A "fix" is defined as a code remediation that has been validated and tested by Mobb engineers.
All fixes must meet the following criteria:
The fix addresses the security issue as identified by the SAST tool
The fix should be recognized by the SAST tool (The SAST tool should recognize the finding as fixed upon re-scan)
Here are the categories of fixes that Mobb currently supports. If there is a category you'd like to see Mobb support that is not listed here, please email us at .
If you'd like us to support a SAST tool that is not listed here, please tell us by submitting it .
Since different SAST vendors often name issues differently, the issue names in parentheses are the Mobb normalized names.
List of Supported Issue Types for Snyk
C#
GO
Java
JavaScript / TypeScript
Python
Cross Site Scripting (XSS)
List of Supported Issue Types for Fortify
C#
GO
Java
JavaScript / TypeScript
PHP
Python
XML
List of Supported Issue Types for Checkmarx
C#
Declaration Of Catch For Generic Exception
Deserialization of Untrusted Data
HttpOnlyCookies
Improper Exception Handling
Improper Resource Shutdown or Release
Improper Restriction of XXE Ref
Information Exposure Through an Error Message
Information Exposure via Headers
Insecure Cookie
Insufficient Logging of Exceptions
Insufficient Logging of Sensitive Operations
Just One of Equals and Hash code Defined
Log Forging
Path Traversal
Reflected XSS All Clients
SQL Injection
SSRF
Stored XSS
Trust Boundary Violation in Session Variables
Unsafe Object Binding
Unvalidated Arguments Of Public Methods
Use of Insufficiently Random Values
Value Shadowing
GO
Log Forging
Privacy Violation
SSL Verification Bypass
Use of Cryptographically Weak PRNG
Java
Absolute Path Traversal
Command Injection
Confusing Naming
Declaration Of Catch For Generic Exception
Detection of Error Condition Without Action
Frameable loging page
HttpOnlyCookies
Improper Resource Shutdown or Release
Improper Restriction of Stored XXE Ref
Improper Restriction of XXE Ref
Information Exposure Through an Error Message
Log Forging
Portability Flaw Locale Dependent Comparison
Privacy Violation
Race Condition Format Flaw
ReDoS From Regex Injection
Reflected XSS All Clients
Relative Path Traversal
SQL Injection
SQL Injection Evasion Attack
SSRF
Stored Absolute Path Traversal
Stored Log Forging
Stored XSS
Trust Boundary Violation in Session Variables
Unchecked Input for Loop Condition
Use of Hard coded Cryptographic Key
Use of Non Cryptographic Random
Use of Wrong Operator in String Comparison
JavaScript / TypeScript
Absolute Path Traversal
Client DOM Open Redirect
Client DOM Stored XSS
Client DOM XSS
Client Hardcoded Domain
Client Insecure Randomness
Client JQuery Deprecated Symbols
Client Password In Comment
Client Potential XSS
Client Regex Injection
Client Use Of Iframe Without Sandbox
Command Injection
Log Forging
Open Redirect
Prototype Pollution
Relative Path Traversal
Server DoS by loop
Server DoS by Loop
SQL Injection
SSRF
Stored XSS
Unchecked Input For Loop Condition
Unprotected Cookie
Unsafe Use Of Target blank
Use of Deprecated or Obsolete Functions
Use of Insufficiently Random Values
PHP
Use of Non Cryptographic Random
Python
Reversible One Way Hash
SQL
List of Supported Issue Types for SonarQube
C#
GO
Java
JavaScript / TypeScript
PHP
Python
List of Supported Issue Types for CodeQL
CPP
C#
GO
Java
JavaScript / TypeScript
Python
List of Supported Issue Types for Semgrep/Opengrep
GO
Java
JavaScript / TypeScript
Python
YAML
List of Supported Issue Types for Datadog
Java
JavaScript / TypeScript
Python
To learn more about configuring your fix policies in Mobb, .
