Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Generated Content
Info
title
Note

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

...

was automatically generated and should not be edited.

Note

The information on this page was provided by outside contributors and has not been verified by SEI CERT.

Tip

The table below can be re-ordered, by clicking column headers.

...

Include Page
Rose_V
Rose_V

Checker

Guideline

MEM50-CPP. Do not access freed memory
MEM52-CPP. Detect and handle memory allocation errors
MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializerDCL01-CPP. Do not reuse variable names in subscopesDCL02-CPP. Use visually distinct identifiersENV00-CPP. Beware of multiple environment variables with the same effective nameENV02-CPP. Do not call system() if you do not need a command processorEXP01-CPP. Do not take the size of a pointer to determine the size of the pointed-to typeEXP12-CPP. Do not ignore values returned by functions or methodsFIO07-CPP. Prefer fseek() to rewind()FIO12-CPP. Prefer setvbuf() to setbuf()INT09-CPP. Ensure enumeration constants map to unique valuesINT11-CPP. Take care when converting from pointer to integer or integer to pointerINT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expressionMEM01-CPP. Store a valid value in pointers immediately after deallocationMSC18-CPP. Finish every set of statements associated with a case label with a break statementMSC21-CPP. Use inequality to terminate a loop whose counter changes by more than oneSTR08-CPP. Do not specify the bound of a character array initialized with a string literal
All calls to strncpy() and the other functions should be follwed by an assignment of a terminating character to null-terminate the string.STR03-CPP. Do not inadvertently truncate a null-terminated character array
Any assignment operation where the type of the assigned-to value is float or double, but all the expressions to the right of the assignment are integral is a violation of this rule.FLP05-CPP. Convert integers to floating point for floating point operations
Can detect simple violations of this rule. It needs to examine each expression and make sure that no variable is modified twice in the expression. It also must check that no variable is modified once, then read elsewhere, with the single exception that a variable may appear on both the left and right of an assignment operator EXP50-CPP. Do not depend on the order of evaluation for side effects
Can detect some violations of this recommendation when checking EXP56-CPP. Do not cast pointers into more strictly aligned pointer types.MEM02-CPP. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
Can detect violations of this recommendation while checking for violations of DCL00-CPP. Const-qualify immutable objects.DCL13-CPP. Declare function parameters that are pointers to values not changed by the function as const
Can detect violations of this recommendation.EXP15-CPP. Beware of integer promotion when performing bitwise operations on chars or shorts
Can detect violations of this recommendation.MSC05-CPP. Do not manipulate time_t typed values directly
Can detect violations of this recommendation.STR04-CPP. Use plain char for characters in the basic character set
Can detect violations of this recommendation. In particular, it flags any instance of a variable of type char (without a signed or unsigned qualifier) that appears in an arithmetic expression.INT07-CPP. Use only explicitly signed or unsigned char type for numeric values
Can detect violations of this recommendation. In particular, it looks for the size argument malloc(), calloc(), or realloc(), and flags when it does not find a sizeof operator in the argument expression. It does not flag if the return value is assigned to a char *, in this case a string is being allocated, and sizeof is unnecessary because sizeof(char) == 1.EXP09-CPP. Use sizeof to determine the size of a type or variable
Can detect violations of this rule. In particular, it flags bitwise operations that involved variables not declared with unsigned type.INT13-CPP. Use bitwise operators only on unsigned operands
Could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an if or while statement.EXP19-CPP. Do not perform assignments in conditional expressions
Could detect violations of this recommendation merely by searching for the use of "magic numbers" and magic strings in the code itself. That is, any number (besides a few canonical numbers: −1, 0, 1, 2) that appears in the code anywhere besides being assigned to a variable is a magic number and should instead be assigned to a const integer, enum, or macro. Likewise, any string literal (except "" and individual characters) that appears in the code anywhere besides being assigned to a char* or char[] is a magic string.DCL06-CPP. Use meaningful symbolic constants to represent literal values in program logic
ImplementedCTR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an array
Specifically, Rose reports use of tmpnam(), tmpnam_s(), tmpfile(), and mktemp()FIO19-CPP. Do not create temporary files in shared directories
an detect violations of this recommendation. In particular it flags statements that do not contain function calls or operations with side effects such as assignment. It also checks for if, do, while, or for statements with an empty bodyMSC03-CPP. Avoid errors of addition
can detect violations of this recommendation by flagging invocations of the following functions:atoi()scanf(), fscanf(), sscanf()INT06-CPP. Use strtol() or a related function to convert a string token to an integer
can detect violations of this recommendation when checking for violations of EXP12-CPP. Do not ignore values returned by functions or methods.FIO04-CPP. Detect and handle input and output errors
can detect violations of this recommendation.MEM07-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t
can detect violations of this recommendation. In particular, it catches comparisons and operations where one operand if of type size_t or rsize_t and the other is not.INT01-CPP. Use rsize_t or size_t for all integer values representing the size of an object
can detect violations of this recommendation. In particular, it notes uses of the scanf() family of functions where on the type specifier is a floating point or integer type.INT05-CPP. Do not use input functions to convert character data if they cannot handle all possible inputs
can detect violations of this rule. It should look for patterns of (a op1 b) op2 c where:c has a bigger type than a or bNeither a nor b are typecast to c's typeop2 is assignment or comparison.INT18-CPP. Evaluate integer expressions in a larger size before comparing or assigning to that size
checks to see if the arguments to an equality operator are of a floating point typeFLP02-CPP. Avoid using floating point numbers when precise computation is needed
could catch violations of this rule by enforcing that any call to open() or fopen() is preceded by a canonicalization routine...that is, a call to realpath() or canonicalize_file_name(). This will catch some false positives, as ROSE can not tell when canonicalization is warranted. One could reduce (but not eliminate) false positives by only reporting instances of fopen() or open() where the filename string has some other processing done to it. This reflects the fact that canonicalization is only necessary for doing verification based on the file name string.FIO02-CPP. Canonicalize path names originating from untrusted sources
could detect possible violations by flagging any signal handler that calls signal() to (re)assert itself as the handler for its signal.SIG01-CPP. Understand implementation-specific details regarding signal handler persistence
could detect possible violations by reporting any function that has malloc() or free() but not both. This would catch some false positives, as there would be no way to tell if malloc() and free() are 'at the same level of abstraction' if they are in different functions. Likewise, it could accept malloc() in a constructor and free() in a destructor.MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction
could detect possible violations of this recommendation by reporting expressions with side effects, including function calls, that appear on the right-hand-side of an && or || operator.EXP02-CPP. Be aware of the short-circuit behavior of the logical AND and OR operators
could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an if or while statement. To identify the geteuid example, ROSE should search for:any 'address of function' expression, where the address is implicit (eg the function is not preceded by &).The function expression is used in any expression EXCEPT:as an argument to another function (signal() for instance)as an assignment to a function pointerMSC02-CPP. Avoid errors of omission
could detect violations of this rule merely by reporting functions that call abort(), exit(), or _Exit() inside an if or switch statement. This would also catch many false positives, as ROSE could not distinguish a library function from an application function.ERR05-CPP. Application-independent code should provide error detection without dictating error handling
could detect violations of this rule, by ensuring that floating point operations are surrounded by feclearexcept() and fetestexcept(). It would need to look for type conversions to float or double, divisions (by a number not known to be nonzero) and multiplication. It may be wisest to apply this to all floating point operations in general.FLP03-CPP. Detect and handle floating point errors
warns when chown(), stat(), or chmod() are called on an open file.FIO01-CPP. Be careful using functions that use file names for identification

...