Checker | Guideline |
|---|
| arithOperationsOnVoidPointer | API04-C. Provide a consistent and usable error-checking mechanism |
| arrayIndexOutOfBoundsCond | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| assignmentInAssert | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| autoVariables | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| autovarInvalidDeallocation | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C01 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C02 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C03 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C04 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C05 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C06 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C07 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C08 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C08 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C09 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C10 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C11 | CON02-C. Do not use volatile as a synchronization primitive |
| C12 | CON05-C. Do not perform operations that can block while holding a lock |
| C13 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C14 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C15 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C16 | DCL13-C. Declare function parameters that are pointers to values not changed by the function as const |
| C17 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C18 | DCL30-C. Declare objects with appropriate storage durations |
| C19 | DCL31-C. Declare identifiers before using them |
| C20 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C21 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C22 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C23 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C24 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| C25 | DCL39-C. Avoid information leakage when passing a structure across a trust boundary |
| C26 | DCL40-C. Do not create incompatible declarations of the same function or object |
| C27 | ENV30-C. Do not modify the object referenced by the return value of certain functions |
| C28 | ENV30-C. Do not modify the object referenced by the return value of certain functions |
| C29 | ENV30-C. Do not modify the object referenced by the return value of certain functions |
| C31 | ERR04-C. Choose an appropriate termination strategy |
| C32 | ERR05-C. Application-independent code should provide error detection without dictating error handling |
| C33 | ERR05-C. Application-independent code should provide error detection without dictating error handling |
| C34 | ERR32-C. Do not rely on indeterminate values of errno |
| C37 | EXP00-C. Use parentheses for precedence of operation |
| C37 | EXP08-C. Ensure pointer arithmetic is used correctly |
| C38 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C39 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C40 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C42 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C44 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C45 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C46 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C46 | EXP09-C. Use sizeof to determine the size of a type or variable |
| C47 | EXP12-C. Do not ignore values returned by functions |
| C48 | EXP12-C. Do not ignore values returned by functions |
| C49 | ARR30-C. Do not form or use out-of-bounds pointers or array subscripts |
| C50 | EXP30-C. Do not depend on the order of evaluation for side effects |
| C50 | EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int |
| C51 | EXP19-C. Use braces for the body of an if, for, or while statement |
| C52 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C54 | EXP33-C. Do not read uninitialized memory |
| C55 | EXP33-C. Do not read uninitialized memory |
| C56 | EXP33-C. Do not read uninitialized memory |
| C57 | EXP33-C. Do not read uninitialized memory |
| C58 | EXP33-C. Do not read uninitialized memory |
| C59 | EXP33-C. Do not read uninitialized memory |
| C60 | EXP33-C. Do not read uninitialized memory |
| C61 | EXP33-C. Do not read uninitialized memory |
| C62 | EXP33-C. Do not read uninitialized memory |
| C63 | EXP33-C. Do not read uninitialized memory |
| C64 | EXP34-C. Do not dereference null pointers |
| C65 | EXP34-C. Do not dereference null pointers |
| C66 | EXP34-C. Do not dereference null pointers |
| C67 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C68 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C69 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C70 | EXP36-C. Do not cast pointers into more strictly aligned pointer types |
| C71 | EXP37-C. Call functions with the correct number and type of arguments |
| C73 | EXP40-C. Do not modify constant objects |
| C73 | EXP46-C. Do not use a bitwise operator with a Boolean-like operand |
| C76 | FIO21-C. Do not create temporary files in shared directories |
