cp-mapping

C checkers	CERT C Secure Coding Standard
BAD_COMPARE	MSC02-A. Avoid errors of omission
BAD_FREE	MEM34-C. Only free memory allocated dynamically
CHAR_IO	FIO34-C. Use int to capture the return value of character IO functions
CHECKED_RETURN	FIO33-C. Detect and handle input output errors resulting in undefined behavior
DEADCODE	MSC07-A. Detect and remove dead code
FORWARD_NULL	EXP34-C. Ensure a null pointer is not dereferenced
MISSING_RETURN	MSC02-A. Avoid errors of omission
NEGATIVE_RETURNS	INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
NO_EFFECT	MSC12-A. Detect and remove code that has no effect
NULL_RETURNS	EXP34-C. Ensure a null pointer is not dereferenced
OVERRUN_STATIC	STR35-C. Do not copy data from an unbounded source to a fixed-length array
OVERRUN_DYNAMIC	STR35-C. Do not copy data from an unbounded source to a fixed-length array
RESOURCE_LEAK	MEM31-C. Free dynamically allocated memory exactly once
RETURN_LOCAL	DCL30-C. Declare objects with appropriate storage durations
REVERSE_INULL	EXP34-C. Ensure a null pointer is not dereferenced
REVERSE_NEGATIVE	INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
SIZECHECK	MEM35-C. Allocate sufficient memory for an object
STACK_USE	MEM05-A. Avoid large stack allocations
UNINIT	EXP33-C. Do not reference uninitialized memory
UNUSED_VALUE	MSC13-A. Detect and remove unused values
USE_AFTER_FREE	MEM30-C. Do not access freed memory, MEM31-C. Free dynamically allocated memory exactly once
VARARGS	No equivalent

C++ Checkers	CERT C++ Secure Coding Standard
BAD_OVERRIDE	No equivalent
CTOR_DTOR_LEAK	No equivalent
DELETE_ARRAY	No equivalent
INVALIDATE_ITERATOR	https://www.securecoding.cert.org/confluence/display/cplusplus/STL30-C.+Use+Valid+Iterators
PASS_BY_VALUE	No equivalent
UNCAUGHT_EXCEPT	https://www.securecoding.cert.org/confluence/display/cplusplus/ERR30-C.+Check+for+all+error+conditions
UNINIT_CTOR	No equivalent
WRAPPER_ESCAPE	No equivalent

Concurrency Checkers	CERT C Secure Coding Standard
LOCK	Out of scope
ORDER_REVERSAL	Out of scope
SLEEP	Out of scope

Security checkers	CERT C Secure Coding Standard
BUFFER_SIZE	STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator, ARR33-C. Guarantee that copies are made into storage of sufficient size
CHROOT	Out of scope
OPEN_ARGS	FIO03-A. Do not make assumptions about fopen() and file creation
READLINK	POS30-C. Use the readlink() function properly
SECURE_CODING	STR35-C. Do not copy data from an unbounded source to a fixed-length array, others?
SECURE_TEMP	FIO43-C. Handle temporary files securely, VOID TMP32-C. Temporary files must be opened with exclusive access, VOID TMP33-C. Temporary files must be removed before the program exits, TMPxx-C. Temporary file names must be unique when the file is created
STRING_OVERFLOW	STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator
STRING_NULL	STR32-C. Null-terminate byte strings as required
STRING_SIZE	STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator
TAINTED_SCALAR	ARR30-C. Guarantee that array indices are within the valid range, INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data, INT32-C. Ensure that operations on signed integers do not result in overflow
TAINTED_STRING	STR02-A. Sanitize data passed to complex subsystems, FIO30-C. Exclude user input from format strings, FIO02-A. Canonicalize path names originating from untrusted sources
TOCTOU	FIO03-A. Do not make assumptions about fopen() and file creation, FIO01-A. Be careful using functions that use file names for identification, FIO08-A. Take care when calling remove() on an open file, others?
USER_POINTER	No equivalent

Space shortcuts

Page tree