Supported Fixes

A "fix" is defined as a code remediation that has been validated and tested by Mobb engineers.

All fixes must meet the following criteria:

  • The fix addresses the security issue as identified by the SAST tool

  • The fix should be recognized by the SAST tool (The SAST tool should recognize the finding as fixed upon re-scan)

Here are the categories of stable fixes that Mobb currently supports. If there is a category you'd like to see Mobb support that is not listed here, please email us at support@mobb.ai.

If you'd like us to support a SAST tool that is not listed here, please tell us by submitting it here.

Since different SAST vendors often name issues differently, the issue names in parentheses are the Mobb normalized names.

List of Supported Issue Types for Snyk
List of Supported Issue Types for Fortify

C#

Java

JavaScript / TypeScript

PHP

Python

XML

List of Supported Issue Types for Checkmarx

C#

  • Declaration Of Catch For Generic Exception

  • Deserialization of Untrusted Data

  • HttpOnlyCookies

  • Improper Exception Handling

  • Improper Resource Shutdown or Release

  • Improper Restriction of XXE Ref

  • Information Exposure Through an Error Message

  • Information Exposure via Headers

  • Insecure Cookie

  • Insufficient Logging of Exceptions

  • Insufficient Logging of Sensitive Operations

  • Just One of Equals and Hash code Defined

  • Log Forging

  • Path Traversal

  • Reflected XSS All Clients

  • SQL Injection

  • SSRF

  • Stored XSS

  • Trust Boundary Violation in Session Variables

  • Unsafe Object Binding

  • Unvalidated Arguments Of Public Methods

  • Use of Insufficiently Random Values

  • Value Shadowing

Java

  • Absolute Path Traversal

  • Command Injection

  • Confusing Naming

  • Declaration Of Catch For Generic Exception

  • Detection of Error Condition Without Action

  • HttpOnlyCookies

  • Improper Resource Shutdown or Release

  • Improper Restriction of Stored XXE Ref

  • Improper Restriction of XXE Ref

  • Information Exposure Through an Error Message

  • Log Forging

  • Portability Flaw Locale Dependent Comparison

  • Race Condition Format Flaw

  • ReDoS From Regex Injection

  • Reflected XSS All Clients

  • Relative Path Traversal

  • SQL Injection

  • SSRF

  • Stored Log Forging

  • Stored XSS

  • Trust Boundary Violation in Session Variables

  • Unchecked Input for Loop Condition

  • Use of Non Cryptographic Random

  • Use of Wrong Operator in String Comparison

JavaScript / TypeScript

  • Absolute Path Traversal

  • Client DOM Open Redirect

  • Client DOM Stored XSS

  • Client DOM XSS

  • Client Hardcoded Domain

  • Client Insecure Randomness

  • Client JQuery Deprecated Symbols

  • Client Password In Comment

  • Client Potential XSS

  • Client Regex Injection

  • Client Use Of Iframe Without Sandbox

  • Command Injection

  • Hardcoded password in Connection String

  • JWT Use Of Hardcoded Secret

  • Log Forging

  • Open Redirect

  • Prototype Pollution

  • Relative Path Traversal

  • Server DoS by loop

  • Server DoS by Loop

  • SQL Injection

  • SSRF

  • Stored XSS

  • Unchecked Input For Loop Condition

  • Unprotected Cookie

  • Unsafe Use Of Target blank

  • Use of Deprecated or Obsolete Functions

  • Use Of Hardcoded Password

  • Use of Insufficiently Random Values

PHP

  • Use of Non Cryptographic Random

Python

SQL

  • Default Definer Rights in Package or Object Definition

List of Supported Issue Types for SonarQube

C#

Java

JavaScript / TypeScript

PHP

Python

List of Supported Issue Types for CodeQL

CPP

C#

Java

JavaScript / TypeScript

Python

List of Supported Issue Types for Semgrep

To learn more about configuring your fix policies in Mobb, click here.

Last updated