SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 165

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version 166

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Clang
Include Page
Clang_39_V
Clang_39_V
cert-env33-cChecked by clang-tidy
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.PATH.SYSTEM
IO.INJ.COMMAND

Use of system
Command injection

Compass/ROSE


Coverity
Include Page
Coverity_V
Coverity_V
DONT_CALLImplemented
Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.STDLIB.ABORT
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION


LDRA tool suite
Include Page
LDRA_V
LDRA_V

588 S

Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
SECURITY-48, MISRA2004-20_11

CERT_C-ENV33-a
CERT_C-ENV33-b

Do not call system()
The library functions abort, exit, getenv and system from library stdlib.h shall not be used

Also detects getenv(), abort(), and exit()

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V


Execution of externally controlled command

Command executed from an externally controlled path

Unsafe call to a system function

Command argument from an unsecure source vulnerable to operating system command injection

Path argument from an unsecure source

Unsanitized command argument has exploitable vulnerabilities

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5018Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

5031


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

Supported, but no explicit checker
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S990Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> 

...