Xamarin C#
This article covers Xamarin C# support and vulnerability detection for Mend SAST.
Mend SAST-supported Xamarin C# file types
**Note: These extensions are marked as ‘Secondary’ file extensions.
They will only be scanned if at least one file with any of the other ‘Primary’ file extensions is present to identify the language as the relevant language.
File Type |
|---|
.aspx** |
.ascx** |
.cs |
.cshtml** |
.cshtm** |
Mend SAST-supported Xamarin C# frameworks
Framework |
|---|
N/A |
Mend SAST-supported Xamarin C# vulnerability types
The Xamarin C# vulnerability types detected by SAST are provided below and are organized by CWE ID within each of their identified severities.
Xamarin C# high-severity vulnerability types
CWE | Vulnerability Type |
CWE-22 | Path/Directory Traversal |
CWE-73 | File Manipulation |
CWE-78 | Command Injection |
CWE-89 | SQL Injection |
CWE-94 | Code Injection |
CWE-312 | Backups Allowed |
CWE-502 | Deserialization of Untrusted Data |
Xamarin C# medium-severity vulnerability types
CWE | Vulnerability Type |
CWE-90 | LDAP Injection |
CWE-200 | Insecure Data Storage |
CWE-209 | Console Output |
CWE-209 | Error Messages Information Exposure |
CWE-244 | Heap Inspection |
CWE-250 | Application Permissions |
CWE-295 | Man-in-the-Middle Attack |
CWE-319 | Insufficient Transport Layer Protection |
CWE-338 | Weak Pseudo-Random |
CWE-400 | Sleep Denial of Service |
CWE-400 | Regex Denial of Service (ReDoS) |
CWE-489 | Debuggable Application |
CWE-501 | Trust Boundary Violation |
CWE-676 | Miscellaneous Dangerous Functions |
CWE-749 | WebView Implementation |
CWE-798 | Hardcoded Password/Credentials |
CWE-926 | Intents Usage |
Xamarin C# low-severity vulnerability types
CWE | Vulnerability Type |
CWE-16 | Application Configuration |
CWE-20 | Mail Relay |
CWE-117 | Log Forging |
CWE-326 | Weak Encryption Strength |
CWE-916 | Weak Hash Strength |
CWE-1104 | Insecure Minimum SDK |