Classification of PVS-Studio warnings according to the OWASP Application Security Verification Standard (ASVS)

The OWASP Application Security Verification Standard (ASVS) is a list of application security requirements or tests that can be used by architects, developers, testers, security professionals, tool vendors, and consumers to define, build, test and verify secure applications.

C/C++ warnings

Error CodeError DescriptionASVS Requirement
V5001It is highly probable that the semicolon ';' is missing after 'return' keyword.OWASP-11.1.1
V5002An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.OWASP-7.4.2
V5003The object was created but it is not being used. The 'throw' keyword could be missing.OWASP-11.1.8
V5004Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.OWASP-5.4.3
V5005A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.OWASP-5.4.3
V5006More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.OWASP-5.4.3
V5007Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable.OWASP-5.4.3
V5008Classes should always be derived from std::exception (and alike) as 'public'.OWASP-7.4.2
V5009Unchecked tainted data is used in expression.OWASP-5.1.3, OWASP-5.2.2, OWASP-5.3.8, OWASP-5.4.2
V5010The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.OWASP-5.4.3
V5011Possible overflow. Consider casting operands, not the result.OWASP-5.4.3
V5012Potentially unsafe double-checked locking.OWASP-11.1.6, OWASP-1.11.3

Java warnings

Error CodeError DescriptionASVS Requirement
V5301An exception handling block does not contain any code.OWASP-7.4.2
V5302Exception classes should be publicly accessible.OWASP-7.4.2
V5303The object was created but it is not being used. The 'throw' keyword could be missing.OWASP-11.1.8
V5304Unsafe double-checked locking.OWASP-1.11.3
V5305Storing credentials inside source code can lead to security issues.OWASP-2.10.4

C# warnings

Error CodeError DescriptionASVS Requirement
V5601Storing credentials inside source code can lead to security issues.OWASP-2.10.4
V5602The object was created but it is not being used. The 'throw' keyword could be missing.OWASP-11.1.8
V5603The original exception object was swallowed. Stack of original exception could be lost.OWASP-11.1.8
V5604Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this.OWASP-11.1.6, OWASP-1.11.3
V5605Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it.OWASP-1.11.3, OWASP-11.1.6
V5606An exception handling block does not contain any code.OWASP-7.4.2
V5607Exception classes should be publicly accessible.OWASP-7.4.2

Bugs Found

Checked Projects
424
Collected Errors
14 469
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site. Learn More →
Accept