Skip to main content

Greenlight best practices

The Best Practices feature in Greenlight detects lines of code that comply with coding best practices. These lines of code protect the application against specific Common Weakness Enumerations (CWEs).

After you run a Greenlight scan in your IDE, the coding best practices are underlined green. In the Greenlight Findings window, select Best Practices to view a list of CWEs that your application avoided based on the detected coding best practices. To view more details about a specific CWE, in the Actions column, select Details.

For example, Greenlight can detect when a coding best practice is present against these CWEs:

  • Taint-based CWEs
    • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    • CWE-93: Improper Neutralization of CRLF Sequences (CRLF Injection)
    • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting)
    • CWE-117: Improper Output Neutralization for Logs
    • CWE-201: Information Exposure Through Sent Data
    • CWE-611: Improper Restriction of XML External Entity Reference (XXE)
  • Non-taint based CWEs
    • CWE-326: Inadequate Encryption Strength
    • CWE-327: Use of a Broken or Risky Cryptographic Algorithm
    • CWE-329: Not Using a Random IV with CBC Mode
    • CWE-331: Insufficient Entropy
    • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
    • CWE-780: Use of RSA Algorithm without OAEP