SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 100

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 101

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4

...

Failing to use only the subset of ASCII that is guaranteed to work can result in misinterpreted data.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC09-C

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite
Include Page
LDRA_V
LDRA_V

113 S

Partially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
MISRA-005 
CERT_C-MSC09-a
Only use characters defined in ISO C standard
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

0285
0286
0287
0288
0289
0299

Partially implemented
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S1578
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MSC09-CPP. Character encoding: Use subset of ASCII for safety
CERT Oracle Secure Coding Standard for JavaIDS50-J. Use conservative file naming conventions
MISRA C:2012Directive 1.1 (required)
Rule 4.1 (required)
MITRE CWECWE-116, Improper encoding or escaping of output

Bibliography

[ISO/IEC 646-1991]"ISO 7-Bit Coded Character Set for Information Interchange"
[ISO/IEC 9899:2011]Subclause 5.2.1, "Character Sets"
[Kuhn 2006]"UTF-8 and Unicode FAQ for UNIX/Linux"
[VU#439395]
 

[Wheeler 2003Section 5.4, "File Names"

...


...