.svg){kind=logo}
This article covers Kotlin support and vulnerability detection for Mend SAST.
Mend SAST-supported Kotlin file types
|
File Type |
|---|
|
.kt |
|
.ktm |
|
.kts |
Mend SAST-supported Kotlin frameworks
|
Framework |
|---|
|
Micronaut |
Mend SAST-supported Kotlin vulnerability types
The Kotlin vulnerability types detected by SAST are provided below, organized by CWE ID within each of their identified severities.
Kotlin high-severity vulnerability types
|
CWE |
Vulnerability Type |
|
CWE-22 |
Path/Directory Traversal |
|
CWE-73 |
File Manipulation |
|
CWE-78 |
Command Injection |
|
CWE-79 |
Cross-Site Scripting |
|
CWE-89 |
SQL Injection |
|
CWE-94 |
Code Injection |
|
CWE-94 |
Server Pages Execution |
|
CWE-502 |
Deserialization of Untrusted Data |
|
CWE-643 |
XPath Injection |
|
CWE-918 |
Server-Side Request Forgery |
Kotlin medium-severity vulnerability types
|
CWE |
Vulnerability Type |
|
CWE-90 |
LDAP Injection |
|
CWE-209 |
Log Messages Information Leak |
|
CWE-209 |
Error Messages Information Exposure |
|
CWE-209 |
Console Output |
|
CWE-244 |
Heap Inspection |
|
CWE-338 |
Weak Pseudo-Random |
|
CWE-400 |
Sleep Denial of Service |
|
CWE-400 |
Regex Denial of Service (ReDoS) |
|
CWE-472 |
Hidden HTML Input |
|
CWE-501 |
Trust Boundary Violation |
|
CWE-611 |
XML External Entity (XXE) Injection |
|
CWE-676 |
Miscellaneous Dangerous Functions |
|
CWE-798 |
Hardcoded Password/Credentials |
Kotlin low-severity vulnerability types
|
CWE |
Vulnerability Type |
|
CWE-20 |
Session Poisoning |
|
CWE-20 |
System Properties Change |
|
CWE-20 |
Mail Relay |
|
CWE-20 |
Cookie Injection |
|
CWE-113 |
HTTP Header Injection |
|
CWE-113 |
HTTP Response Splitting |
|
CWE-117 |
Log Forging |
|
CWE-326 |
Weak Encryption Strength |
|
CWE-434 |
File Upload |
|
CWE-497 |
System Properties Disclosure |
|
CWE-530 |
Dangerous File Extensions |
|
CWE-601 |
Unvalidated/Open Redirect |
|
CWE-916 |
Weak Hash Strength |
|
CWE-941 |
Arbitrary Server Connection |
|
CWE-1004 |
Cookie Without 'HttpOnly' Flag |