SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 138

changes.mady.by.user Yozo TODA

Saved on

compared with

New Version 139

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.INJ.FMT

MISC.FMT

Format String Injection

Format String

Compass/ROSE

 

 

 
Coverity6.5TAINTED_STRING_WARNINGFully implemented

Fortify SCA

5.0

  
GCC
Include Page
GCC_V
GCC_V
 

Can detect violations of this rule when the -Wformat-security flag is used

Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.FMTSTR.GENERIC
SV.TAINTED.FMTSTR

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

86 D

Partially implemented

Splint

Include Page
Splint_V
Splint_V
  

...

Related Guidelines

CERT C++ Secure Coding StandardVOID FIO30-CPP. Exclude user input from format strings
CERT Oracle Secure Coding Standard for JavaIDS06-J. Exclude unsanitized user input from format strings
CERT Perl Secure Coding StandardIDS30-PL. Exclude user input from format strings
ISO/IEC TR 24772:2013Injection [RST]
ISO/IEC TS 17961:2013Including tainted or out-of-domain input in a format string [usrfmt]
MITRE CWECWE-134, Uncontrolled Format String

...