SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4

...

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC11-C

Low

Unlikely

High

P1

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.FUNCS.ASSERTSNot enough assertions

Coverity

Include Page
Coverity_V
Coverity_V

ASSERT_SIDE_EFFECT

Can detect the specific instance where assertion contains an operation/function call that may have a side effect

Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
CODSTA-11 
CERT_C-MSC11-a
Assert liberally to document internal assumptions and invariants

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
SEI CERT C++ Coding StandardVOID MSC11-CPP. Incorporate diagnostic tests using assertions
MITRE CWECWE-190, Reachable assertion

...


...