Checker | Guideline |
|---|
| arithOperationsOnVoidPointer | API04-C. Provide a consistent |
| Checker | CERT-C | CERT-CPP | Description |
arithOperationsOnVoidPointer | API04-C. Provide a consistent | and usable error-checking mechanism |
Fully implemented | | arrayIndexOutOfBoundsCond | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Fully implemented |
| assignmentInAssert | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
|
Fully implemented | | autoVariables | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Fully implemented | | autovarInvalidDeallocation | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Fully implemented | | C01 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
CTR52-CPP. Guarantee that library functions do not overflow |
Fully implemented | | C02 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Fully implemented | | C03 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Fully implemented | | C04 | ARR30 |
C04 | ARR30| -C. Do not form or use out-of-bounds pointers or array subscripts |
CTR52-CPP. Guarantee that library functions do not overflow |
Fully implemented | | C05 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Fully implemented | | C06 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
|
Fully implemented | | C07 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Fully implemented |
| C08 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Fully implemented |
| C08 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| Fully implemented | | C09 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Fully implemented | | C10 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
Fully implemented | | C101 | ARR32-C. Ensure size arguments for variable length arrays are in a valid range | | Fully implemented |
| C107 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array | | Fully implemented |
C109 | ARR38-C. Guarantee that library functions do not form invalid pointers | Fully implemented | C11 | CON02-C. Do not use volatile as a synchronization primitive | Fully implemented | C12 | CON05-C. Do not perform operations that can block while holding a lock | Fully implemented | C122 | CON40-C. Do not refer to an atomic variable twice in an expression | Fully implemented | C123 | CON40-C. Do not refer to an atomic variable twice in an expression | Fully implemented | C126 | DCL01-C. Do not reuse variable names in subscopes | Fully implemented | C127 | DCL01-C. Do not reuse variable names in subscopes | Fully implemented | C129 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C13 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C130 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C132 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C133 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C135 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C14 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C15 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C154 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C155 | DCL03-C. Use a static assertion to test the value of a constant expression | Fully implemented | C16 | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const | Fully implemented | | C17 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call | FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call | Fully implemented |
| C176 | DCL30-C. Declare objects with appropriate storage durations | | Fully implemented |
| C177 | DCL30-C. Declare objects with appropriate storage durations | | Fully implemented |
| C178 | DCL30-C. Declare objects with appropriate storage durations | | Fully implemented |
| C179 | DCL30-C. Declare objects with appropriate storage durations | | Fully implemented |
| C18 | DCL30-C. Declare objects with appropriate storage durations | | Fully implemented |
C19 | DCL31-C. Declare identifiers before using them | Fully implemented | C20 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary | Fully implemented | C21 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary | Fully implemented | C22 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary | Fully implemented | C23 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary | Fully implemented | | C24 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array | STR52-CPP. Use valid references, pointers, and iterators to reference elements of a basic_string | Fully implemented |
