Recommendations
STR00-AC. Represent characters using an appropriate type
STR01-AC. Adopt and implement a consistent plan for managing strings
STR02-AC. Sanitize data passed to complex subsystems
STR03-AC. Do not inadvertently truncate a null-terminated byte string
STR04-AC. Use plain char for characters in the basic character set
STR05-AC. Use pointers to const when referring to string literals
STR06-AC. Do not assume that strtok() leaves the parse string unchanged
STR07-AC. Use TR 24731 for remediation of existing string manipulation code
STR08-AC. Use managed strings for development of new string manipulation code
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR00-A C | medium | probable | low | P12 | L1 |
STR01-A C | low | unlikely | high | P1 | L3 |
STR02-A C | high | likely | medium | P18 | L1 |
STR03-A C | medium | probable | medium | P8 | L2 |
STR04-A C | low | unlikely | low | P3 | L3 |
STR05-A C | low | unlikely | low | P3 | L3 |
STR06-A C | medium | likely | medium | P12 | L1 |
STR07-A C | high | probable | medium | P12 | L1 |
STR08-A C | high | probable | high | P6 | L2 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR30-C | low | likely | low | P9 | L2 |
STR31-C | high | likely | medium | P18 | L1 |
STR32-C | high | probable | medium | P12 | L1 |
STR33-C | high | likely | medium | P18 | L1 |
STR34-C | medium | probable | medium | P8 | L2 |
STR35-C | high | likely | medium | P18 | L1 |
STR36-C | high | probable | low | P18 | L1 |
STR37-C | low | unlikely | low | P3 | L3 |
...
ARR38-C. Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element 06. Arrays (ARR) STR00-A. Represent characters using an appropriate type