Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Understanding how to represent characters and character strings can eliminate many common programming errors that lead to software vulnerabilities.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

STR00-C

Medium

Probable

Low

P12

L1

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
MISC.NEGCHARNegative Character Value
LDRA tool suite
Include Page
LDRA_V
LDRA_V
329 S, 432 SFully implemented
Parasoft C/C++test
9.5MISRA2004-6_1
Include Page
Parasoft_V
Parasoft_V
CERT_C-STR00-a

The plain char type shall be used only for the storage and use of character values

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V

Supported indirectly via MISRA C:2004 rule 6.1 and MISRA C:2012 rule 10.1.
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S810
Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[ISO/IEC 9899:2011]Subclause 6.2.6, "Representations of Types"
[Seacord 2013]Chapter 2, "Strings"

...


...

Image Modified Image Modified Image Modified