|
Checker
|
Guideline
|
|---|
|
arithOperationsOnVoidPointer
|
API04-C. Provide a consistent and usable error-checking mechanism
|
|
arrayIndexOutOfBoundsCond
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
assignmentInAssert
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
autoVariables
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
autovarInvalidDeallocation
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C01
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C02
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C03
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C04
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C05
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C06
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C07
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C08
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C08
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C09
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C10
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C11
|
CON02-C. Do not use volatile as a synchronization primitive
|
|
C12
|
CON05-C. Do not perform operations that can block while holding a lock
|
|
C13
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C14
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C15
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C16
|
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
|
|
C17
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C18
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C19
|
DCL31-C. Declare identifiers before using them
|
|
C20
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C21
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C22
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C23
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C24
|
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
|
|
C25
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C26
|
DCL40-C. Do not create incompatible declarations of the same function or object
|
|
C31
|
ERR04-C. Choose an appropriate termination strategy
|
|
C32
|
ERR05-C. Application-independent code should provide error detection without dictating error handling
|
|
C33
|
ERR05-C. Application-independent code should provide error detection without dictating error handling
|
|
C34
|
ERR32-C. Do not rely on indeterminate values of errno
|
|
C37
|
EXP00-C. Use parentheses for precedence of operation
|
|
C38
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C39
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C40
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C42
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C44
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C45
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C46
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C46
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C47
|
EXP12-C. Do not ignore values returned by functions
|
|
C48
|
EXP12-C. Do not ignore values returned by functions
|
|
C49
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C50
|
EXP30-C. Do not depend on the order of evaluation for side effects
|
|
C50
|
EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
|
|
C51
|
EXP19-C. Use braces for the body of an if, for, or while statement
|
|
C52
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C54
|
EXP33-C. Do not read uninitialized memory
|
|
C55
|
EXP33-C. Do not read uninitialized memory
|
|
C56
|
EXP33-C. Do not read uninitialized memory
|
|
C57
|
EXP33-C. Do not read uninitialized memory
|
|
C58
|
EXP33-C. Do not read uninitialized memory
|
|
C59
|
EXP33-C. Do not read uninitialized memory
|
|
C60
|
EXP33-C. Do not read uninitialized memory
|
|
C61
|
EXP33-C. Do not read uninitialized memory
|
|
C62
|
EXP33-C. Do not read uninitialized memory
|
|
C63
|
EXP33-C. Do not read uninitialized memory
|
|
C64
|
EXP34-C. Do not dereference null pointers
|
|
C65
|
EXP34-C. Do not dereference null pointers
|
|
C66
|
EXP34-C. Do not dereference null pointers
|
|
C67
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C68
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C69
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C70
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C77
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C78
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C79
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C80
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C80
|
FIO42-C. Close files when they are no longer needed
|
|
C81
|
FIO47-C. Use valid format strings
|
|
C82
|
FIO47-C. Use valid format strings
|
|
C83
|
FIO47-C. Use valid format strings
|
|
C83
|
FIO47-C. Use valid format strings
|
|
C84
|
FIO47-C. Use valid format strings
|
|
C85
|
FIO47-C. Use valid format strings
|
|
C86
|
FIO47-C. Use valid format strings
|
|
C86
|
FIO47-C. Use valid format strings
|
|
C101
|
ARR32-C. Ensure size arguments for variable length arrays are in a valid range
|
|
C107
|
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
|
|
C109
|
ARR38-C. Guarantee that library functions do not form invalid pointers
|
|
C122
|
CON40-C. Do not refer to an atomic variable twice in an expression
|
|
C123
|
CON40-C. Do not refer to an atomic variable twice in an expression
|
|
C126
|
DCL01-C. Do not reuse variable names in subscopes
|
|
C127
|
DCL01-C. Do not reuse variable names in subscopes
|
|
C129
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C130
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C132
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C133
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C135
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C154
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C155