C25 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary | Fully implemented | C26 | DCL40-C. Do not create incompatible declarations of the same function or object | Fully implemented | C27 | ENV30-C. Do not modify the object referenced by the return value of certain functions | Fully implemented | C28 | ENV30-C. Do not modify the object referenced by the return value of certain functions | Fully implemented | C29 | ENV30-C. Do not modify the object referenced by the return value of certain functions | Fully implemented | C31 | ERR04-C. Choose an appropriate termination strategy | Fully implemented | C32 | ERR05-C. Application-independent code should provide error detection without dictating error handling | Fully implemented | C32 | ERR05-C. Application-independent code should provide error detection without dictating error handling | Fully implemented | C33 | ERR05-C. Application-independent code should provide error detection without dictating error handling | Fully implemented | C33 | ERR05-C. Application-independent code should provide error detection without dictating error handling | Fully implemented | C34 | ERR32-C. Do not rely on indeterminate values of errno | Fully implemented | C35 | ERR51-CPP. Handle all exceptions | Fully implemented | C36 | EXP00-C. Use parentheses for precedence of operation | Fully implemented | C37 | EXP08-C. Ensure pointer arithmetic is used correctly | Fully implemented | C38 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C39 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C40 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C42 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C44 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C45 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C46 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | C46 | EXP09-C. Use sizeof to determine the size of a type or variable | Fully implemented | | C47 | EXP12-C. Do not ignore values returned by functions | | Fully implemented |
| C48 | EXP12-C. Do not ignore values returned by functions | | Fully implemented |
C49 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts | Fully implemented | C50 | EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int | Fully implemented | |
| C11 | CON02-C. Do not use volatile as a synchronization primitive |
| C12 | CON05-C. Do not perform operations that can block while holding a lock |
| C13 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C14 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C15 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C16 | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
| C17 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C18 | DCL30-C. Declare objects with appropriate storage durations |
| C19 | DCL31-C. Declare identifiers before using them |
| C20 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C21 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C22 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C23 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C24 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| C25 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C26 | DCL40-C. Do not create incompatible declarations of the same function or object |
| C31 | ERR04-C. Choose an appropriate termination strategy |
| C32 | ERR05-C. Application-independent code should provide error detection without dictating error handling |
| C33 | ERR05-C. Application-independent code should provide error detection without dictating error handling |
| C34 | ERR32-C. Do not rely on indeterminate values of errno |
| C37 | EXP00-C. Use parentheses for precedence of operation |
| C38 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C39 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C40 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C42 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C44 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C45 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C46 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C46 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C47 | EXP12-C. Do not ignore values returned by functions |
| C48 | EXP12-C. Do not ignore values returned by functions |
| C49 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C50 | EXP30-C. Do not depend on the order of evaluation for side effects |
| C50 | EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int |
| C51 | EXP19-C. Use braces for the body of an if, for, or while statement |
| C52 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C54 | EXP33-C. Do not read uninitialized memory |
| C55 | EXP33-C. Do not read uninitialized memory |
| C56 | EXP33-C. Do not read uninitialized memory |
| C57 | EXP33-C. Do not read uninitialized memory |
| C58 | EXP33-C. Do not read uninitialized memory |
| C59 | EXP33-C. Do not read uninitialized memory |
| C60 | EXP33-C. Do not read uninitialized memory |
| C61 | EXP33-C. Do not read uninitialized memory |
| C62 | EXP33-C. Do not read uninitialized memory |
| C63 | EXP33-C. Do not read uninitialized memory |
| C64 | EXP34-C. Do not dereference null pointers |
| C65 | EXP34-C. Do not dereference null pointers |
| C66 | EXP34-C. Do not dereference null pointers |
| C67 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C68 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C69 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C70 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C77 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C78 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C79 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C80 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C80 | FIO42-C. Close files when they are no longer needed |
| C81 | FIO47-C. Use valid format strings |
| C82 | FIO47-C. Use valid format strings |
