Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 31 Next »

Generated Content

This page is automatically generated from the "Automated Detection" sections in the individual guidelines. Do not modify this page directly.

Version number:
v8.1

Checker

Guideline

-wc atolINT06-C. Use strtol() or a related function to convert a string token to an integer
-wc strcatSTR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
-wc strncatSTR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
-wc strncpySTR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
-wc strtokSTR06-C. Do not assume that strtok() leaves the parse string unchanged
0160,0161,0162,0163,0164,0165,0166,0167,0168,0169,0170,0171,MSC15-C. Do not depend on undefined behavior
0172,0173,0174,0175,0176,0177,0178,0179, 0184,0185,0186,0190,MSC15-C. Do not depend on undefined behavior
0179 (U)DCL11-C. Understand the type issues associated with variadic functions
0179 (U)FIO47-C. Use valid format strings
0180 (C99)FIO47-C. Use valid format strings
0184DCL10-C. Maintain the contract between the writer and caller of variadic functions
0184 (U)DCL11-C. Understand the type issues associated with variadic functions
0184 (U)FIO47-C. Use valid format strings
0185DCL10-C. Maintain the contract between the writer and caller of variadic functions
0185 (U)DCL11-C. Understand the type issues associated with variadic functions
0185 (U)FIO47-C. Use valid format strings
0186 (U)DCL11-C. Understand the type issues associated with variadic functions
0190 (U)FIO47-C. Use valid format strings
0190(U)DCL11-C. Understand the type issues associated with variadic functions
0191 (U)DCL11-C. Understand the type issues associated with variadic functions
0191 (U)FIO47-C. Use valid format strings
0191,0192,0193,0194,0195,0196,0197,0198,0199,0200,0201,0203,0204,MSC15-C. Do not depend on undefined behavior
0192 (U)DCL11-C. Understand the type issues associated with variadic functions
0192 (U)FIO47-C. Use valid format strings
0193 (U)DCL11-C. Understand the type issues associated with variadic functions
0193 (U)FIO47-C. Use valid format strings
0194 (U)FIO47-C. Use valid format strings
0194(U)DCL11-C. Understand the type issues associated with variadic functions
0195 (U)DCL11-C. Understand the type issues associated with variadic functions
0195 (U)FIO47-C. Use valid format strings
0196 (U)FIO47-C. Use valid format strings
0196(U)DCL11-C. Understand the type issues associated with variadic functions
0197 (U)DCL11-C. Understand the type issues associated with variadic functions
0197 (U)FIO47-C. Use valid format strings
0198 (U)DCL11-C. Understand the type issues associated with variadic functions
0198 (U)FIO47-C. Use valid format strings
0199 (U)DCL11-C. Understand the type issues associated with variadic functions
0199 (U)FIO47-C. Use valid format strings
0200 (U)DCL11-C. Understand the type issues associated with variadic functions
0200 (U)FIO47-C. Use valid format strings
0201 (U)FIO47-C. Use valid format strings
0201(U)DCL11-C. Understand the type issues associated with variadic functions
0202 (I)FIO47-C. Use valid format strings
0202,284,581,634,1434,0240,0241,0246,0551,0601,MSC14-C. Do not introduce unnecessary platform dependencies
0206 (U)DCL11-C. Understand the type issues associated with variadic functions
0206 (U)FIO47-C. Use valid format strings
0206, 0207,0208,0235,0275,0304,0309,0337,0400,0401,0402,0403,0543,MSC15-C. Do not depend on undefined behavior
0207DCL11-C. Understand the type issues associated with variadic functions
0208DCL11-C. Understand the type issues associated with variadic functions
0232,0233,0244,0261,0278,0321,0322,0338,0422,0423,0426,0427,0429,0430,0431,0432,MSC40-C. Do not violate constraints
0285MSC09-C. Character encoding: Use subset of ASCII for safety
0286MSC09-C. Character encoding: Use subset of ASCII for safety
0287MSC09-C. Character encoding: Use subset of ASCII for safety
0288MSC09-C. Character encoding: Use subset of ASCII for safety
0289MSC09-C. Character encoding: Use subset of ASCII for safety
0299MSC09-C. Character encoding: Use subset of ASCII for safety
0310EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields
0310EXP39-C. Do not access a variable through a pointer of an incompatible type
0311,431EXP05-C. Do not cast away a const qualification
0312,563,674EXP32-C. Do not access a volatile object through a nonvolatile reference
0339DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
