SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Amy Gale

Saved on

compared with

New Version 57

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.*

(customization)

A number of CodeSonar's "Use of *" checks are for deprecated/obsolescent functions

;

.

CodeSonar also provides a mechanism for users to create custom checks for uses of specified functions.

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC34

Fully implemented

...

CERT C Secure Coding Standard

ERR07-C. Prefer functions that support error checking over equivalent functions that don't
INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
INT06-C. Use strtol() or a related function to convert a string token to an integer
STR06-C. Do not assume that strtok() leaves the parse string unchanged
STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code

ISO/IEC TR 24772 Use of Libraries [TRJ]
MISRA C:2012Rule 21.3 (required)
MITRE CWECWE-20, Insufficient input validation
CWE-73, External control of file name or path
CWE-192, Integer coercion error
CWE-197, Numeric truncation error
CWE-367, Time-of-check, time-of-use race condition
CWE-464, Addition of data structure sentinel
CWE-676, Use of potentially dangerous function

...