CERT Rule | Related Guideline |
|---|---|
| EXP33-C. Do not read uninitialized memory | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-123, Write-what-where Condition CWE-125, Out-of-bounds Read CWE-665, Improper Initialization |
| EXP34-C. Do not dereference null pointers | CWE-476, NULL Pointer Dereference |
| EXP37-C. Call functions with the correct number and type of arguments | CWE-628, Function Call with Incorrectly Specified Arguments |
| EXP39-C. Do not access a variable through a pointer of an incompatible type | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-123, Write-what-where Condition CWE-125, Out-of-bounds Read |
| EXP45-C. Do not perform assignments in selection statements | CWE-480, Use of Incorrect Operator |
| EXP46-C. Do not use a bitwise operator with a Boolean-like operand | CWE-480, Use of incorrect operator |
| INT30-C. Ensure that unsigned integer operations do not wrap | CWE-190, Integer Overflow or Wraparound |
| INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | CWE-192, Integer Coercion Error CWE-197, Numeric Truncation Error CWE-681, Incorrect Conversion between Numeric Types |
| INT32-C. Ensure that operations on signed integers do not result in overflow | CWE-129, Improper Validation of Array Index CWE-190, Integer Overflow or Wraparound |
| INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors | CWE-369, Divide By Zero |
| INT35-C. Use correct integer precisions | CWE-190, Integer Overflow or Wraparound |
| INT36-C. Converting a pointer to integer or integer to pointer | CWE-466, Return of Pointer Value Outside of Expected Range CWE-587, Assignment of a Fixed Address to a Pointer |
| FLP32-C. Prevent or detect domain and range errors in math functions | CWE-682, Incorrect Calculation |
| FLP34-C. Ensure that floating-point conversions are within range of the new type | CWE-681, Incorrect Conversion between Numeric Types |
| ARR30-C. Do not form or use out-of-bounds pointers or array subscripts | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ARR36-C. Do not subtract or compare two pointers that do not refer to the same array | CWE-469, Use of Pointer Subtraction to Determine Size |
| ARR37-C. Do not add or subtract an integer to a pointer to a non-array object | CWE-469, Use of Pointer Subtraction to Determine Size |
| ARR38-C. Guarantee that library functions do not form invalid pointers | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ARR39-C. Do not add or subtract a scaled integer to a pointer | CWE 468, Incorrect Pointer Scaling |
| STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| STR34-C. Cast characters to unsigned char before converting to larger integer sizes | CWE-704, Incorrect Type Conversion or Cast |
| STR37-C. Arguments to character-handling functions must be representable as an unsigned char | CWE-704, Incorrect Type Conversion or Cast CWE-686, Function Call with Incorrect Argument Type |
| MEM30-C. Do not access freed memory | |
| MEM31-C. Free dynamically allocated memory when no longer needed | CWE-401, Improper Release of Memory Before Removing Last Reference ("Memory Leak") |
| MEM34-C. Only free memory allocated dynamically | CWE-590, Free of Memory Not on the Heap |
| MEM35-C. Allocate sufficient memory for an object | CWE-131, Incorrect Calculation of Buffer Size CWE-190, Integer Overflow or Wraparound CWE-467, Use of sizeof() on a Pointer Type |
| FIO30-C. Exclude user input from format strings | CWE-134, Uncontrolled Format String |
| FIO32-C. Do not perform operations on devices that are only appropriate for files | CWE-67, Improper Handling of Windows Device Names |
| FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-123, Write-what-where Condition CWE-125, Out-of-bounds Read CWE-241, Improper Handling of Unexpected Data Type |
| FIO42-C. Close files when they are no longer needed | CWE-404, Improper Resource Shutdown or Release |
| FIO47-C. Use valid format strings | CWE-686, Function Call with Incorrect Argument Type |
| ENV32-C. All exit handlers must return normally | CWE-705, Incorrect Control Flow Scoping |
| ENV33-C. Do not call system() | CWE-78, Improper Neutralization of Special Elements Used in an OS Command (aka "OS Command Injection") CWE-88, Argument Injection or Modification |
| SIG30-C. Call only asynchronous-safe functions within signal handlers | CWE-479, Signal Handler Use of a Non-reentrant Function |
| SIG31-C. Do not access shared objects in signal handlers | CWE-662, Improper Synchronization |
| SIG34-C. Do not call signal() from within interruptible signal handlers | CWE-479, Signal Handler Use of a Non-reentrant Function |
| ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure | CWE-456, Missing Initialization of a Variable |
| ERR33-C. Detect and handle standard library errors | CWE-252, Unchecked Return Value CWE-253, Incorrect Check of Function Return Value CWE-390, Detection of Error Condition without Action CWE-391, Unchecked Error Condition CWE-476, NULL Pointer Dereference |
| ERR34-C. Detect errors when converting a string to a number | CWE-676, Use of potentially dangerous function |
| CON31-C. Do not destroy a mutex while it is locked | CWE-667, Improper Locking |
| CON35-C. Avoid deadlock by locking in a predefined order | CWE-764, Multiple Locks of a Critical Resource |
| CON40-C. Do not refer to an atomic variable twice in an expression | CWE-366, Race Condition within a Thread |
| CON43-C. Do not allow data races in multithreaded code | CWE-366, Race condition within a thread |
