...
Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC11-C | Low | Unlikely | High | P1 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| LANG.FUNCS.ASSERTS | Not enough assertions | ||||||
| ASSERT_SIDE_EFFECT | Can detect the specific instance where assertion contains an operation/function call that may have a side effect | |||||||
Parasoft C/C++test |
|
|
|
CERT_C-MSC11-a | Assert liberally to document internal assumptions and invariants |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...