Kotlin

This article covers Kotlin support and vulnerability detection for Mend SAST.

Mend SAST-supported Kotlin file types

Framework
Micronaut

The Kotlin vulnerability types detected by SAST are provided below, organized by CWE ID within each of their identified severities.

CWE	Vulnerability Type
CWE-22	Path/Directory Traversal
CWE-73	File Manipulation
CWE-78	Command Injection
CWE-79	Cross-Site Scripting
CWE-89	SQL Injection
CWE-94	Code Injection
CWE-94	Server Pages Execution
CWE-502	Deserialization of Untrusted Data
CWE-643	XPath Injection
CWE-918	Server-Side Request Forgery

CWE	Vulnerability Type
CWE-90	LDAP Injection
CWE-209	Log Messages Information Leak
CWE-209	Error Messages Information Exposure
CWE-209	Console Output
CWE-244	Heap Inspection
CWE-338	Weak Pseudo-Random
CWE-400	Sleep Denial of Service
CWE-400	Regex Denial of Service (ReDoS)
CWE-472	Hidden HTML Input
CWE-501	Trust Boundary Violation
CWE-611	XML External Entity (XXE) Injection
CWE-676	Miscellaneous Dangerous Functions
CWE-798	Hardcoded Password/Credentials

CWE	Vulnerability Type
CWE-20	Session Poisoning
CWE-20	System Properties Change
CWE-20	Mail Relay
CWE-20	Cookie Injection
CWE-113	HTTP Header Injection
CWE-113	HTTP Response Splitting
CWE-117	Log Forging
CWE-326	Weak Encryption Strength
CWE-434	File Upload
CWE-497	System Properties Disclosure
CWE-530	Dangerous File Extensions
CWE-601	Unvalidated/Open Redirect
CWE-916	Weak Hash Strength
CWE-941	Arbitrary Server Connection
CWE-1004	Cookie Without 'HttpOnly' Flag