3 Bucket with Public ACL
Detect AWS S3 buckets configured with public-read or public-read-write ACLs in Terraform, which make all bucket contents accessible to the entire internet.
VNX-TF-002 – Terraform AWS Security Group with Unrestricted Ingress (0.0.0.0/0)
Detect AWS security group ingress rules allowing traffic from any source (0.0.0.0/0 or ::/0) in Terraform, which exposes services to internet-wide scanning, brute-force, and exploitation attempts.
VNX-TF-003 – Terraform AWS RDS Instance Publicly Accessible
Detect AWS RDS database instances configured with publicly_accessible = true in Terraform, which exposes the database endpoint directly to the internet.
VNX-TF-004 – Terraform IAM Policy with Wildcard Action (*)
Detect AWS IAM policies in Terraform that grant wildcard actions (*) without a corresponding Deny statement, violating the principle of least privilege and enabling privilege escalation.
VNX-TF-005 – Terraform AWS EBS Volume Unencrypted
Detect AWS EBS volumes and launch configurations in Terraform that have encryption disabled or missing, exposing data at rest to anyone who accesses the underlying physical storage or a leaked snapshot.
VNX-TF-006 – Terraform AWS EC2 Instance Metadata Service v1 (IMDSv1) Enabled
Detect EC2 instances in Terraform that allow the legacy IMDSv1, which does not require a session token and is vulnerable to SSRF attacks that can steal IAM credentials from the metadata endpoint.
VNX-TF-007 – Terraform AWS EKS Cluster Public API Endpoint Enabled
Detect AWS EKS clusters in Terraform with the Kubernetes API server endpoint publicly accessible from the internet, increasing the attack surface for credential brute-force and CVE exploitation.
VNX-TF-008 – Terraform AWS Provider with Hardcoded Static Credentials
Detect hardcoded AWS access_key and secret_key values in Terraform provider blocks, which expose long-lived IAM credentials to anyone who can read the source code or its git history.