.svg){kind=logo}
This article covers Kotlin Mobile support and vulnerability detection for Mend SAST.
Mend SAST-supported Kotlin Mobile file types
|
File Type |
|---|
|
.kt |
|
.ktm |
|
.kts |
Mend SAST-supported Kotlin Mobile vulnerability types
The Kotlin Mobile vulnerability types detected by SAST are provided below and organized by CWE ID within each of their identified severities.
Kotlin Mobile high-severity vulnerability types
|
CWE |
Vulnerability Type |
|
CWE-22 |
Path/Directory Traversal |
|
CWE-73 |
File Manipulation |
|
CWE-78 |
Command Injection |
|
CWE-79 |
Cross-Site Scripting |
|
CWE-89 |
SQL Injection |
|
CWE-89 |
External SQL Injection |
|
CWE-94 |
Code Injection |
|
CWE-94 |
Server Pages Execution |
|
CWE-94 |
Arbitrary Code Injection |
|
CWE-502 |
Deserialization of Untrusted Data |
|
CWE-643 |
XPath Injection |
|
CWE-918 |
Server-Side Request Forgery |
Kotlin Mobile medium-severity vulnerability types
|
CWE |
Vulnerability Type |
|
CWE-90 |
LDAP Injection |
|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor (location) |
|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor (Data Storage) |
|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor (Shared Preference ) |
|
CWE-209 |
Log Messages Information Leak |
|
CWE-209 |
Error Messages Information Exposure |
|
CWE-209 |
Console Output |
|
CWE-244 |
Heap Inspection |
|
CWE-295 |
Man in the Middle Attack |
|
CWE-338 |
Weak Pseudo-Random |
|
CWE-400 |
Sleep Denial of Service |
|
CWE-400 |
Regex Denial of Service (ReDoS) |
|
CWE-472 |
Hidden HTML Input |
|
CWE-501 |
Trust Boundary Violation |
|
CWE-611 |
XML External Entity (XXE) Injection |
|
CWE-676 |
Miscellaneous Dangerous Functions |
|
CWE-676 |
External URL |
|
CWE-676 |
Mobile Miscellaneous |
|
CWE-749 |
WebView Exposure |
|
CWE-798 |
Hardcoded Password/Credentials |
|
CWE-926 |
Improper Export of Android Application Components (Intents) |
Kotlin Mobile low-severity vulnerability types
|
CWE |
Vulnerability Type |
|
CWE-16 |
Security Misconfiguration |
|
CWE-20 |
Session Poisoning |
|
CWE-20 |
System Properties Change |
|
CWE-20 |
Mail Relay |
|
CWE-20 |
Cookie Injection |
|
CWE-113 |
HTTP Header Injection |
|
CWE-113 |
HTTP Response Splitting |
|
CWE-117 |
Log Forging |
|
CWE-326 |
Weak Encryption Strength |
|
CWE-434 |
File Upload |
|
CWE-497 |
System Properties Disclosure |
|
CWE-530 |
Dangerous File Extensions |
|
CWE-601 |
Unvalidated/Open Redirect |
|
CWE-916 |
Weak Hash Strength |
|
CWE-941 |
Arbitrary Server Connection |
|
CWE-1004 |
Cookie Without 'HttpOnly' Flag |