Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Version number:

Checker

Guideline

(custom)CON00-CPP. Avoid assuming functions are thread safe unless otherwise specified
(customization)FIO06-CPP. Create files with appropriate access permissions
(customization)INT06-CPP. Use strtol() or a related function to convert a string token to an integer
(general)INT04-CPP. Enforce limits on integer values originating from untrusted sources
ALLOC.LEAKFIO51-CPP. Close files when they are no longer needed
ALLOC.LEAKERR57-CPP. Do not leak resources when handling exceptions
ALLOC.LEAKMEM12-CPP. Do not assume infinite heap space
ALLOC.SIZE.ADDOFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.IOFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.MULOFLOWMEM07-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t
ALLOC.SIZE.SUBUFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.SIZE.TRUNCINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
ALLOC.UAFEXP54-CPP. Do not access an object outside of its lifetime
ALLOC.UAFMEM50-CPP. Do not access freed memory
BADFUNC.ATOFINT06-CPP. Use strtol() or a related function to convert a string token to an integer
BADFUNC.ATOIINT06-CPP. Use strtol() or a related function to convert a string token to an integer
BADFUNC.ATOLINT06-CPP. Use strtol() or a related function to convert a string token to an integer
BADFUNC.ATOLLINT06-CPP. Use strtol() or a related function to convert a string token to an integer
BADFUNC.LONGJMPERR52-CPP. Do not use setjmp() or longjmp()
BADFUNC.MEMSETMSC06-CPP. Be aware of compiler optimization when dealing with sensitive data
BADFUNC.PATH.SYSTEMENV02-CPP. Do not call system() if you do not need a command processor
BADFUNC.RANDOM.RANDMSC50-CPP. Do not use std::rand() for generating pseudorandom numbers
BADFUNC.RANDOM.RANDCON00-CPP. Avoid assuming functions are thread safe unless otherwise specified
BADFUNC.SETJMPERR52-CPP. Do not use setjmp() or longjmp()
BADFUNC.SIGNALSIG02-CPP. Avoid using signals to implement normal functionality
BADFUNC.STDIO_HFIO17-CPP. Prefer streams to C-style input and output
BADFUNC.TEMP.*FIO01-CPP. Be careful using functions that use file names for identification
BADFUNC.TEMP.*FIO19-CPP. Do not create temporary files in shared directories
BADFUNC.TTYNAMECON00-CPP. Avoid assuming functions are thread safe unless otherwise specified
BADFUNC.WCHAR_HFIO17-CPP. Prefer streams to C-style input and output
BUILD.WALLMSC00-CPP. Compile cleanly at high warning levels
CONCURRENCY.LOCK.ORDERCON53-CPP. Avoid deadlock by locking in a predefined order
IO.INJ.COMMANDSTR02-CPP. Sanitize data passed to complex subsystems
IO.INJ.FMTFIO00-CPP. Take care when creating format strings
IO.INJ.FMTSTR02-CPP. Sanitize data passed to complex subsystems
IO.INJ.LDAPSTR02-CPP. Sanitize data passed to complex subsystems
IO.INJ.LIBSTR02-CPP. Sanitize data passed to complex subsystems
IO.INJ.SQLSTR02-CPP. Sanitize data passed to complex subsystems
IO.RACEFIO01-CPP. Be careful using functions that use file names for identification
IO.TAINT.ADDRINT04-CPP. Enforce limits on integer values originating from untrusted sources
IO.TAINT.FNAMEFIO01-CPP. Be careful using functions that use file names for identification
IO.TAINT.FNAMEFIO02-CPP. Canonicalize path names originating from untrusted sources
IO.TAINT.SIZEINT04-CPP. Enforce limits on integer values originating from untrusted sources
IO.UACEXP54-CPP. Do not access an object outside of its lifetime
LANG.CAST.COERCEINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.CAST.PC.AVEXP16-CPP. Avoid conversions using void pointers
LANG.CAST.PC.AVINT11-CPP. Take care when converting from pointer to integer or integer to pointer
LANG.CAST.PC.INCEXP57-CPP. Do not cast or delete pointers to incomplete classes
LANG.CAST.PC.INTINT11-CPP. Take care when converting from pointer to integer or integer to pointer
LANG.CAST.PC.PVEXP16-CPP. Avoid conversions using void pointers
LANG.CAST.RIPEXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts
LANG.CAST.VALUEINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.FUNCS.IRVERR10-CPP. Check for error conditions
LANG.FUNCS.IRVEXP12-CPP. Do not ignore values returned by functions or methods
