SonarJS Coverage of CWE

The following table lists the CWE items SonarJS is able to detect, and for each of them, the rules providing this coverage.

CWE IDCWE NameImplementing Rules
CWE-95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')Eval Code should not be dynamically injected and executed
CWE-476NULL Pointer DereferenceS2259 Properties of variables with "null" or "undefined" values should not be accessed
CWE-478Missing Default Case in Switch StatementSwitchWithoutDefault "switch" statements should end with "default" clauses
CWE-481Assigning instead of ComparingAssignmentWithinCondition Assignments should not be made from within sub-expressions
CWE-482Comparing instead of AssigningS905 Non-empty statements should change control flow or have at least one side-effect
CWE-483Incorrect Block DelimitationS2681 Multiline blocks should be enclosed in curly braces
CWE-484Omitted Break Statement in SwitchNonEmptyCaseWithoutBreak Switch cases should end with an unconditional "break" statement
CWE-489Leftover Debug CodeS2589 Boolean expressions should not be gratuitous
DebuggerStatement Debugger statements should not be used
S1442 "alert(...)" should not be used
S2583 Conditionally executed blocks should be reachable
CWE-546Suspicious CommentS1134 Track uses of "FIXME" tags
S1135 Track uses of "TODO" tags
CWE-561Dead CodeUnreachableCode Jump statements should not be followed by other statements
CWE-563Assignment to Variable without Use ('Unused Variable')S1854 Dead stores should be removed
CWE-570Expression is Always FalseS2583 Conditionally executed blocks should be reachable
CWE-571Expression is Always TrueS2589 Boolean expressions should not be gratuitous
S2583 Conditionally executed blocks should be reachable
CWE-584Return Inside Finally BlockS1143 Jump statements should not occur in "finally" blocks
CWE-628Function Call with Incorrectly Specified ArgumentsS930 Function calls should not pass extra arguments
CWE-829Inclusion of Functionality from Untrusted Control SphereS2611 Untrusted content should not be included
CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')S888 Equality operators should not be used in "for" loop termination conditions

Back to the top