SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 142

changes.mady.by.user Liz Whiting

Saved on

compared with

New Version 143

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.INJ.FMT
MISC.FMT

Format String Injectionstring injection
Format Stringstring

Compass/ROSE

 

 

 
Coverity6.5TAINTED_STRING_WARNINGFully implemented

Fortify SCA

5.0

  
GCC
Include Page
GCC_V
GCC_V
 

Can detect violations of this rule when the -Wformat-security flag is used

Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.FMTSTR.GENERIC
SV.TAINTED.FMTSTR

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

86 D

Enhanced Enfordementenforcement

Splint

Include Page
Splint_V
Splint_V
  

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

CERT Oracle Secure Coding Standard for JavaIDS06-J. Exclude unsanitized user input from format strings
CERT Perl Secure Coding StandardIDS30-PL. Exclude user input from format strings
ISO/IEC TR 24772:2013Injection [RST]
ISO/IEC TS 17961:2013Including tainted or out-of-domain input in a format string [usrfmt]
MITRE CWECWE-134, Uncontrolled Format String

...