SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 163

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version 164

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated parasoft

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Clang
Include Page
Clang_39_V
Clang_39_V
cert-env33-cChecked by clang-tidy
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.PATH.SYSTEM
IO.INJ.COMMAND

Use of system
Command injection

Compass/ROSE


Coverity
Include Page
Coverity_V
Coverity_V
DONT_CALLImplemented
Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.STDLIB.ABORT
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION


LDRA tool suite
Include Page
LDRA_V
LDRA_V

588 S

Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
SECURITY-48, MISRA2012MISRA2004-RULE-2120_811
Also detects getenv(), abort(), and exit()
Polyspace Bug Finder

R2016a

R2017b

Execution of externally controlled command, Command executed from externally controlled path

Unsafe call to a system function

Command argument from an unsecure source vulnerable to operating system command injection

Path argument from an unsecure source

Unsanitized command argument has exploitable vulnerabilities

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5018Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

5031


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

Supported, but no explicit checker
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S990Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> 

...