| MSC30-C. Do not use the rand() function for generating pseudorandom numbers | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values CWE-331, Insufficient Entropy CWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| MSC32-C. Properly seed pseudorandom number generators | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values CWE-331, Insufficient Entropy CWE-338, Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) |
| POS30-C. Use the readlink() function properly | CWE-170, Improper null termination |
| POS33-C. Do not use vfork() | CWE-242, Use of inherently dangerous function |
| POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument | CWE-686, Function call with incorrect argument type CWE-562, Return of stack variable address |
| POS35-C. Avoid race conditions while checking for the existence of a symbolic link | CWE-363, Race condition enabling link following CWE-365, Race condition in switch |
| POS36-C. Observe correct revocation order while relinquishing privileges | CWE-250, Execution with unnecessary privileges CWE-696, Incorrect behavior order |
| POS37-C. Ensure that privilege relinquishment is successful | CWE-250, Execution with unnecessary privileges CWE-273, Failure to check whether privileges were dropped successfully |
| POS48-C. Do not unlock or destroy another POSIX thread's mutex | CWE-667, Insufficient locking |
| POS51-C. Avoid deadlock with POSIX threads by locking in predefined order | CWE-764, Multiple locks of critical resources |
| POS54-C. Detect and handle POSIX library errors | CWE-252, Unchecked return value CWE-253, Incorrect check of function return value CWE-390, Detection of error condition without action CWE-391, Unchecked error condition |
| API00-C. Functions should validate their parameters | CWE ID 20, Insufficient input validation |
| API04-C. Provide a consistent and usable error-checking mechanism | CWE-754, Improper check for unusual or exceptional conditions |
| ARR00-C. Understand how arrays work | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer |
| ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array | CWE-467, Use of sizeof() on a pointer type |
| ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer | CWE-665, Incorrect or incomplete initialization |
| CON06-C. Ensure that every mutex outlives the data it protects | CWE-667, Improper Locking |
| CON07-C. Ensure that compound operations on shared variables are atomic | CWE-366, Race condition within a thread |
| CON08-C. Do not assume that a group of calls to independently atomic methods is atomic | CWE-362, Concurrent execution using shared resource with improper synchronization ("race condition") |
| DCL06-C. Use meaningful symbolic constants to represent literal values | CWE-547, Use of hard-coded, security-relevant constants |
| DCL10-C. Maintain the contract between the writer and caller of variadic functions | CWE-628, Function call with incorrectly specified arguments |
| ENV01-C. Do not make assumptions about the size of an environment variable | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-123, Write-what-where Condition CWE-125, Out-of-bounds Read |
| ENV02-C. Beware of multiple environment variables with the same effective name | CWE-462, Duplicate key in associative list (Alist) CWE-807, Reliance on untrusted inputs in a security decision |
| ENV03-C. Sanitize the environment when invoking external programs | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") CWE-88, Argument injection or modification CWE-426, Untrusted search path CWE-471, Modification of Assumed-Immutable Data (MAID) CWE-807, Reliance on intrusted inputs in a security decision |
| ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy | CWE-391, Unchecked error condition CWE-544, Missing standardized error handling mechanism |
| ERR04-C. Choose an appropriate termination strategy | CWE-705, Incorrect control flow scoping |
| ERR07-C. Prefer functions that support error checking over equivalent functions that don't | CWE-20, Improper Input Validation CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-91, XML Injection (aka Blind XPath Injection) CWE-94, Improper Control of Generation of Code ('Code Injection') CWE-114, Process Control CWE-601, URL Redirection to Untrusted Site ('Open Redirect') CWE-676, Use of potentially dangerous function |
| EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators | CWE-768, Incorrect short circuit evaluation |
| EXP05-C. Do not cast away a const qualification | CWE-704, Incorrect type conversion or cast |
| EXP08-C. Ensure pointer arithmetic is used correctly | CWE-468, Incorrect pointer scaling |
| EXP09-C. Use sizeof to determine the size of a type or variable | CWE 805, Buffer access with incorrect length value |
| EXP12-C. Do not ignore values returned by functions | CWE-754, Improper check for unusual or exceptional conditions |
| EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement | CWE-480, Use of incorrect operator |
| EXP16-C. Do not compare function pointers to constant values | CWE-480, Use of incorrect operator CWE-482, Comparing instead of assigning |
| FIO01-C. Be careful using functions that use file names for identification | CWE-73, External control of file name or path CWE-367, Time-of-check, time-of-use race condition CWE-676, Use of potentially dangerous function |
| FIO02-C. Canonicalize path names originating from tainted sources | CWE-22, Path traversal |
| FIO05-C. Identify files using multiple file attributes | CWE-37, Path issue—Slash absolute path CWE-38, Path Issue—Backslash absolute path CWE-39, Path Issue—Drive letter or Windows volume CWE-62, UNIX hard link CWE-64, Windows shortcut following (.LNK) CWE-65, Windows hard link |
