Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4

...

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC11-C

Low

Unlikely

High

P1

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.FUNCS.ASSERTSNot enough assertions

Coverity

Include Page
Coverity_V
Coverity_V

ASSERT_SIDE_EFFECT

Can detect the specific instance where assertion contains an operation/function call that may have a side effect

Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
CODSTA-11 
CERT_C-MSC11-a
Assert liberally to document internal assumptions and invariants

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

 


...