| C83 | FIO47-C. Use valid format strings |
| C83 | FIO47-C. Use valid format strings |
| C84 | FIO47-C. Use valid format strings |
| C85 | FIO47-C. Use valid format strings |
| C86 | FIO47-C. Use valid format strings |
| C86 | FIO47-C. Use valid format strings |
| C101 | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
| C107 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| C109 | ARR38-C. Guarantee that library functions do not form invalid pointers |
| C122 | CON40-C. Do not refer to an atomic variable twice in an expression |
| C123 | CON40-C. Do not refer to an atomic variable twice in an expression |
| C126 | DCL01-C. Do not reuse variable names in subscopes |
| C127 | DCL01-C. Do not reuse variable names in subscopes |
| C129 | DCL03-C. |
C51 | EXP19-C. Use braces for the body of an if, for, or while statement | Fully implemented | C52 | DCL03-C. | Use a static assertion to test the value of a constant expression |
Fully implemented | C53 | EXP30| C130 | DCL03-C. |
Do not depend on the order of evaluation for side effectsEXP50-CPP. Do not depend on the order of evaluation for side effects | Fully implemented | | C54 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C55 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C56 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C57 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C58 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C59 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C60 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C61 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C62 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C63 | EXP33-C. Do not read uninitialized memory | EXP53-CPP. Do not read uninitialized memory | Fully implemented |
| C64 | EXP34-C. Do not dereference null pointers | | Fully implemented |
C64 | EXP34-C. Do not dereference null pointers | Fully implemented | C65 | EXP34-C. Do not dereference null pointers | Fully implemented | C65 | EXP34-C. Do not dereference null pointers | Fully implemented | | C66 | EXP34-C. Do not dereference null pointers | | Fully implemented |
C67 | EXP36-C. Do not cast pointers into more strictly aligned pointer types | Fully implemented | C68 | EXP36-C. Do not cast pointers into more strictly aligned pointer types | Fully implemented | C69 | EXP36-C. Do not cast pointers into more strictly aligned pointer types | Fully implemented | C70 | EXP36-C. Do not cast pointers into more strictly aligned pointer types | Fully implemented | C71 | EXP37-C. Call functions with the correct number and type of arguments | Fully implemented | C73 | EXP40-C. Do not modify constant objects | Fully implemented | | C73 | EXP46-C. Do not use a bitwise operator with a Boolean-like operand | | Fully implemented |
C74 | EXP46-C. Do not use a bitwise operator with a Boolean-like operand | Fully implemented | C75 | EXP47-C. Do not call va_arg with an argument of the incorrect type | Fully implemented | C76 | FIO21-C. Do not create temporary files in shared directories | Fully implemented | | C77 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call | | Fully implemented |
| C78 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call | | Fully implemented |
C79 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call | Fully implemented | | C80 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call | | Fully implemented |
| C80 | FIO42-C. Close files when they are no longer needed | FIO51-CPP. Close files when they are no longer needed | Fully implemented |
| C81 | FIO47-C. Use valid format strings | | Fully implemented |
| C82 | FIO47-C. Use valid format strings | | Fully implemented |
| C83 | FIO47-C. Use valid format strings | | Fully implemented |
| C83 | FIO47-C. Use valid format strings | | Fully implemented |
| C84 | FIO47-C. Use valid format strings | | Fully implemented |
| C85 | FIO47-C. Use valid format strings | | Fully implemented |
| C86 | FIO47-C. Use valid format strings | | Fully implemented |
C86 | FIO47-C. Use valid format strings | Fully implemented | C87 | FLP03-C. Detect and handle floating-point errors | Fully implemented | | c88 | FLP34-C. Ensure that floating-point conversions are within range of the new type | | Fully implemented |
| C92 | FLP34-C. Ensure that floating-point conversions are within range of the new type | | Fully implemented |
C999 | INT01-C. Use size_t or rsize_t for all integer values representing the size of an object | Fully implemented | | Use a static assertion to test the value of a constant expression |
| C132 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C133 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C135 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C154 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C155 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C176 | DCL30-C. Declare objects with appropriate storage durations |
| C177 | DCL30-C. Declare objects with appropriate storage durations |
| C178 | DCL30-C. Declare objects with appropriate storage durations |
| C179 | DCL30-C. Declare objects with appropriate storage durations |