| C77 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C78 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C79 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C80 | FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call |
| C80 | FIO42-C. Close files when they are no longer needed |
| C81 | FIO47-C. Use valid format strings |
| C82 | FIO47-C. Use valid format strings |
| C83 | FIO47-C. Use valid format strings |
| C83 | FIO47-C. Use valid format strings |
| C84 | FIO47-C. Use valid format strings |
| C85 | FIO47-C. Use valid format strings |
| C86 | FIO47-C. Use valid format strings |
| C86 | FIO47-C. Use valid format strings |
| C87 | FLP03-C. Detect and handle floating-point errors |
| C88 | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| C101 | ARR32-C. Ensure size arguments for variable length arrays are in a valid range |
| C107 | ARR36-C. Do not subtract or compare two pointers that do not refer to the same array |
| C109 | ARR38-C. Guarantee that library functions do not form invalid pointers |
| C122 | CON40-C. Do not refer to an atomic variable twice in an expression |
| C123 | CON40-C. Do not refer to an atomic variable twice in an expression |
| C126 | DCL01-C. Do not reuse variable names in subscopes |
| C127 | DCL01-C. Do not reuse variable names in subscopes |
| C129 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C130 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C132 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C133 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C135 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C154 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C155 | DCL03-C. Use a static assertion to test the value of a constant expression |
| C176 | DCL30-C. Declare objects with appropriate storage durations |
| C177 | DCL30-C. Declare objects with appropriate storage durations |
| C178 | DCL30-C. Declare objects with appropriate storage durations |
| C179 | DCL30-C. Declare objects with appropriate storage durations |
| C999 | INT01-C. Use size_t or rsize_t for all integer values representing the size of an object |
| CbOB | INT02-C. Understand integer conversion rules |
| CconstVariable | INT02-C. Understand integer conversion rules |
| CdLT | INT02-C. Understand integer conversion rules |
| CdoubleFree | INT02-C. Understand integer conversion rules |
| CduplicateCondition | INT02-C. Understand integer conversion rules |
| CE6 | INT02-C. Understand integer conversion rules |
| CE6_S | INT02-C. Understand integer conversion rules |
| CE7 | INT02-C. Understand integer conversion rules |
| CE8 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| CE11 | INT02-C. Understand integer conversion rules |
| CE12 | INT02-C. Understand integer conversion rules |
| CE13 | INT02-C. Understand integer conversion rules |
| CE256 | INT02-C. Understand integer conversion rules |
| CfCO | INT02-C. Understand integer conversion rules |
| CinvalidLifetime | INT02-C. Understand integer conversion rules |
| CinvalidScanfArgType_int | INT02-C. Understand integer conversion rules |
| CiRV | INT02-C. Understand integer conversion rules |
| CiSFW | INT02-C. Understand integer conversion rules |
| CknownConditionTrueFalse | INT02-C. Understand integer conversion rules | clarifyCalculation | INT08-C. Verify that all integer values are in range |
| ClRVNU | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmAD | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmemleakOnRealloc | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmissingReturn | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CMR | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CmVOOR | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CnAS | INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data |
| CNI | INT32-C. Ensure that operations on signed integers do not result in overflow |
| CPP_02 | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| CPP_03 | INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| CPP_05 | INT36-C. Converting a pointer to integer or integer to pointer |
| CPP_07 | MEM03-C. Clear sensitive information stored in reusable resources |
| CPP_08 | MEM04-C. Beware of zero-length allocations |
| CPP_010 | MEM05-C. Avoid large stack allocations |
| CPP_11 | MEM10-C. Define and use a pointer validation function |
| CPP_12 | MEM30-C. Do not access freed memory |
| CPP_17 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_18 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_22 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_23 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_24 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_25 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_26 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_27 | MEM31-C. Free dynamically allocated memory when no longer needed |
| CPP_028 | MEM33-C. Allocate and copy structures containing a flexible array member dynamically |
| CPP_31 | MEM34-C. Only free memory allocated dynamically |
| CPP_32 | MEM34-C. Only free memory allocated dynamically |
