SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 15

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. We added the following new attributes for the testcase field (attribute and entry values provided in parentheses):
    1. alternate-taxonomy. (alternate-taxonomy=“CERT-C-Standard") Purpose is to indicate which alternate code flaw taxonomy (eg. CERT rules, CWEs, MISRA rules, etc.) that information will be provided for, as opposed to the code flaw taxonomy that the test suite was originally designed to test.
    2. SubmissionDate-alternate-taxonomy. (SubmissionDate-alternate-taxonomy=2018-09-28) Purpose is to indicate the date of submission of this manifest to SARD, for potential publication on the NIST SARD test suite website. The similarly-named attribute SubmissionDate is specific to the testcase itself, and that was used for all manifest entries.
    3. alternate-taxonomy-author. (alternate-taxonomy-author="Lori Flynn and David Svoboda and Andrew Kotov") Purpose is to identify authors of the new manifest entries. The similarly-named author attribute is specific to the testcase itself, and that was used for all manifest entries.
     
  2.  For the False verdicts, we did particular things for the following fields and attributes (in bold):
    1. We added a fixed field (same as in the original SARD manifest) that identifies where the identified CERT secure coding rule is not violated
      1.  For the verdict attribute, we use the value False (verdict=”False”).
    2.   For the file field, we added fields and values similar to those for the “mixed” tag (i.e., True verdict entries for Juliet test cases, in the original SARD manifest Juliet entries). Many of the files did not have entries in the original SARD Juliet manifest entries.
      1. numberOfFiles. (numberOfFiles="1") The purpose of this field for file entries with True verdicts is to indicate how many files are in a testcase. As an initial estimate, in False verdicts, we assume this count is only the file identified, in each case a single file.
      2. checksum. (checksum =”<SHA1_HASH>”) The purpose of this attribute is to uniquely identify the file. The other SARD file entries for checksum were derived using SHA1, so we derived a checksum value by running sha1sum.
      3. size. (size =”<SIZE>”) The purpose of this attribute is to identify the number of bytes in the file. To get this number, we ran the following command in a bash shell: wc -c
    3.   id, (id="10000000") The purpose of this field is to uniquely identify the testcase ID. Initially, we start with the first ID at 10000000 (a number larger than any id in the current SARD manifest), then increase each by 1. These are placeholders, as SARD assigns their own testcase ids.
    4.  We simply copied these attributes and values describing the test suite, for the testcase field: id=”86”, submissionDate="2013-05-20", status="Candidate"
    5.   We added the following new attributes for the testcase field, the same as described above for the True (“mixed”) verdicts: alternate-taxonomy, SubmissionDate-alternate-taxonomy, and alternate-taxonomy-author.

...