| CbOB | INT02-C. Understand integer conversion rules |
| CconstVariable | INT02-C. Understand integer conversion rules |
| CdLT | INT02-C. Understand integer conversion rules |
| CdoubleFree | INT02-C. Understand integer conversion rules |
| CduplicateCondition | INT02-C. Understand integer conversion rules |
| CE6 | INT02-C. Understand integer conversion rules |
| CE6_S | INT02-C. Understand integer conversion rules |
| CE7 | INT02-C. Understand integer conversion rules |
| CE8 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| CE11 | INT02-C. Understand integer conversion rules |
| CE12 | INT02-C. Understand integer conversion rules |
| CE13 | INT02-C. Understand integer conversion rules |
| CE256 | INT02-C. Understand integer conversion rules |
| CfCO | INT02-C. Understand integer conversion rules |
| CinvalidLifetime | INT02-C. Understand integer conversion rules |
| CinvalidScanfArgType_int | INT02-C. Understand integer conversion rules |
| CiRV | INT02-C. Understand integer conversion rules |
| CiSFW | INT02-C. Understand integer conversion rules |
| CknownConditionTrueFalse | INT02-C. Understand integer conversion rules |
| ClRVNU | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmAD | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmemleakOnRealloc | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmissingReturn | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CMR | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmVOOR | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CnAS | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CPP_17 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_18 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_22 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_23 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_24 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_25 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_26 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_27 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_31 | MEM34-C. Only free memory allocated dynamically |
| CPP_32 | MEM34-C. Only free memory allocated dynamically |
| CPP_33 | MEM34-C. Only free memory allocated dynamically |
| CPP_34 | MEM34-C. Only free memory allocated dynamically |
| CPP_35 | MEM34-C. Only free memory allocated dynamically |
| CPP_36 | MEM34-C. Only free memory allocated dynamically |
| CPP_57 | MSC07-C. Detect and remove dead code |
| CPP_58 | MSC07-C. Detect and remove dead code |
| CPP_59 | MSC07-C. Detect and remove dead code |
| CPP_60 | MSC07-C. Detect and remove dead code |
| CPP_61 | MSC07-C. Detect and remove dead code |
| CPP_62 | MSC07-C. Detect and remove dead code |
| CPP_uninitvar | MSC07-C. Detect and remove dead code |
| CPPCrypt | MSC07-C. Detect and remove dead code |
| CPPDSLHardcoded | MSC07-C. Detect and remove dead code |
| CPPDSLRAND | MSC07-C. Detect and remove dead code |
| CPPDSLWES | MSC07-C. Detect and remove dead code |
| CpPED | MSC07-C. Detect and remove dead code |
| CPPEnterCriticalSection | MSC07-C. Detect and remove dead code |
| CPPIsBadWritePtr | MSC07-C. Detect and remove dead code |
| CPPLoadLibrary | MSC07-C. Detect and remove dead code |
| CPPLoop | MSC07-C. Detect and remove dead code |
| CuEV | MSC24-C. Do not use deprecated or obsolescent functions |
| CvariableScope | MSC24-C. Do not use deprecated or obsolescent functions |
| CWE395TEST_2_CPP | MSC24-C. Do not use deprecated or obsolescent functions |
| CWE561P25 | MSC24-C. Do not use deprecated or obsolescent functions |
| CwPSPPE | MSC24-C. Do not use deprecated or obsolescent functions |
| CzDC | MSC24-C. Do not use deprecated or obsolescent functions |
| deallocret | MSC24-C. Do not use deprecated or obsolescent functions |
| integerOverflowCond | MSC24-C. Do not use deprecated or obsolescent functions |
| invalidContainer | MSC24-C. Do not use deprecated or obsolescent functions |
| invalidFunctionArg | MSC24-C. Do not use deprecated or obsolescent functions |
| leakUnsafeArgAlloc | MSC24-C. Do not use deprecated or obsolescent functions |
| memleak | MSC24-C. Do not use deprecated or obsolescent functions |
| memleakOnRealloc | MSC24-C. Do not use deprecated or obsolescent functions |
| noCopyConstructor | MSC24-C. Do not use deprecated or obsolescent functions |
| noOperatorEq | MSC24-C. Do not use deprecated or obsolescent functions |
| nullPointerRedundantCheck | MSC24-C. Do not use deprecated or obsolescent functions |
| oppositeExpression | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| redundantPointerOp | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_01 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_02 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_03 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_04 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_05 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_06 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_18 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_33 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| RTOS_34 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| shadowVariable | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| shiftTooManyBits | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| UNSAFE_01 | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
