Supported Fixes

A "fix" is defined as a code remediation that has been validated and tested by Mobb engineers.

For a fix to be considered stable, it must meet the following criteria:

  • The fix addresses the security issue as identified by the SAST tool

  • The fix should be recognized by the SAST tool (The SAST tool should recognize the finding as fixed upon re-scan)

This is different than an "experimental fix" which may require further validations and testing to ensure their accuracy.

Here are the categories of stable fixes that Mobb currently supports. If there is a category that you'd like to see Mobb support that is not listed here, please send us an email at support@mobb.ai.

If you'd like us to support a SAST tool that is not listed here, please tell us by submitting it here.

List of Supported Issue Types for Snyk

Java

  • Path Traversal

  • XSS

  • XXE

  • Command Injection

  • SQL Injection

  • Server-Side Request Forgery

  • HTTP Response Splitting

  • Cookie is not HttpOnly

  • Insecure Cookie

  • Trust Boundary Violations

  • Regex Injection

JavaScript

  • SQL Injection

  • Server-Side Request Forgery

  • Regex Injection

  • XSS

  • Open Redirect

  • GraphQL Depth Limit

  • External System Information Leak

  • Path Traversal

  • Hardcoded Secrets

  • Command Injection

C#

  • XXE

  • Server-Side Request Forgery

  • Path Traversal

  • SQL Injection

  • Log Forging

  • Missing Anti-forgery Validation

  • Cookie is not HttpOnly

  • Insecure Cookie

List of Supported Issue Types for Checkmarx

Java

  • Path Traversal

  • XSS

  • XXE

  • Command Injection

  • SQL Injection

  • Server-Side Request Forgery

  • Log Forging

  • Cookie is not HttpOnly

  • System Information Leak

  • Unchecked Loop Condition

  • Trust Boundary Violations

  • Regex Injection

  • Error Condition Without Action

  • Locale Dependent Comparison

  • Race Condition Format Flaw

  • Overly Broad Catch

JavaScript

  • SQL Injection

  • Insecure Randomness

  • Log Forging

  • XSS

  • Open Redirect

  • Password in Comment

  • Unsafe Target Blank

  • Missing iframe Sandbox

  • jQuery Deprecated Symbols

  • Path Traversal

  • Deprecated Function

  • Hardcoded Secrets

  • Command Injection

  • Prototype Pollution

  • Missing HSTS Header

C#

  • Server-Side Request Forgery

  • Log Forging

  • XXE

  • SQL Injection

  • Path Traversal

  • Unsafe deserialization

  • Improper Resource Shutdown or Release

  • Improper Exception Handling

  • Trust Boundary Violations

  • Insecure Cookie

SQL

  • Default Definer Rights in Package or Object Definition

List of Supported Issue Types for Fortify

Java

  • SQL Injection

  • XXE

  • XSS

  • Path Traversal

  • Missing Check against Null

  • Log Forging

  • Password in Comment

  • Overly Broad Catch

  • Use of System.out/System.err

  • Denial of Service: StringBuilder

  • System Information Leak

  • Command Injection

  • Server-Side Request Forgery

  • Cookie is not HttpOnly

  • Insecure Cookie

  • Trust Boundary Violations

  • Regex Injection

  • HTML Comment in JSP

  • Locale Dependent Comparison

  • Race Condition Format Flaw

  • Non-final Public Static Field

  • Dead Code: Unused Field

JavaScript

  • Command Injection

  • Insecure Randomness

  • Password in Comment

  • System Information Leak

  • External System Information Leak

  • Path Traversal

  • Hardcoded Secrets

C#

  • XXE

  • Password in Comment

  • Use of System.out/System.err

  • Path Traversal

  • System Information Leak

  • SQL Injection

  • Log Forging

  • Insecure Binder Configuration

  • Overly Broad Catch

  • Missing Anti-forgery Validation

  • Null Dereference

XML

  • Weak XML Schema: Unbounded Occurrences

List of Supported Issue Types for CodeQL

Java

  • Path Traversal

  • XSS

  • XXE

  • Command Injection

  • SQL Injection

  • Relative Path Command Injection

  • Server-Side Request Forgery

  • Log Forging

  • HTTP Response Splitting

  • Insecure Cookie

JavaScript

  • SQL Injection

  • Insecure Randomness

  • Server-Side Request Forgery

  • Type Confusion

  • Regex Injection

  • Incomplete URL Sanitization

  • Log Forging

  • XSS

  • Path Traversal

  • Open Redirect

C#

  • Log Forging

  • XXE

  • Path Traversal

  • Unsafe deserialization

C++

  • Use of dangerous function

To learn more about configuring your fix policies in Mobb, click here.

Last updated