Supported Fixes
A "fix" is defined as a code remediation that has been validated and tested by Mobb engineers.
All fixes must meet the following criteria:
The fix addresses the security issue as identified by the SAST tool
The fix should be recognized by the SAST tool (The SAST tool should recognize the finding as fixed upon re-scan)
Here are the categories of stable fixes that Mobb currently supports. If there is a category you'd like to see Mobb support that is not listed here, please email us at support@mobb.ai.
If you'd like us to support a SAST tool that is not listed here, please tell us by submitting it here.
Since different SAST vendors often name issues differently, the issue names in parentheses are the Mobb normalized names.
List of Supported Issue Types for Checkmarx
Java
Absolute_Path_Traversal (Path Traversal)
Relative_Path_Traversal (Path Traversal)
Reflected_XSS_All_Clients (XSS)
Stored_XSS (XSS)
Improper_Restriction_of_XXE_Ref (XXE)
Command_Injection (Command Injection)
SQL_Injection (SQL Injection)
SSRF (Server-Side Request Forgery)
Log_Forging (Log Forging)
Stored_Log_Forging (Log Forging)
HttpOnlyCookies (Cookie is not HttpOnly)
Information_Exposure_Through_an_Error_Message (System Information Leak)
Unchecked_Input_for_Loop_Condition (Unchecked Loop Condition)
Trust_Boundary_Violation_in_Session_Variables (Trust Boundary Violations)
ReDoS_From_Regex_Injection (Regex Injection)
Detection_of_Error_Condition_Without_Action (Error Condition Without Action)
Portability_Flaw_Locale_Dependent_Comparison (Locale Dependent Comparison)
Race_Condition_Format_Flaw (Race Condition Format Flaw)
Declaration_Of_Catch_For_Generic_Exception (Overly Broad Catch)
Improper_Resource_Shutdown_or_Release (Improper Resource Shutdown or Release)
use_of_wrong_operator_in_string_comparison (Erroneous String Compare)
J2EE Bad Practices: Leftover Debug Code (Leftover Debug Code)
confusing_naming (Confusing Naming)
JavaScript
SQL_Injection (SQL Injection)
Client_Insecure_Randomness (Insecure Randomness)
use_of_insufficiently_random_values (Insecure Randomness)
Log_Forging (Log Forging)
Client_DOM_Stored_XSS (XSS)
Client_DOM_XSS (XSS)
Stored_XSS (XSS)
Client_Potential_XSS (XSS)
Client_DOM_Open_Redirect (Open Redirect)
Open_Redirect (Open Redirect)
Client_Password_In_Comment (Password in Comment)
Unsafe_Use_Of_Target_blank (Unsafe Target Blank)
Client_Use_Of_Iframe_Without_Sandbox (Missing iframe Sandbox)
Client_JQuery_Deprecated_Symbols (jQuery Deprecated Symbols)
Absolute_Path_Traversal (Path Traversal)
Relative_Path_Traversal (Path Traversal)
Stored_Path_Traversal (Path Traversal)
Use_of_Deprecated_or_Obsolete_Functions (Deprecated Function)
Hardcoded_password_in_Connection_String (Hardcoded Secrets)
JWT_Use_Of_Hardcoded_Secret (Hardcoded Secrets)
Use_Of_Hardcoded_Password (Hardcoded Secrets)
Command_Injection (Command Injection)
Prototype_Pollution (Prototype Pollution)
Missing_HSTS_Header (Missing HSTS Header)
SSRF (Server-Side Request Forgery)
Unprotected_Cookie (Insecure Cookie)
Unchecked_Input_For_Loop_Condition (Unchecked Loop Condition)
C#
SSRF (Server-Side Request Forgery)
Log_Forging (Log Forging)
Improper_Restriction_of_XXE_Ref (XXE)
SQL_Injection (SQL Injection)
Path_Traversal (Path Traversal)
Deserialization_of_Untrusted_Data (Unsafe deserialization)
Improper_Resource_Shutdown_or_Release (Improper Resource Shutdown or Release)
Improper_Exception_Handling (Improper Exception Handling)
Trust_Boundary_Violation_in_Session_Variables (Trust Boundary Violations)
Insecure_Cookie (Insecure Cookie)
Just_One_of_Equals_and_Hash_code_Defined (Missing equals or hashcode method)
HttpOnlyCookies (Cookie is not HttpOnly)
Value_Shadowing (Value Shadowing)
Use_of_Insufficiently_Random_Values (Insecure Randomness)
insufficient_logging_of_sensitive_operations (Insufficient Logging of Sensitive Operations)
Information_Exposure_Through_an_Error_Message (System Information Leak)
Stored_XSS (XSS)
Reflected_XSS_All_Clients (XSS)
unvalidated_arguments_of_public_methods (Unvalidated Public Method Argument)
information_exposure_via_headers (Information Exposure via Headers)
declaration_of_catch_for_generic_exception (Overly Broad Catch)
Python
debug_enabled (Debug Enabled)
PL/SQL
Default_Definer_Rights_in_Package_or_Object_Definition (Default Definer Rights in Package or Object Definition)
To learn more about configuring your fix policies in Mobb, click here.
Last updated