...
- memory management
- buffer overruns
- dangling, uninitialized or null pointer use
- bad free() calls
- memory leaks
- arithmetic overflow bugs
- portability issues
- coding standards compliance
- error code management
- avoiding operator precedence confusion in C
- avoiding = vs == confusion in C
- error conditions not checked
- even simple stuff like whitespace
- code duplication, other automatic refactoring opportunity detection
- code complexity: A good score is not really an indicator of good code, but excessive complexity would suggest that the code may be hard to understand and maintain, and easier to break with a seemingly simple change.
- cross-site scripting
- unsafe use of attacker-influenced data (e.g., "taint" tracking)
- SQL injection
- format strings
- command line or pathname generation
- validation of externally-provided binary data structures before use
- conversion issues
- more overflow potential
- bad casting
- ...
Languages we care about:
...