SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 26

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider $version (sch jbop) (X_X)@==(Q_Q)@

Abstract data types are not restricted to object-oriented languages like C++ and Java and should be created and used in C language programs as well. Abstract data types are most effective when used with private (opaque) data types and information hiding.

...

Noncompliant Code Example

Wiki Markup
This non-compliantnoncompliant code example is based on the managed string library developed by CERT \[[Burch 06|AA. C References#Seacord 06]\].  In this example, the managed string type, and functions that operate on this type, are defined in the {{string_m.h}} header file as follows:

...

The implementation of the string_m type is fully visible to the user of the data type after including the string_m.h file. Programmers are consequently more likely to directly manipulate the fields within the structure, violating the software engineering principles of information hiding and data encapsulation and increasing the probability of developing incorrect or non-portable code.

Compliant Solution

This compliant solution reimplements the string_m type as a private type, hiding the implementation of the data type from the user of the managed string library. To accomplish this, the developer of the private data type creates two include files: an external "string_m.h" include file that is included by the user of the data type and an internal file that is only included in files that implement the managed string abstract data type.

...

Modules that implement the abstract data type include both the external and internal definitions, while users of the data abstraction include only the external string_m.h file. This allows the implementation of the string_m to remain private.

Risk Assessment

The use of opaque abstract data types, while not essential to secure programming, can significantly reduce the number of defects and vulnerabilities introduced in code, particularly during ongoing maintenance.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL12-A C

low

unlikely

high

P1

L3

Automated Detection

The LDRA tool suite V 7.6.0 is able to can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Burch 06|AA. C References#Seacord 06]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.5, "Types"

...

DCL11-C. Ensure type consistency when using variadic functions      02. Declarations and Initialization (DCL)       DCL13-A. Declare function parameters that are pointers to values not changed by the function as const Image Added