SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

HARDCODED.AUTH

HARDCODED.KEY

HARDCODED.SALT

MISC.PWD.PLAIN

MISC.PWD.PLAINTRAN

Hardcoded Authentication

Hardcoded Crypto Key

Hardcoded Crypto Salt

Plaintext Storage of Password

Plaintext Transmission of Password

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Partially supported: reports functions that read passwords from the user or that take a password as an argument instead of prompting the user as well as insecure password erasure

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MSC18-C


Checks for:

  • Constant or predictable block cipher initialization vector
  • Constant or predictable cipher key
  • Sensitive heap memory not cleared before release
  • Uncleared sensitive data in stack
  • Unsafe standard encryption function

Rec. partially covered.

...

CERT Oracle Secure Coding Standard for JavaMSC03-J. Never hard code sensitive information
cCERT C Secure Coding StandardMSC41-C. Never hard code sensitive information
MITRE CWECWE-259, Use of Hard-coded Password
CWE-261, Weak Cryptography for Passwords
CWE-311, Missing encryption of sensitive data
CWE-319, Cleartext Transmission of Sensitive Information
CWE-321, Use of Hard-coded Cryptographic Key
CWE-326, Inadequate encryption strength
CWE-798, Use of hard-coded credentials

...