SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

C checkers

CERT C Secure Coding Standard

BAD_COMPARE

MSC02-A. Avoid errors of omission

BAD_FREE

MEM34-C. Only free memory allocated dynamically

CHAR_IO

FIO34-C. Use int to capture the return value of character IO functions

CHECKED_RETURN

FIO33-C. Detect and handle input output errors resulting in undefined behavior

DEADCODE

MSC07-A. Detect and remove dead code

FORWARD_NULL

EXP34-C. Ensure a pointer is valid before dereferencing it

MISSING_RETURN

MSC02-A. Avoid errors of omission

NEGATIVE_RETURNS

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

NO_EFFECT

No equivalent

NULL_RETURNS

EXP34-C. Ensure a pointer is valid before dereferencing it

OVERRUN_STATIC

STR34-C. Do not copy data from an unbounded source to a fixed-length array

OVERRUN_DYNAMIC

STR34-C. Do not copy data from an unbounded source to a fixed-length array

RESOURCE_LEAK

MEM31-C. Free dynamically allocated memory exactly once

RETURN_LOCAL

DCL30-C. Do not refer to an object outside of its lifetime

REVERSE_INULL

EXP34-C. Ensure a pointer is valid before dereferencing it

REVERSE_NEGATIVE

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

SIZECHECK

No equivalent

STACK_USE

MEM05-A. Avoid large stack allocations

UNINIT

EXP33-C. Do not reference uninitialized variables

UNUSED_VALUE

No equivalent

USE_AFTER_FREE

MEM30-C. Do not access freed memory

VARARGS

No equivalent

Concurrency Checkers

CERT C Secure Coding Standard

LOCK

[]

ORDER_REVERSAL

[]

SLEEP

[]

Security checkers

CERT C Secure Coding Standard

BUFFER_SIZE

STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator, ARR33-C. Guarantee that copies are made into storage of sufficient size

CHROOT

Out of scope

OPEN_ARGS

FIO03-A. Do not make assumptions about fopen() and file creation

READLINK

POS30-C. Use the readlink() function properly

SECURE_CODING

STR34-C. Do not copy data from an unbounded source to a fixed-length array, others?

SECURE_TEMP

TMP30-C. Temporary file name generators must create unique file names, TMP31-C. Temporary files must have an unpredictable name, TMP32-C. Temporary files must be opened with exclusive access, TMP33-C. Temporary files must be removed before the program exits, TMPxx-C. Temporary file names must be unique when the file is created

STRING_OVERFLOW

[]

STRING_NULL

[]

STRING_SIZE

[]

TAINTED_SCALAR

[]

TAINTED_STRING

[]

TOCTOU

[]

USER_POINTER

[]

Coverage checkers

CERT C Secure Coding Standard

UNIMPL_FUNCTIONS

[]
  • No labels