Security Defects
Defects related to security weaknesses and vulnerabilities
These defects highlight places in your code which are vulnerable to hacking or other security attacks. Many of these defects do not cause runtime errors, but instead point out risky areas in your code. The defects include:
Managing sensitive data
Using dangerous or obsolete functions
Generating random numbers
Externally controlled paths and commands
Polyspace Results
File access between time of check and use (TOCTOU) | File or folder might change state due to access race |
File descriptor exposure to child process | Copied file descriptor used in multiple processes |
File manipulation after chroot without chdir | Path-related vulnerabilities for file manipulated after
call to chroot |
Inappropriate I/O operation on device files | Operation can result in security vulnerabilities or a system failure |
Unsafe call to a system function | Unsanitized command argument has exploitable vulnerabilities |
Use of non-secure temporary file | Temporary generated file name not secure |
Vulnerable path manipulation | Path argument with /../, /abs/path/,
or other unsecure elements |
Bad order of dropping privileges | Dropped higher elevated privileges before dropping lower elevated privileges |
Privilege drop not verified | Attacker can gain unintended elevated access to program |
Umask used with chmod-style arguments | Argument to umask allows external user
too much control |
Vulnerable permission assignments | Argument gives read/write/search permissions to external users |
Unsafe standard encryption function | Function is not reentrant or uses a risky encryption algorithm |
Unsafe standard function | Function unsafe for security-related purposes |
Use of dangerous standard function | Dangerous functions cause possible buffer overflow in destination buffer |
Use of obsolete standard function | Obsolete routines can cause security vulnerabilities and portability issues |
LDAP injection | Data read from an untrusted source is used in the construction of an LDAP query (Since R2023a) |
SQL injection | Data read from an untrusted source is used in the construction of an SQL query (Since R2023a) |
Deterministic random output from constant seed | Seeding routine uses a constant seed making the output deterministic |
Predictable random output from predictable seed | Seeding routine uses a predictable seed making the output predictable |
Vulnerable pseudo-random number generator | Using a cryptographically weak pseudo-random number generator |
Critical data
member is not private | A critical data member is declared public (Since R2022a) |
Errno not checked | errno is not checked for error conditions
following function call |
Execution of a binary from a relative path can
be controlled by an external actor | Command with relative path is vulnerable to malicious attack |
Function pointer assigned with absolute
address | Constant expression is used as function address is vulnerable to code injection |
Hard-coded
sensitive data | Sensitive data is exposed in code, for instance as string literals |
Incorrect order of network connection
operations | Socket is not correctly established due to bad order of connection steps or missing steps |
Information leak
via structure padding | Padding bytes can contain sensitive information |
Load of library from a relative path can be
controlled by an external actor | Library loaded with relative path is vulnerable to malicious attacks |
Mismatch between data length and
size | Data size argument is not computed from actual data length |
Missing case for switch
condition | switch variable not covered by cases and default case is
missing |
Misuse of readlink() | Third argument of readlink does not
leave space for null terminator in buffer |
Plain text
password stored in file system | Password stored in files in plain text format (Since R2023b) |
Resource
injection | Data input is not properly restricted before being used as a resource identifier (Since R2024a) |
Returned value of a sensitive function not
checked | Sensitive functions called without checking for unexpected return values and errors |
Sensitive data printed out | Function prints sensitive data |
Sensitive heap memory not cleared before
release | Sensitive data not cleared or released by memory routine |
Uncertain memory
cleaning | The code clears information that might be sensitive from memory but compiler optimization might leave the information untouched (Since R2022a) |
Uncleared sensitive data in
stack | Variable in stack is not cleared and contains sensitive data |
Topics
- Bug Finder Defect Groups
The Bug Finder defect checkers are classified into groups such as data flow, concurrency, numerical, and so on.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Select a Web Site
Choose a web site to get translated content where available and see local events and offers. Based on your location, we recommend that you select: .
You can also select a web site from the following list
How to Get Best Site Performance
Select the China site (in Chinese or English) for best site performance. Other MathWorks country sites are not optimized for visits from your location.
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)