CodeAnt AI home pagelight logodark logo
  • Support
  • Dashboard
  • Dashboard
  • Join Community
Start Here
  • What is CodeAnt?
Setup
  • Github
  • Bitbucket
  • Gitlab
  • Azure Devops
Pull Request Review
  • Features
  • Customize Review
  • Quality Gates
  • Integrations
Scan center
  • Code Security
  • Code Quality
  • Cloud Security
  • Engineering Productivity
Integrations
  • Jira
  • Test Coverage
  • CI/CD
IDE
  • Setup
  • Review
  • Enhancements
Rule Reference
  • Compliance
  • Anti-Patterns
  • Code Governance
  • Infrastructure Security Database
  • Application Security Database
    • Apex
    • Bash
    • C
    • Clojure
    • Cpp
    • Csharp
    • Dockerfile
    • Elixir
    • Fingerprints
    • Generic
    • Go
    • Html
    • Java
    • Javascript
    • Json
    • Kotlin
    • Ocaml
      • Lang
        • Best practice
        • Compatibility
        • Correctness
        • Performance
        • Portability
        • Security
    • Php
    • Problem-based-packs
    • Python
    • Ruby
    • Rust
    • Scala
    • Solidity
    • Swift
    • Terraform
    • Typescript
    • Yaml
Resources
  • Open Source
  • Blogs
Lang

Security

ocamllint-tempfile

Filename.temp_file might lead to race conditions, since the file could be altered or replaced by a symlink before being opened.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- C
- W
- E
- -
- 3
- 6
- 7
- :
-

- T
- i
- m
- e
- -
- o
- f
- -
- c
- h
- e
- c
- k
-

- T
- i
- m
- e
- -
- o
- f
- -
- u
- s
- e
-

- (
- T
- O
- C
- T
- O
- U
- )
-

- R
- a
- c
- e
-

- C
- o
- n
- d
- i
- t
- i
- o
- n

ocamllint-exec

Executing external programs might lead to comand or argument injection vulnerabilities.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- C
- W
- E
- -
- 7
- 8
- :
-

- O
- S
-

- C
- o
- m
- m
- a
- n
- d
-

- I
- n
- j
- e
- c
- t
- i
- o
- n

ocamllint-unsafe

Unsafe functions do not perform boundary checks or have other side effects, use with care.
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- C
- W
- E
- -
- 2
- 4
- 2
- :
-

- U
- s
- e
-

- o
- f
-

- I
- n
- h
- e
- r
- e
- n
- t
- l
- y
-

- D
- a
- n
- g
- e
- r
- o
- u
- s
-

- F
- u
- n
- c
- t
- i
- o
- n
-

- (
- 4
- .
- 1
- 2
- )

ocamllint-digest

Digest uses MD5 and should not be used for security purposes. Consider using SHA256 instead.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- C
- W
- E
- -
- 3
- 2
- 8
- :
-

- U
- s
- e
-

- o
- f
-

- W
- e
- a
- k
-

- H
- a
- s
- h
-

- (
- 4
- .
- 1
- 2
- )

ocamllint-hashtable-dos

Creating a Hashtbl without the optional random number parameter makes it prone to DoS attacks when attackers are able to fill the table with malicious content. Hashtbl.randomize or the R flag in the OCAMLRUNPARAM are other ways to randomize it.
Likelihood: LOW
Confidence: LOW
CWE:
- C
- W
- E
- -
- 3
- 9
- 9
- :
-

- R
- e
- s
- o
- u
- r
- c
- e
-

- M
- a
- n
- a
- g
- e
- m
- e
- n
- t
-

- E
- r
- r
- o
- r
- s
-

- (
- 4
- .
- 1
- 2
- )

ocamllint-filenameconcat

When attacker supplied data is passed to Filename.concat directory traversal attacks might be possible.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- C
- W
- E
- -
- 3
- 5
- :
-

- P
- a
- t
- h
-

- T
- r
- a
- v
- e
- r
- s
- a
- l

ocamllint-marshal

Marshaling is currently not type-safe and can lead to insecure behaviour when untrusted data is marshalled. Marshalling can lead to out-of-bound reads as well.
Likelihood: MEDIUM
Confidence: LOW
CWE:
- C
- W
- E
- -
- 5
- 0
- 2
- :
-

- D
- e
- s
- e
- r
- i
- a
- l
- i
- z
- a
- t
- i
- o
- n
-

- o
- f
-

- U
- n
- t
- r
- u
- s
- t
- e
- d
-

- D
- a
- t
- a
PortabilityAudit
twitterlinkedin
Powered by Mintlify
Assistant
Responses are generated using AI and may contain mistakes.