| CPP_33 | MEM34-C. Only free memory allocated dynamically |
| CPP_34 | MEM34-C. Only free memory allocated dynamically |
| CPP_35 | MEM34-C. Only free memory allocated dynamically |
| CPP_36 | MEM34-C. Only free memory allocated dynamically |
| CPP_039 | MEM35-C. Allocate sufficient memory for an object |
| CPP_44 | MSC01-C. Strive for logical completeness |
| CPP_48 | MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources |
| CPP_57 | MSC07-C. Detect and remove dead code |
| CPP_58 | MSC07-C. Detect and remove dead code |
| CPP_59 | MSC07-C. Detect and remove dead code |
| CPP_60 | MSC07-C. Detect and remove dead code |
| CPP_61 | MSC07-C. Detect and remove dead code |
| CPP_62 | MSC07-C. Detect and remove dead code |
| CPP_uninitvar | MSC07-C. Detect and remove dead code |
| CPPCrypt | MSC07-C. Detect and remove dead code |
| CPPDSLHardcoded | MSC07-C. Detect and remove dead code |
| CPPDSLRAND | MSC07-C. Detect and remove dead code |
| CPPDSLWES | MSC07-C. Detect and remove dead code |
| CpPED | MSC07-C. Detect and remove dead code |
| CPPEnterCriticalSection | MSC07-C. Detect and remove dead code |
| CPPIsBadWritePtr | MSC07-C. Detect and remove dead code |
| CPPLoadLibrary | MSC07-C. Detect and remove dead code |
| CPPLoop | MSC07-C. Detect and remove dead code |
| CPPOftenMisured | MSC09-C. Character encoding: Use subset of ASCII for safety |
| CPPPBE | MSC11-C. Incorporate diagnostic tests using assertions |
| CPtr | MSC12-C. Detect and remove code that has no effect or is never executed |
| CsFPC | MSC18-C. Be careful while handling sensitive data, such as passwords, in program code |
| ctuNullPointer | MSC20-C. Do not use a switch statement to transfer control into a complex block |
| ctuOneDefinitionRuleViolation | MSC21-C. Use robust loop termination conditions |
| CuEV | MSC24-C. Do not use deprecated or obsolescent functions |
| CvariableScope | MSC24-C. Do not use deprecated or obsolescent functions |
| CWE395TEST_2_CPP | MSC24-C. Do not use deprecated or obsolescent functions |
| CWE561P25 | MSC24-C. Do not use deprecated or obsolescent functions |
| CwPSPPE | MSC24-C. Do not use deprecated or obsolescent functions |
| CzDC | MSC24-C. Do not use deprecated or obsolescent functions |
| deallocret | MSC24-C. Do not use deprecated or obsolescent functions |
| integerOverflowCond | MSC24-C. Do not use deprecated or obsolescent functions |
| invalidContainer | MSC24-C. Do not use deprecated or obsolescent functions |
| invalidFunctionArg | MSC24-C. Do not use deprecated or obsolescent functions |
| leakUnsafeArgAlloc | MSC24-C. Do not use deprecated or obsolescent functions |
| memleak | MSC24-C. Do not use deprecated or obsolescent functions |
| memleakOnRealloc | MSC24-C. Do not use deprecated or obsolescent functions |
| noCopyConstructor | MSC24-C. Do not use deprecated or obsolescent functions |
| noOperatorEq | MSC24-C. Do not use deprecated or obsolescent functions |
| nullPointerRedundantCheck | MSC24-C. Do not use deprecated or obsolescent functions |
| oppositeExpression | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| redundantPointerOp | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_01 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_02 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_03 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_04 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_05 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_06 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_07 | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| RTOS_09 | MSC37-C. Ensure that control never reaches the end of a non-void function |
| RTOS_13 | MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value |
| RTOS_14 | MSC41-C. Never hard code sensitive information |
| RTOS_18 | MSC25-C. Do not use insecure or weak cryptographic algorithms |
| RTOS_19 | POS01-C. Check for the existence of links when dealing with files |
| RTOS_20 | POS52-C. Do not perform operations that can block while holding a POSIX lock |
| RTOS_22 | PRE04-C. Do not reuse a standard header file name |
| RTOS_26 | PRE13-C. Use the Standard predefined macros to test for versions and features. |
| RTOS_27 | PRE30-C. Do not create a universal character name through concatenation |
| RTOS_28 | PRE31-C. Avoid side effects in arguments to unsafe macros |
| RTOS_31 | STR05-C. Use pointers to const when referring to string literals |
| RTOS_33 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| RTOS_34 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| shadowVariable | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| shiftTooManyBits | STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string |
| UNSAFE_01 | STR37-C. Arguments to character-handling functions must be representable as an unsigned char |
| UNSAFE_02 | STR38-C. Do not confuse narrow and wide character strings and functions |
| UNSAFE_03 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| UNSAFE_04 | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| UNSAFE_05 | WIN02-C. Restrict privileges when spawning child processes |