SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 38

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Tags (Labels)

Tag

Meaning

section

Pages that form the main sections of this standard and that are listed in the Section Index on the SEI CERT C Coding Standard page.

links-to-void

Guidelines with links to a rule in 6 The Void. The link should be removed.

update-checker

Guidelines that have been significantly changed since the checker was coded. The checker needs updating.

incomplete

Pages that need work.

deleteme

Pages that need to be deleted. See also void below.

citations-incomplete

Pages that have problems with the citations at the bottom.

sidebar

Pages with comments that might make good sidebars.

exportable-c

Guidelines in other CERT secure coding standards (residing in other Wiki spaces) that might make good C guidelines. Port to C those rules that are truly applicable.

exportable-java

Guidelines that might be candidates for adoption in the SEI CERT Oracle Coding Standard for Java.

void

Pages tagged for elimination from the standard and that are listed in 6 The Void.

ROSE-Specific Tags (Labels)

Pages now have tags (also known as


Wiki Markup
{doc://display/DOC/Working with Labels Overview}Labels{doc}


) to indicate the status of their corresponding checker in Compass Rose:


Tag

Meaning

rose-complete

ROSE catches all violations

rose-partial

ROSE catches some violations

rose-possible

ROSE could catch some or all violations, but doesn't yet.

rose-gcc

ROSE doesn't catch violations, but will soon, GCC catches violations

unenforceable

These rules can't be checked automatically.

rose-nonapplicable

These rules could be checked automatically in theory, but not by ROSE.

rose-na-macros

ROSE could check these rules if it recognized macro usage.

rose-na-multiple-files

ROSE could check these rules if it operated on multiple files at once.

rose-false-positive

ROSE could enforce this rule, but could not avoid catching some false positives.

At this point, all rules should have one of these tags. That is, they should be completely or partially checked by ROSE, or they should be marked 'rose-possible', in that we will try to check them with ROSE, or they should have one of the nonapplicable tags indicating we don't think they can be checked with ROSE.


...

It might also be worth giving these another look.

ARR34-C. Ensure that array types in expressions are compatible

DAN30-A. Create a copy constructor and assignment operator for non copyable objects

DCL05-A. Do not convert a function pointer to a function of a different type

DCL05-A. Do not use identifiers with different linked classifications

DCL06-A. Use meaningful symbolic constants to represent literal values

DCL31-C. Ensure every has function has a function prototype

EXP07-A. Use caution with NULL and 0, especially concerning pointers

EXP08-A. Ensure pointer arithmetic is used correctly

EXP09-A. Use sizeof to determine the size of a type or variable

FIO09-A. fflush() should be called after writing to an output stream if data integrity is important.

FLP33-C. Convert integers to floating point for floating point operations

FLP34-C. Ensure that demoted floating point values are within range

INT38-C. Ensure that Integer arithmetic and conversion functions are used only if the result can be represented in the type

MEM05-A. Avoid large stack allocations

MEM38-C. Use Flexible Array Members for dynamically sized structures

MSCxx-C. Do not unlock or destroy another process's mutex

MSC05-A. Do not manipulate time_t values directly

MSC06-A. Avoid race conditions with multiple threads

MSC08-A. Do not perform unbounded copy on returned strings of calls to GNU gettext functions

MSC08-A. Library functions should validate their parameters

MSC09-A Character Encoding - Use Subset of ASCII for Safety

MSC10-A Character Encoding - UTF8 Related Issues

MSC31-C. Ensure return values are compared against the proper type

SIGxx-A. Avoid race conditions with signal handlers

STR05-A. String Literals should only be assigned to constant pointers

DCL33-C. Ensure that source and destination pointers in function arguments do not point to overlapping objects if they are restrict qualified

Use setlocale() carefully (DRAFT)

Disallow particular characters in file names (draft)

Do not assume that an environmental variable is unique based on the name (draft)

Do not assume the layout of bitfields in memory (draft)

Do not cast pointers between objects with differing alignments

Do not name a file the same as a standard library in the typical path to search for libraries

Do not use vfork(2)

Don't use a function pointer whose type is not compatible to pointed to type ~Draft~

Minimize the use of enviroment variables ~Draft~

Only use values for fsetpos that are returned from fgetpos ~Draft~

Parenthesize library functions to prevent naming conflicts

...