| FIO06-C. Create files with appropriate access permissions | CWE-276, Insecure default permissions CWE-279, Insecure execution-assigned permissions CWE-732, Incorrect permission assignment for critical resource |
| FIO15-C. Ensure that file operations are performed in a secure directory | CWE-379, Creation of temporary file in directory with insecure permissions CWE-552, Files or directories accessible to external parties |
| FIO21-C. Do not create temporary files in shared directories | CWE-379, Creation of temporary file in directory with insecure permissions |
| FIO22-C. Close files before spawning processes | CWE-403, UNIX file descriptor leak CWE-404, Improper resource shutdown or release CWE-770, Allocation of resources without limits or throttling |
| FIO24-C. Do not open a file that is already open | CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") CWE-675, Duplicate Operations on Resource |
| FLP03-C. Detect and handle floating-point errors | CWE-369, Divide by zero |
| FLP06-C. Convert integers to floating point for floating-point operations | CWE-681, Incorrect conversion between numeric types CWE-682, Incorrect calculation |
| INT02-C. Understand integer conversion rules | CWE-192, Integer coercion error CWE-197, Numeric truncation error |
| INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs | CWE-192, Integer coercion error CWE-197, Numeric truncation error |
| INT07-C. Use only explicitly signed or unsigned char type for numeric values | CWE-682, Incorrect calculation |
| INT10-C. Do not assume a positive remainder when using the % operator | CWE-682, Incorrect calculation CWE-129, Unchecked array indexing |
| INT13-C. Use bitwise operators only on unsigned operands | CWE-682, Incorrect calculation |
| INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types | CWE-681, Incorrect conversion between numeric types |
| INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size | CWE-681, Incorrect conversion between numeric types CWE-190, Integer overflow (wrap or wraparound) |
| MEM00-C. Allocate and free memory in the same module, at the same level of abstraction | CWE-415, Double free CWE-416, Use after free |
| MEM01-C. Store a new value in pointers immediately after free() | CWE-415, Double free CWE-416, Use after free |
| MEM03-C. Clear sensitive information stored in reusable resources | CWE-226, Sensitive information uncleared before release CWE-244, Failure to clear heap memory before release ("heap inspection") |
| MEM04-C. Beware of zero-length allocations | CWE-687, Function call with incorrectly specified argument value |
| MEM06-C. Ensure that sensitive data is not written out to disk | CWE-591, Sensitive data storage in improperly locked memory CWE-528, Information leak through core dump files |
| MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap | CWE-190, Integer overflow (wrap or wraparound) CWE-128, Wrap-around error |
| MEM10-C. Define and use a pointer validation function | CWE-20, Improper Input Validation |
| MEM11-C. Do not assume infinite heap space | CWE-770, Allocation of resources without limits or throttling |
| MSC00-C. Compile cleanly at high warning levels | CWE-563, Unused variable CWE-570, Expression is always false CWE-571, Expression is always true |
| MSC06-C. Beware of compiler optimizations | CWE-14, Compiler removal of code to clear buffers |
| MSC07-C. Detect and remove dead code | CWE-561, Dead code |
| MSC09-C. Character encoding: Use subset of ASCII for safety | CWE-116, Improper encoding or escaping of output |
| MSC10-C. Character encoding: UTF8-related issues | CWE-176, Failure to handle Unicode encoding CWE-116, Improper encoding or escaping of output |
| MSC11-C. Incorporate diagnostic tests using assertions | CWE-190, Reachable assertion |
| MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | CWE-259, Use of Hard-coded Password CWE-261, Weak Cryptography for Passwords CWE-311, Missing encryption of sensitive data CWE-319, Cleartext Transmission of Sensitive Information CWE-321, Use of Hard-coded Cryptographic Key CWE-326, Inadequate encryption strength CWE-798, Use of hard-coded credentials |
| MSC24-C. Do not use deprecated or obsolescent functions | CWE-20, Insufficient input validation |
| POS01-C. Check for the existence of links when dealing with files | CWE-59, Failure to resolve links before file access (aka "link following") CWE-362, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-367, Time-of-check, time-of-use (TOCTOU) race condition |
| POS02-C. Follow the principle of least privilege | CWE-250, Execution with unnecessary privileges CWE-272, Least privilege violation |
| PRE09-C. Do not replace secure functions with deprecated or obsolescent functions | CWE-684, Failure to provide specified functionality |
| SIG00-C. Mask signals handled by noninterruptible signal handlers | CWE-662, Insufficient synchronization |
| STR02-C. Sanitize data passed to complex subsystems | CWE-88, Argument injection or modification CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
| STR03-C. Do not inadvertently truncate a string | CWE-170, Improper null termination CWE-464, Addition of data structure sentinel |
| STR06-C. Do not assume that strtok() leaves the parse string unchanged | CWE-464, Addition of data structure sentinel |
| WIN02-C. Restrict privileges when spawning child processes | CWE-250, Execution with unnecessary privileges CWE-272, Least privilege violation |
| WIN04-C. Consider encrypting function pointers | CWE-311, Missing encryption of sensitive data CWE-319, Cleartext Transmission of Sensitive Information |