It is very difficult for static analysis to identify any CSRF issues, because each application has its own implicit security policy that dictates which requests can be influenced by an outsider. Checkers such as SV.FIU.PERMISSIONS do provide some coverage, but typically, loose permissions for operations and custom permission models produce too many warnings from static analysis tools. Associated with PHP code, which is not covered by Klocwork. Not statically verifiable. Manual inspection is required. Use Klocwork extensibility to identify commonly used libraries or features that have become obsolete. Coverage claims ONLY for the 2010 CWE-SANS Top 25. NOTE: this data was created by MITRE, using information published on the Internet by certain vendors. It is being used to demonstrate CCR and does not represent any official position by those vendors. Use of untrusted scalar value, untrusted value as an argument, use of untrusted value Use of untrusted string value User pointer dereference String String String Out-of-bounds access, out-of-bounds write Integer overflow, integer overflowed argument, overflowed constant, overflowed return value Integer overflow, integer overflowed argument, overflowed constant, overflowed return value Function in assertion, side effect in assertion Infinite loop, infinite loop with no exit Unrecoverable parse warning Partial mapping obtained from the Coverity Coverage data sheet. NOTE: this data was created by MITRE, using information published on the Internet by certain vendors. It is being used to demonstrate CCR and does not represent any official position by those vendors.