Security checkers | CERT C Secure Coding Standard |
|---|
BUFFER_SIZE | STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator, ARR33-C. Guarantee that copies are made into storage of sufficient size |
CHROOT | Out of scope |
OPEN_ARGS | FIO03-A. Do not make assumptions about fopen() and file creation |
READLINK | POS30-C. Use the readlink() function properly |
SECURE_CODING | STR35-C. Do not copy data from an unbounded source to a fixed-length array, others? |
SECURE_TEMP | TMP30-C. Temporary files must be created with unique and unpredictable file names, TMP31-C. Temporary files must have an unpredictable name, TMP32-C. Temporary files must be opened with exclusive access, TMP33-C. Temporary files must be removed before the program exits, TMPxx-C. Temporary file names must be unique when the file is created |
STRING_OVERFLOW | STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator |
STRING_NULL | STR32-C. Null-terminate byte strings as required |
STRING_SIZE | STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator |
TAINTED_SCALAR | ARR30-C. Guarantee that array indices are within the valid range, INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data, INT32-C. Ensure that integer operations do not result in an overflow |
TAINTED_STRING | STR02-A. Sanitize data passed to complex subsystems, FIO30-C. Exclude user input from format strings, FIO02-A. Canonicalize path names originating from untrusted sources |
TOCTOU | FIO03-A. Do not make assumptions about fopen() and file creation, FIO01-A. Be careful using functions that use file names for identification, FIO08-A. Take care when calling remove() on an open file, others? |
USER_POINTER | No equivalent |
