SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

MSC11-C

Low

Unlikely

No

High

No

P1

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.FUNCS.ASSERTSNot
Enough Assertions
enough assertions

Coverity

Include Page
Coverity_V
Coverity_V

ASSERT_SIDE_EFFECT

Can detect the specific instance where assertion contains an operation/function call that may have a side effect

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-MSC11-a
Assert liberally to document internal assumptions and invariants
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CPPPBEFully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
SEI CERT C++ Coding StandardVOID MSC11-CPP. Incorporate diagnostic tests using assertions
MITRE CWECWE-190, Reachable assertion

...


...

Image Modified Image Modified Image Modified