# Security-related rules The SonarQube quality model is applied to an automated code review and analysis based on the following types of rules: * Reliability (Bug) * Maintainability (Code Smell) * Security (Vulnerability) * Security Hotspot Security-related rules include Security rules and Security Hotspot rules. They are divided into two types: security-injection and security-configuration rules. ## What to expect from security-related rules As with other types of rules, we try to raise no *false positives*; you should be confident that anything reported to you as an issue is *really an issue*. Under the hood, SonarQube Server is based on different representations of the source code and technologies in order to be able to detect any kind of security issue: * **Security-injection rules**: A vulnerability occurs when the inputs handled by your application are controlled by a user (potentially an attacker) and not validated or sanitized. When this occurs, the flow from sources (user-controlled inputs) to sinks (sensitive functions) will be presented. These types of vulnerabilities are referred to as injection vulnerabilities or taint vulnerabilities; sometimes, the names are used interchangeably. To show the flow of tainted issues, SonarQube Server uses well-known taint analysis technology on source code which allows, for example, the detection of: * [CWE-89](https://cwe.mitre.org/data/definitions/89.html): SQL Injection * [CWE-79](https://cwe.mitre.org/data/definitions/79.html): Cross-site Scripting * [CWE-94](https://cwe.mitre.org/data/definitions/94.html): Code Injection * **Security-configuration rules**: Here there is a security issue because when calling a sensitive function, the wrong parameter (for example invalid cryptographic algorithm or TLS version) has been set or when a check (for example, a check\_permissions() kind of function) was not done or not in the correct order, this problem is likely to appear often when the program is executed (no injected/complex attacks are required unlike in the previous category): * [CWE-1004](https://cwe.mitre.org/data/definitions/1004.html): Sensitive Cookie Without ‘HttpOnly’ Flag * [CWE-297](https://cwe.mitre.org/data/definitions/297.html): Improper Validation of Certificate with Host Mismatch * [CWE-327](https://cwe.mitre.org/data/definitions/327.html): Use of a Broken or Risky Cryptographic Algorithm These security issues are then divided into two categories: vulnerabilities and hotspots, see the main differences on the [security-hotspots](https://docs.sonarsource.com/sonarqube-server/2025.1/user-guide/security-hotspots "mention") page. Security hotspots have been introduced for security protections that have no direct impact on the overall application’s security. Most injection rules are vulnerabilities, for example, if a SQL injection is found, it is certain that a fix (input validation) is required, so this is a vulnerability. On the contrary, when creating a cookie, the ‘HttpOnly’ flag is an additional protection level (to reduce the impact when XSS vulnerabilities appear) but it is not always possible to implement or might not be relevant depending on the context of the application: therefore it’s a hotspot. With hotspots, we want to help developers understand information security risks, threats, impacts, root causes of security issues, and the choice of relevant software protections. In short, we really want to educate developers and help them develop secure, ethical, and privacy-friendly applications. ## Which security-standards are covered Our security rules are classified according to well-established security standards such as: * [OWASP Top 10](https://owasp.org/Top10/) (versions 2021 and 2017)
OWASP Top 10 security standards covered by Sonar for version 2021 | | | | | | | | | ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Category** | **Python** | **JS/TS** | **Java** | **C#** | **C/C++** | **PHP** | | A01:Broken Access Control | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A02: Cryptographic Failures | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A03: Injection | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A04: Insecure Design | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A05: Security Misconfiguration | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A06: Vulnerable and Outdated Components |


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| | A07: Identification and Authentication Failures | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A08: Software and Data Integrity Failures | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A09: Security Logging and Monitoring Failures | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | A10: Server-Side Request Forgery | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |
* [CWE Top 25](https://cwe.mitre.org/top25/archive/2023/2023_top25_list.html) (versions 2023, 2022, and 2021)
CWE Top 25 security standards covered by Sonar for version 2023 | | | | | | | | | ----------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Category** | **Python** | **JS/TS** | **Java** | **C#** | **C/C++** | **PHP** | | CWE-787: Out-of-bounds Write |


|


|


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| |

CWE-79: Improper Neutralization of Input During
Web Page Generation (‘Cross-site Scripting’)

| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | |

CWE-89: Improper Neutralization of Special
Elements used in an SQL Command (‘SQL Injection’)

| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-416: Use After Free |


|


|


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| |

CWE-78: Improper Neutralization of Special
Elements used in an OS Command
(‘OS Command Injection’)

| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-20: Improper Input Validation | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-125: Out-of-bounds Read |


|


|


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| |

CWE-22: Improper Limitation of a Pathname
to a Restricted Directory (‘Path Traversal’)

| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-352: Cross-Site Request Forgery (CSRF) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | |