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C176
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C177
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C178
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C179
|
DCL30-C. Declare objects with appropriate storage durations
|
|
CbOB
|
INT02-C. Understand integer conversion rules
|
|
CconstVariable
|
INT02-C. Understand integer conversion rules
|
|
CdLT
|
INT02-C. Understand integer conversion rules
|
|
CdoubleFree
|
INT02-C. Understand integer conversion rules
|
|
CduplicateCondition
|
INT02-C. Understand integer conversion rules
|
|
CE6
|
INT02-C. Understand integer conversion rules
|
|
CE6_S
|
INT02-C. Understand integer conversion rules
|
|
CE7
|
INT02-C. Understand integer conversion rules
|
|
CE8
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
CE11
|
INT02-C. Understand integer conversion rules
|
|
CE12
|
INT02-C. Understand integer conversion rules
|
|
CE13
|
INT02-C. Understand integer conversion rules
|
|
CE256
|
INT02-C. Understand integer conversion rules
|
|
CfCO
|
INT02-C. Understand integer conversion rules
|
|
CinvalidLifetime
|
INT02-C. Understand integer conversion rules
|
|
CinvalidScanfArgType_int
|
INT02-C. Understand integer conversion rules
|
|
CiRV
|
INT02-C. Understand integer conversion rules
|
|
CiSFW
|
INT02-C. Understand integer conversion rules
|
|
CknownConditionTrueFalse
|
INT02-C. Understand integer conversion rules
|
|
ClRVNU
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmAD
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmemleakOnRealloc
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmissingReturn
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CMR
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmVOOR
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CnAS
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CPP_17
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_18
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_22
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_23
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_24
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_25
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_26
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_27
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_31
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_32
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_33
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_34
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_35
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_36
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_57
|
MSC07-C. Detect and remove dead code
|
|
CPP_58
|
MSC07-C. Detect and remove dead code
|
|
CPP_59
|
MSC07-C. Detect and remove dead code
|
|
CPP_60
|
MSC07-C. Detect and remove dead code
|
|
CPP_61
|
MSC07-C. Detect and remove dead code
|
|
CPP_62
|
MSC07-C. Detect and remove dead code
|
|
CPP_uninitvar
|
MSC07-C. Detect and remove dead code
|
|
CPPCrypt
|
MSC07-C. Detect and remove dead code
|
|
CPPDSLHardcoded
|
MSC07-C. Detect and remove dead code
|
|
CPPDSLRAND
|
MSC07-C. Detect and remove dead code
|
|
CPPDSLWES
|
MSC07-C. Detect and remove dead code
|
|
CpPED
|
MSC07-C. Detect and remove dead code
|
|
CPPEnterCriticalSection
|
MSC07-C. Detect and remove dead code
|
|
CPPIsBadWritePtr
|
MSC07-C. Detect and remove dead code
|
|
CPPLoadLibrary
|
MSC07-C. Detect and remove dead code
|
|
CPPLoop
|
MSC07-C. Detect and remove dead code
|
|
CuEV
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CvariableScope
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CWE395TEST_2_CPP
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CWE561P25
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CwPSPPE
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CzDC
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
deallocret
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
integerOverflowCond
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
invalidContainer
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
invalidFunctionArg
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
leakUnsafeArgAlloc
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
memleak
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
memleakOnRealloc
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
noCopyConstructor
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
noOperatorEq
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
nullPointerRedundantCheck
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
oppositeExpression
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
redundantPointerOp
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_01
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_02
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_03
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_04
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_05
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_06
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_18
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_33
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
RTOS_34
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
shadowVariable
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
shiftTooManyBits
|
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
|
|
UNSAFE_01
|
STR37-C. Arguments to character-handling functions must be representable as an unsigned char
|
|
UNSAFE_02
|
STR38-C. Do not confuse narrow and wide character strings and functions
|
|
UNSAFE_03
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
UNSAFE_04
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
UNSAFE_05
|
WIN02-C. Restrict privileges when spawning child processes
|
