SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

If a relation exists between constants, you should encode the relationship in the definitions. Do not give two independent definitions as , because a maintainer may fail to preserve that relationship when modifying the code.   As a corollary, do not encode an impermanent or false relationship between constants, as because future modifications may result in an incorrect definition for the dependent constant.

...

This compliant solution does not assume a relationship when where none exists:

Code Block
bgColor#ccccff
langc
enum { ADULT_AGE=18 };
enum { ALCOHOL_AGE=21 };

Risk Assessment

Failing to properly encode relationships in constant definitions may lead to the introduction of defects during maintenance. These defects could potentially result in vulnerabilities, for example, if the affected constants were used for allocating or accessing memory.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

DCL08-C

Low

Unlikely

High

No

No

P1

L3

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite

Include PageLDRA_V

LDRA_V

387 S

Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID DCL08-CPP. Properly encode relationships in constant definitions
[Plum 1985]Rule 1-4

...


...

Image Modified Image Modified Image Modified