CWE-434: Unrestricted Upload of File with
Dangerous Type

|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


|


|


|


| | CWE-862: Missing Authorization |


|


|


|


|


|


| | CWE-476: NULL Pointer Dereference | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| | CWE-287: Improper Authentication |


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


|


|


| | CWE-190: Integer Overflow or Wraparound |


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| | CWE-502: Deserialization of Untrusted Data | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | |

CWE-77: Improper Neutralization of Special
Elements used in a Command (‘Command Injection’)

| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | |

CWE-119: Improper Restriction of Operations
within the Bounds of a Memory Buffer

|


|


|


|


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| | CWE-798: Use of Hard-coded Credentials | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-918: Server-Side Request Forgery (SSRF) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-306: Missing Authentication for Critical Function |


|


|


|


|


|


| |

CWE-362: Concurrent Execution using Shared
Resource with Improper Synchronization
(‘Race Condition’)

|


|


|


|


|


|


| | CWE-269: Improper Privilege Management | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


|


|


|


| |

CWE-94: Improper Control of Generation of
Code (‘Code Injection’)

| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) |


| ![Checkmark icon](https://3560343708-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4FzELVjsPO4ijRo3jtBV%2Fuploads%2Fgit-blob-51435de4153f60f46883a8cb66af53e3ff29d70c%2Fgreen-check.svg?alt=media) | | CWE-863: Incorrect Authorization |


|


|


|


|


|


| | CWE-276: Incorrect Default Permissions |


|


|


|


|


|


|
* [OWASP ASVS 4.0 Level 1, 2, 3](https://owasp.org/www-project-application-security-verification-standard/) * [PCI DSS](https://www.pcisecuritystandards.org/) (versions 4.0 and 3.2.1) * [CASA](https://appdefensealliance.dev/casa) * [STIG](https://public.cyber.mil/stigs/) ## How to propose new security rules Security is a lively world where new types of attacks and vulnerabilities appear very often, so we welcome any suggestions for new security rules. You can read the [adding-coding-rules](https://docs.sonarsource.com/sonarqube-server/2025.1/extension-guide/adding-coding-rules "mention") page to see how to develop a new rule or propose a new one on our [Community forum](https://community.sonarsource.com/c/suggestions/rules/13). Regarding the security-injection rules mentioned above, it’s possible to extend the taint analysis configuration which allows the SonarQube Server engine to use new sources, sanitizers, validators and sinks within the homemade frameworks that you use. [security-engine-custom-configuration](https://docs.sonarsource.com/sonarqube-server/2025.1/analyzing-source-code/security-engine-custom-configuration "mention") is available as part of the Enterprise Edition and above. ## Injection vulnerabilities *Injection vulnerabilities* are also known as *injection flaws* or *taint vulnerabilities*; the names are often used interchangeably (ie: injection flaws, injection vulnerabilities, and taint vulnerabilities). They are issues raised by specific security-related rules in SonarQube (Server, Cloud) and remain a top concern. Common types include SQL Injection, Deserialization, and Command Injection vulnerabilities. Injection vulnerabilities are unique issues because of how data and information flow within your application. This flow becomes a problem when a user controls the data input into the application (source), and that data is not validated or sanitized before it is used by sensitive functions (sink). This lack of validation or sanitization is what allows a potential attacker to manipulate the data flow for malicious purposes. Because injection vulnerabilities (i.e., taint vulnerabilities) often involve code in multiple files and functions, SonarQube for IDE can only raise them after a full project analysis. This is why taint vulnerabilities are pulled from SonarQube Server or SonarQube Cloud after a project analysis. You can find the definition of injection vulnerabilities in the glossary.