LANG.ID.AMBIGDCL02-CPP. Use visually distinct identifiers
LANG.ID.ND.NESTDCL01-CPP. Do not reuse variable names in subscopes
LANG.ID.NU.MKDCL51-CPP. Do not declare or define a reserved identifier
LANG.MEM.BOCTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.MEM.BOSTR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.BUCTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.MEM.TABINT04-CPP. Enforce limits on integer values originating from untrusted sources
LANG.MEM.TBACTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.MEM.TOCTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.MEM.TOSTR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
LANG.MEM.TUCTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.MEM.UVAREXP53-CPP. Do not read uninitialized memory
LANG.MEM.UVARMEM09-CPP. Do not assume memory allocation routines initialize memory
LANG.PREPROC.MACROENDPRE02-CPP. Macro replacement lists should be parenthesized
LANG.PREPROC.MACROENDPRE11-CPP. Do not conclude macro definitions with a semicolon
LANG.PREPROC.MACROSTARTPRE02-CPP. Macro replacement lists should be parenthesized
LANG.STRUCT.CONDASSIGEXP19-CPP. Do not perform assignments in conditional expressions
LANG.STRUCT.DECL.FAMCTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer
LANG.STRUCT.DECL.MLDCL04-CPP. Do not declare more than one variable per declaration
LANG.STRUCT.DEF.FDHMSC52-CPP. Obey the one-definition rule
LANG.STRUCT.DEF.ODHMSC52-CPP. Obey the one-definition rule
LANG.STRUCT.EBSMSC12-CPP. Detect and remove code that has no effect
LANG.STRUCT.INIT.ENUMINT09-CPP. Ensure enumeration constants map to unique values
LANG.STRUCT.MRSMSC54-CPP. Value-returning functions must return a value from all exit paths
LANG.STRUCT.PBBCTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.STRUCT.PPECTR50-CPP. Guarantee that container indices and iterators are within the valid range
LANG.STRUCT.RCMSC07-CPP. Detect and remove dead code
LANG.STRUCT.RCMSC12-CPP. Detect and remove code that has no effect
LANG.STRUCT.RPLEXP53-CPP. Do not read uninitialized memory
LANG.STRUCT.SCOPE.FILEDCL07-CPP. Minimize the scope of variables and methods
LANG.STRUCT.SCOPE.LOCALDCL07-CPP. Minimize the scope of variables and methods
LANG.STRUCT.SE.CONDEXP19-CPP. Do not perform assignments in conditional expressions
LANG.STRUCT.SW.MBMSC18-CPP. Finish every set of statements associated with a case label with a break statement
LANG.STRUCT.UAMSC12-CPP. Detect and remove code that has no effect
LANG.STRUCT.UCMSC07-CPP. Detect and remove dead code
LANG.STRUCT.UCMSC12-CPP. Detect and remove code that has no effect
LANG.STRUCT.UPDMSC08-CPP. Functions should validate their parameters
LANG.STRUCT.UUVALMSC13-CPP. Detect and remove unused values
LANG.TYPE.AWIDINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
LANG.TYPE.BASICINT01-CPP. Use rsize_t or size_t for all integer values representing the size of an object
LANG.TYPE.BFSIGNINT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expression
LANG.TYPE.CSUFDCL16-CPP. Use "L," not "l," to indicate a long value
LANG.TYPE.IOTINT07-CPP. Use only explicitly signed or unsigned char type for numeric values
LANG.TYPE.IOTINT13-CPP. Use bitwise operators only on unsigned operands
LANG.TYPE.MOTFLP05-CPP. Convert integers to floating point for floating point operations
LANG.TYPE.NCSSTR05-CPP. Use pointers to const when referring to string literals
LANG.TYPE.OWIDINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.FMTFIO00-CPP. Take care when creating format strings
MISC.MEM.NTERMSTR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
MISC.MEM.NTERMSTR03-CPP. Do not inadvertently truncate a null-terminated character array
MISC.MEM.SIZE.ADDOFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.BADINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.MULOFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.SUBUFLOWINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.MEM.SIZE.TRUNCINT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
MISC.NEGCHARINT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs
MISC.NEGCHARSTR00-CPP. Represent characters using an appropriate type
MISC.NOEFFECTMSC12-CPP. Detect and remove code that has no effect

>