CERT Secure Coding

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 11

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The SEI CERT Coding Standards wiki documents which analysis tools detect violations of which rules/recs. To edit or add to this information, follow these guidelines.

Adding a Tool Page

The You should create an empty page for the tool of interest should have a page created under the "Analyzers" section of the backmatter, if one in each appropriate language space, if such a page does not already exist. Here is the list of "Analyzers" pages for each space.

SpaceAnalyzers Page
CEE. Analyzers
C++CC. Analyzers
Java

Rule or Rec. CC. Analyzers

PerlBB. Analyzers

The page should be titled with the name of the analysis tool.  The page will be automatically populated with the information that you provide on individual rule/rec pages. You do not need to add any content to it.

Additionally, a "version" page should be created alongside the tool page.  This paged is title "ToolName_V", should be populated with the version number of the tool. For example, GCC_V documents the version of the GCC compiler. This version page is not automatically generated. You are responsible for entering the version information into this page.

Editing Automated Detection Tables

Each rule/rec page has an "Automated Detection" (AD) section, describing which tools can detect violations of the rule/rec. This section contains a table.   Each row of the table contains information for a specific version of a tool. A row in the AD table has the following format.

...

Each tool wiki page is periodically (approximately weekly) updated with the aggregated data from these individual tables. This aggregation process is automatic (though not immediate). In order for the process to pick up your changes, you should adhere to certain guidelines when entering data into the AD tables.

  1. The Tool column

...

  1. should contain the name of the tool, hyperlinked to the corresponding tool wiki page. 
    1. The easiest way to populate this field is with the Link macro in Confluence. Simply insert a Link macro and point it towards the appropriate tool page.
  2. The Version column contains the version of the tool to which this information pertains.
    1. The easiest way to populate this field is with the "Include Page" macro in Confluence. You should include the version page associated with the tool into this cell.
  3. Each checker name should be provided on a separate line in the Checker column.
  4. Each checker description should be provided on a separate line in the Description column, adjacent to the associated checker.