...
Checker | Guideline |
|---|---|
| MEM50-CPP. Do not access freed memory | |
| MEM52-CPP. Detect and handle memory allocation errors | |
| MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers | |
| CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer | |
| DCL01-CPP. Do not reuse variable names in subscopes | |
| DCL02-CPP. Use visually distinct identifiers | |
| ENV00-CPP. Beware of multiple environment variables with the same effective name | |
| ENV02-CPP. Do not call system() if you do not need a command processor | |
| EXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to type | |
| EXP12-CPP. Do not ignore values returned by functions or methods | |
| FIO07-CPP. Prefer fseek() to rewind() | |
| FIO12-CPP. Prefer setvbuf() to setbuf() | |
| INT09-CPP. Ensure enumeration constants map to unique values | |
| INT11-CPP. Take care when converting from pointer to integer or integer to pointer | |
| INT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expression | |
| MEM01-CPP. Store a valid value in pointers immediately after deallocation | |
| MSC18-CPP. Finish every set of statements associated with a case label with a break statement | |
| MSC21-CPP. Use inequality to terminate a loop whose counter changes by more than one | |
| STR08-CPP. Do not specify the bound of a character array initialized with a string literal | |
| All calls to strncpy() and the other functions should be follwed by an assignment of a terminating character to null-terminate the string. | STR03-CPP. Do not inadvertently truncate a null-terminated character array |
| Any assignment operation where the type of the assigned-to value is float or double, but all the expressions to the right of the assignment are integral is a violation of this rule. | FLP05-CPP. Convert integers to floating point for floating point operations |
| Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator | EXP50-CPP. Do not depend on the order of evaluation for side effects |
| Can detect some violations of this recommendation when checking EXP56-CPP. Do not cast pointers into more strictly aligned pointer types. | MEM02-CPP. Immediately cast the result of a memory allocation function call into a pointer to the allocated type |
| Can detect violations of this recommendation while checking for violations of DCL00-CPP. Const-qualify immutable objects. | DCL13-CPP. Declare function parameters that are pointers to values not changed by the function as const |
| Can detect violations of this recommendation. | EXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts |
| Can detect violations of this recommendation. | MSC05-CPP. Do not manipulate time_t typed values directly |
| Can detect violations of this recommendation. | STR04-CPP. Use plain char for characters in the basic character set |
| Can detect violations of this recommendation. In particular, it flags any instance of a variable of type char (without a signed or unsigned qualifier) that appears in an arithmetic expression. | INT07-CPP. Use only explicitly signed or unsigned char type for numeric values |
| Can detect violations of this recommendation. In particular, it looks for the size argument malloc(), calloc(), or realloc(), and flags when it does not find a sizeof operator in the argument expression. It does not flag if the return value is assigned to a char *, in this case a string is being allocated, and sizeof is unnecessary because sizeof(char) == 1. | EXP09-CPP. Use sizeof to determine the size of a type or variable |
| Can detect violations of this rule. In particular, it flags bitwise operations that involved variables not declared with unsigned type. | INT13-CPP. Use bitwise operators only on unsigned operands |
| Could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an if or while statement. | EXP19-CPP. Do not perform assignments in conditional expressions |
| Could detect violations of this recommendation merely by searching for the use of "magic numbers" and magic strings in the code itself. That is, any number (besides a few canonical numbers: −1, 0, 1, 2) that appears in the code anywhere besides being assigned to a variable is a magic number and should instead be assigned to a const integer, enum, or macro. Likewise, any string literal (except "" and individual characters) that appears in the code anywhere besides being assigned to a char* or char[] is a magic string. | DCL06-CPP. Use meaningful symbolic constants to represent literal values in program logic |
| Implemented | CTR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an array |
| Specifically, Rose reports use of tmpnam(), tmpnam_s(), tmpfile(), and mktemp() | FIO19-CPP. Do not create temporary files in shared directories |
| an detect violations of this recommendation. In particular it flags statements that do not contain function calls or operations with side effects such as assignment. It also checks for if, do, while, or for statements with an empty body | MSC03-CPP. Avoid errors of addition |
| can detect violations of this recommendation by flagging invocations of the following functions:atoi()scanf(), fscanf(), sscanf() | INT06-CPP. Use strtol() or a related function to convert a string token to an integer |
| can detect violations of this recommendation when checking for violations of EXP12-CPP. Do not ignore values returned by functions or methods. | FIO04-CPP. Detect and handle input and output errors |
| can detect violations of this recommendation. | MEM07-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t |
| can detect violations of this recommendation. In particular, it catches comparisons and operations where one operand if of type size_t or rsize_t and the other is not. | INT01-CPP. Use rsize_t or size_t for all integer values representing the size of an object |
| can detect violations of this recommendation. In particular, it notes uses of the scanf() family of functions where on the type specifier is a floating point or integer type. | INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs |
| can detect violations of this rule. It should look for patterns of (a op1 b) op2 c where:c has a bigger type than a or bNeither a nor b are typecast to c's typeop2 is assignment or comparison. | INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size |
| checks to see if the arguments to an equality operator are of a floating point type | FLP02-CPP. Avoid using floating point numbers when precise computation is needed |
| could catch violations of this rule by enforcing that any call to open() or fopen() is preceded by a canonicalization routine...that is, a call to realpath() or canonicalize_file_name(). This will catch some false positives, as ROSE can not tell when canonicalization is warranted. One could reduce (but not eliminate) false positives by only reporting instances of fopen() or open() where the filename string has some other processing done to it. This reflects the fact that canonicalization is only necessary for doing verification based on the file name string. | FIO02-CPP. Canonicalize path names originating from untrusted sources |
| could detect possible violations by flagging any signal handler that calls signal() to (re)assert itself as the handler for its signal. | SIG01-CPP. Understand implementation-specific details regarding signal handler persistence |
| could detect possible violations by reporting any function that has malloc() or free() but not both. This would catch some false positives, as there would be no way to tell if malloc() and free() are 'at the same level of abstraction' if they are in different functions. Likewise, it could accept malloc() in a constructor and free() in a destructor. | MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction |
| could detect possible violations of this recommendation by reporting expressions with side effects, including function calls, that appear on the right-hand-side of an && or || operator. | EXP02-CPP. Be aware of the short-circuit behavior of the logical AND and OR operators |
| could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an if or while statement. To identify the geteuid example, ROSE should search for:any 'address of function' expression, where the address is implicit (eg the function is not preceded by &).The function expression is used in any expression EXCEPT:as an argument to another function (signal() for instance)as an assignment to a function pointer | MSC02-CPP. Avoid errors of omission |
| could detect violations of this rule merely by reporting functions that call abort(), exit(), or _Exit() inside an if or switch statement. This would also catch many false positives, as ROSE could not distinguish a library function from an application function. | ERR05-CPP. Application-independent code should provide error detection without dictating error handling |
| could detect violations of this rule, by ensuring that floating point operations are surrounded by feclearexcept() and fetestexcept(). It would need to look for type conversions to float or double, divisions (by a number not known to be nonzero) and multiplication. It may be wisest to apply this to all floating point operations in general. | FLP03-CPP. Detect and handle floating point errors |
| warns when chown(), stat(), or chmod() are called on an open file. | FIO01-CPP. Be careful using functions that use file names for identification |
...