A "fix" is defined as a code remediation that has been validated and tested by Mobb engineers.
For a fix to be considered stable, it must meet the following criteria:
The fix addresses the security issue as identified by the SAST tool
The fix should be recognized by the SAST tool (The SAST tool should recognize the finding as fixed upon re-scan)
This is different than an "experimental fix" which may require further validations and testing to ensure their accuracy.
Here are the categories of stable fixes that Mobb currently supports. If there is a category that you'd like to see Mobb support that is not listed here, please send us an email at support@mobb.ai.
If you'd like us to support a SAST tool that is not listed here, please tell us by submitting it here.
Since different SAST vendors often name issues differently, the issue names in parentheses are the Mobb normalized names.
List of Supported Issue Types for Snyk
Java
Path Traversal
XSS
XXE
Command Injection
SQL Injection
Server-Side Request Forgery
HTTP Response Splitting
Cookie is not HttpOnly
Insecure Cookie
Trust Boundary Violations
Regex Injection
JavaScript
SQL Injection
Server-Side Request Forgery
Regex Injection
XSS
Open Redirect
GraphQL Depth Limit
External System Information Leak
Path Traversal
Hardcoded Secrets
Command Injection
C#
XXE
Server-Side Request Forgery
Path Traversal
SQL Injection
Log Forging
Missing Anti-forgery Validation
Cookie is not HttpOnly
Insecure Cookie
List of Supported Issue Types for Checkmarx
Java
Path Traversal
XSS
XXE
Command Injection
SQL Injection
Server-Side Request Forgery
Log Forging
Cookie is not HttpOnly
System Information Leak
Unchecked Loop Condition
Trust Boundary Violations
Regex Injection
Error Condition Without Action
Locale Dependent Comparison
Race Condition Format Flaw
Overly Broad Catch
JavaScript
SQL Injection
Insecure Randomness
Log Forging
XSS
Open Redirect
Password in Comment
Unsafe Target Blank
Missing iframe Sandbox
jQuery Deprecated Symbols
Path Traversal
Deprecated Function
Hardcoded Secrets
Command Injection
Prototype Pollution
Missing HSTS Header
Server-Side Request Forgery
C#
Server-Side Request Forgery
Log Forging
XXE
SQL Injection
Path Traversal
Unsafe deserialization
Improper Resource Shutdown or Release
Improper Exception Handling
Trust Boundary Violations
Insecure Cookie
SQL
Default Definer Rights in Package or Object Definition
List of Supported Issue Types for Fortify
Java
SQL Injection
XML Entity Expansion Injection (XXE)
XML External Entity Injection (XXE)
Cross-Site Scripting: Reflected (XSS)
Path Manipulation (Path Traversal)
Path Manipulation: Zip Entry Overwrite (Path Traversal)
Missing Check against Null
Log Forging
Password Management: Password in Comment (Password in Comment)