| UNSAFE_02 | STR38-C. Do not confuse narrow and wide character strings and functions |
| UNSAFE_03 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| UNSAFE_04 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| UNSAFE_05 | WIN02-C. Restrict privileges when spawning child processes |
CbOB | INT02-C. Understand integer conversion rules | Fully implemented | CconstVariable | INT02-C. Understand integer conversion rules | Fully implemented | CdLT | INT02-C. Understand integer conversion rules | Fully implemented | CdoubleFree | INT02-C. Understand integer conversion rules | Fully implemented | CduplicateCondition | INT02-C. Understand integer conversion rules | Fully implemented | CE8 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | CE11 | INT02-C. Understand integer conversion rules | Fully implemented | CE12 | INT02-C. Understand integer conversion rules | Fully implemented | CE13 | INT02-C. Understand integer conversion rules | Fully implemented | CE256 | INT02-C. Understand integer conversion rules | Fully implemented | CE6 | INT02-C. Understand integer conversion rules | Fully implemented | CE6_S | INT02-C. Understand integer conversion rules | Fully implemented | CE7 | INT02-C. Understand integer conversion rules | Fully implemented | CfCO | INT02-C. Understand integer conversion rules | Fully implemented | CinvalidLifetime | INT02-C. Understand integer conversion rules | Fully implemented | CinvalidScanfArgType_int | INT02-C. Understand integer conversion rules | Fully implemented | CiRV | INT02-C. Understand integer conversion rules | Fully implemented | CiSFW | INT02-C. Understand integer conversion rules | Fully implemented | CknownConditionTrueFalse | INT02-C. Understand integer conversion rules | Fully implemented | clarifyCalculation | INT08-C. Verify that all integer values are in range | Fully implemented | ClRVNU | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | Fully implemented | CmAD | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | Fully implemented | CmemleakOnRealloc | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | Fully implemented | CmissingReturn | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | Fully implemented | CMR | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | Fully implemented | | CmVOOR | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | | Fully implemented |
| CnAS | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data | | Fully implemented |
CNI | INT32-C. Ensure that operations on signed integers do not result in overflow | Fully implemented | CnPDA | INT32-C. Ensure that operations on signed integers do not result in overflow | Fully implemented | ConfigurationNotChecked | INT32-C. Ensure that operations on signed integers do not result in overflow | Fully implemented | constParameter | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors | Fully implemented | CoOB | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors | Fully implemented | | CPP_01 | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors | | Fully implemented |
CPP_02 | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors | Fully implemented | | CPP_03 | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand | | Fully implemented |
| CPP_04 | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand | | Fully implemented |
CPP_05 | INT36-C. Converting a pointer to integer or integer to pointer | Fully implemented | CPP_06 | INT36-C. Converting a pointer to integer or integer to pointer | Fully implemented | CPP_07 | MEM03-C. Clear sensitive information stored in reusable resources | Fully implemented | CPP_08 | MEM04-C. Beware of zero-length allocations | Fully implemented | CPP_09 | MEM04-C. Beware of zero-length allocations | Fully implemented | CPP_10 | MEM05-C. Avoid large stack allocations | Fully implemented | CPP_11 | MEM10-C. Define and use a pointer validation function | Fully implemented | | CPP_12 | MEM30-C. Do not access freed memory | MEM50-CPP. Do not access freed memory | Fully implemented |
| CPP_14 | MEM30-C. Do not access freed memory | MEM50-CPP. Do not access freed memory | Fully implemented |
| CPP_15 | MEM30-C. Do not access freed memory | MEM50-CPP. Do not access freed memory | Fully implemented |
| CPP_17 | MEM31-C. Free dynamically allocated memory when no longer needed | | Fully implemented |
| CPP_18 | MEM31-C. Free dynamically allocated memory when no longer needed | | Fully implemented |
CPP_22 | MEM31-C. Free dynamically allocated memory when no longer needed | Fully implemented | CPP_23 | MEM31-C. Free dynamically allocated memory when no longer needed | Fully implemented | | CPP_24 | MEM31-C. Free dynamically allocated memory when no longer needed | | Fully implemented |
| CPP_25 | MEM31-C. Free dynamically allocated memory when no longer needed | | Fully implemented |
| CPP_26 | MEM31-C. Free dynamically allocated memory when no longer needed | | Fully implemented |
| CPP_27 | MEM31-C. Free dynamically allocated memory when no longer needed | | Fully implemented |
| CPP_28 | MEM33-C. Allocate and copy structures containing a flexible array member dynamically | MEM53-CPP. Explicitly construct and destruct objects when manually managing object lifetime | Fully implemented |
| CPP_29 | MEM33-C. Allocate and copy structures containing a flexible array member dynamically | MEM53-CPP. Explicitly construct and destruct objects when manually managing object lifetime | Fully implemented |
| CPP_31 | MEM34-C. Only free memory allocated dynamically | | Fully implemented |
CPP_32 | MEM34-C. Only free memory allocated dynamically | Fully implemented | CPP_33 | MEM34-C. Only free memory allocated dynamically | Fully implemented | | CPP_34 | MEM34-C. Only free memory allocated dynamically | | Fully implemented |
CPP_35 | MEM34-C. Only free memory allocated dynamically | Fully implemented | CPP_36 | MEM34-C. Only free memory allocated dynamically | Fully implemented | CPP_39 | MEM35-C. Allocate sufficient memory for an object | Fully implemented | CPP_40 | MEM35-C. Allocate sufficient memory for an object | Fully implemented | CPP_41 | MEM35-C. Allocate sufficient memory for an object | Fully implemented | CPP_42 | MEM50-CPP. Do not access freed memory | Fully implemented | CPP_43 | MEM50-CPP. Do not access freed memory | Fully implemented | CPP_44 | MSC01-C. Strive for logical completeness | Fully implemented | CPP_45 | MSC01-C. Strive for logical completeness | Fully implemented | CPP_46 | MSC01-C. Strive for logical completeness | Fully implemented | CPP_47 | MSC01-C. Strive for logical completeness | Fully implemented | CPP_48 | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources | Fully implemented | CPP_55 | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources | Fully implemented | CPP_56 | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources | Fully implemented | CPP_57 | MSC07-C. Detect and remove dead code | Fully implemented | CPP_58 | MSC07-C. Detect and remove dead code | Fully implemented | CPP_59 | MSC07-C. Detect and remove dead code | Fully implemented | CPP_60 | MSC07-C. Detect and remove dead code | Fully implemented | CPP_61 | MSC07-C. Detect and remove dead code | Fully implemented | CPP_62 | MSC07-C. Detect and remove dead code | Fully implemented | CPP_uninitvar | MSC07-C. Detect and remove dead code | Fully implemented | CPPCrypt | MSC07-C. Detect and remove dead code | Fully implemented | CPPDSLHardcoded | MSC07-C. Detect and remove dead code | Fully implemented | CPPDSLRAND | MSC07-C. Detect and remove dead code | Fully implemented | CPPDSLWES | MSC07-C. Detect and remove dead code | Fully implemented | CpPED | MSC07-C. Detect and remove dead code | Fully implemented | CPPEnterCriticalSection | MSC07-C. Detect and remove dead code | Fully implemented | CPPIsBadWritePtr | MSC07-C. Detect and remove dead code | Fully implemented | CPPLoadLibrary | MSC07-C. Detect and remove dead code | Fully implemented | CPPLoop | MSC07-C. Detect and remove dead code | Fully implemented | CPPOftenMisused | MSC09-C. Character encoding: Use subset of ASCII for safety | Fully implemented | CPPPBE | MSC11-C. Incorporate diagnostic tests using assertions | Fully implemented | CPPStackBased | MSC11-C. Incorporate diagnostic tests using assertions | Fully implemented | CPtr | MSC12-C. Detect and remove code that has no effect or is never executed | Fully implemented | CredundantInitialization | MSC12-C. Detect and remove code that has no effect or is never executed | Fully implemented | CreturnDanglingLifetime | MSC12-C. Detect and remove code that has no effect or is never executed | Fully implemented | CsFPC | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | Fully implemented | CsTMB | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | Fully implemented | CstrdupCalled | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | Fully implemented | ctuArrayIndex | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code | Fully implemented | ctuNullPointer | MSC20-C. Do not use a switch statement to transfer control into a complex block | Fully implemented | ctuOneDefinitionRuleViolation | MSC21-C. Use robust loop termination conditions | Fully implemented | CuEV | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | CvariableScope | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | CWE395TEST_2_CPP | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | CWE561P25 | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | CwPSPPE | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | CzDC | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | deallocret | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | integerOverflowCond | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | invalidContainer | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | invalidFunctionArg | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | leakUnsafeArgAlloc | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | memleak | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | memleakOnRealloc | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | noCopyConstructor | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | noOperatorEq | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | nullPointerRedundantCheck | MSC24-C. Do not use deprecated or obsolescent functions | Fully implemented | oppositeExpression | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | redundantPointerOp | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_01 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_02 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_03 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_04 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_05 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_06 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | | RTOS_07 | MSC30-C. Do not use the rand() function for generating pseudorandom numbers | MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers | Fully implemented |
| RTOS_08 | MSC32-C. Properly seed pseudorandom number generators | MSC51-CPP. Ensure your random number generator is properly seeded | Fully implemented |
| RTOS_09 | MSC37-C. Ensure that control never reaches the end of a non-void function | MSC52-CPP. Value-returning functions must return a value from all exit paths | Fully implemented |
| RTOS_10 | MSC37-C. Ensure that control never reaches the end of a non-void function | MSC52-CPP. Value-returning functions must return a value from all exit paths | Fully implemented |
| RTOS_11 | MSC37-C. Ensure that control never reaches the end of a non-void function | MSC52-CPP. Value-returning functions must return a value from all exit paths | Fully implemented |
| RTOS_12 | MSC37-C. Ensure that control never reaches the end of a non-void function | MSC52-CPP. Value-returning functions must return a value from all exit paths | Fully implemented |
RTOS_13 | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value | Fully implemented | RTOS_14 | MSC41-C. Never hard code sensitive information | Fully implemented | RTOS_15 | MSC41-C. Never hard code sensitive information | Fully implemented | RTOS_16 | MSC41-C. Never hard code sensitive information | Fully implemented | RTOS_17 | MSC41-C. Never hard code sensitive information | Fully implemented | RTOS_18 | MSC25-C. Do not use insecure or weak cryptographic algorithms | Fully implemented | RTOS_19 | POS01-C. Check for the existence of links when dealing with files | Fully implemented | RTOS_20 | POS52-C. Do not perform operations that can block while holding a POSIX lock | Fully implemented | RTOS_22 | PRE04-C. Do not reuse a standard header file name | Fully implemented | RTOS_23 | PRE04-C. Do not reuse a standard header file name | Fully implemented | RTOS_24 | PRE04-C. Do not reuse a standard header file name | Fully implemented | RTOS_25 | PRE04-C. Do not reuse a standard header file name | Fully implemented | RTOS_26 | PRE13-C. Use the Standard predefined macros to test for versions and features. | Fully implemented | | RTOS_27 | PRE30-C. Do not create a universal character name through concatenation | | Fully implemented |
RTOS_28 | PRE31-C. Avoid side effects in arguments to unsafe macros | Fully implemented | RTOS_29 | PRE31-C. Avoid side effects in arguments to unsafe macros | Fully implemented | RTOS_30 | PRE31-C. Avoid side effects in arguments to unsafe macros | Fully implemented | RTOS_31 | STR05-C. Use pointers to const when referring to string literals | Fully implemented | | RTOS_33 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator | Fully implemented |
| RTOS_34 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator | Fully implemented |
| shadowVariable | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator | Fully implemented |
| shiftTooManyBits | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string | STR51-CPP. Do not attempt to create a std::string from a null pointer | Fully implemented |
UNSAFE_01 | STR37-C. Arguments to character-handling functions must be representable as an unsigned char | Fully implemented | UNSAFE_02 | STR38-C. Do not confuse narrow and wide character strings and functions | Fully implemented | | UNSAFE_03 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator | Fully implemented |
| UNSAFE_04 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator | Fully implemented |
UNSAFE_05 | WIN02-C. Restrict privileges when spawning child processes | Fully implemented | UNSAFE_06 | OOP52-CPP. Do not delete a polymorphic object without a virtual destructor | Fully implemented | UNSAFE_07 | OOP50-CPP. Do not invoke virtual functions from constructors or destructors | Fully implemented | UNSAFE_08 | CON53-CPP. Avoid deadlock by locking in a predefined order | Fully implemented | UNSAFE_09 | DCL50-CPP. Do not define a C-style variadic function | Fully implemented | va_end_missing | ERR59-CPP. Do not throw an exception across execution boundaries | Fully implemented | va_start_subsequentCalls | MEM56-CPP. Do not store an already-owned pointer value in an unrelated smart pointer | Fully implemented | wcsdupCalled | MEM51-CPP. Properly deallocate dynamically allocated resources | Fully implemented | zerodiv | Fully implemented |