0342PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0400 [U]EXP30-C. Do not depend on the order of evaluation for side effects
0401 [U]EXP30-C. Do not depend on the order of evaluation for side effects
0402 [U]EXP30-C. Do not depend on the order of evaluation for side effects
0403 [U]EXP30-C. Do not depend on the order of evaluation for side effects
0431(C)DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
0432STR38-C. Do not confuse narrow and wide character strings and functions
0432 (C)STR04-C. Use plain char for characters in the basic character set
0434 (C)DCL31-C. Declare identifiers before using them
0435,0436,0437,0446,0447,0448,0449,0450,0451,0452,0453,0454,0456,0457,0458,0466,MSC40-C. Do not violate constraints
0467,0468,0469,0476,0477,0478,0481,0482,0483,0484,0485,0486,0487,0493,0494,0495,MSC40-C. Do not violate constraints
0487,2771,2772,2773,2761,ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
0488,2930,2931,2932,2933,2934EXP08-C. Ensure pointer arithmetic is used correctly
0496,0513,0514,0515,0536,0537,0540,0541,0542,0546,0547,0550,0554,0555,0556,0557,MSC40-C. Do not violate constraints
0499INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
0544,0545,0602,0623,0625,0626,0630,0632,0636,0654,0658,0661,0667,MSC15-C. Do not depend on undefined behavior
0556STR30-C. Do not attempt to modify string literals
0558,0559,0560,0561,0562,0563,0564,0565,0580,0588,0589,0590,0591,0605,0616,0619,MSC40-C. Do not violate constraints
0563EXP40-C. Do not modify constant objects
0597MSC01-C. Strive for logical completeness
0602, 4600, 4601, 4602, 4603, 4604, 4605, 4606, 4607 , 4608DCL37-C. Do not declare or define a reserved identifier
0620,0621,0622,0627,0628,0629,0631,0638,0640,0641,0642,0643,0644,0645,0646,0649,MSC40-C. Do not violate constraints
0625 (U)DCL36-C. Do not declare an identifier with conflicting linkage classifications
0633,0635,0660,0662,0830,0831,0899,1001,1002,MSC14-C. Do not introduce unnecessary platform dependencies
0634 (I)INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
0635INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
0650,0651,0653,0655,0656,0657,0659,0664,0665,0671,0673,0674,0675,0677,0682,0683,MSC40-C. Do not violate constraints
0668,0672,0706,0745,0777,0779,0809,0813,0814,0836,0837,0848,0853,MSC15-C. Do not depend on undefined behavior
0674STR04-C. Use plain char for characters in the basic character set
0684,0685,0690,0698,0699,0708,0709,0736,0737,0738,0746,0747,0755,0756,0757,0758,MSC40-C. Do not violate constraints
0688,3674,3684, 678ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
0695MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
0697EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members
0699STR04-C. Use plain char for characters in the basic character set
0724INT09-C. Ensure enumeration constants map to unique values
0752STR05-C. Use pointers to const when referring to string literals
0752STR30-C. Do not attempt to modify string literals
0753STR05-C. Use pointers to const when referring to string literals
0753STR30-C. Do not attempt to modify string literals
0766,0767,0768,0774,0775,0801,0802,0803,0804,0811,0812,0821,0834,0835,0844,0845,MSC40-C. Do not violate constraints
0790FLP02-C. Avoid using floating-point numbers when precise computation is needed
0801PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0802PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0811PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0851,0852,0856,0866,0873,0877,0940,0941,0943,0944,1023,1024,1025,1033,1047,1048,MSC40-C. Do not violate constraints
0854,0864,0865,0867,0872,0874,0885,0887,0888,0914,0915,0942,3113,3114,MSC15-C. Do not depend on undefined behavior
0872PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0880PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0881PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
0883PRE06-C. Enclose header files in an inclusion guard
0884PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
1003,1006,1008,1012,1014,1015,1019,1020,1021,MSC14-C. Do not introduce unnecessary platform dependencies
1022,1026,1028,1029,1034,1035,1036,1037,1038,MSC14-C. Do not introduce unnecessary platform dependencies
1037DCL38-C. Use the correct syntax when declaring a flexible array member
1041,1042,1043,1044,1045,1046,3664MSC14-C. Do not introduce unnecessary platform dependencies
1051ARR32-C. Ensure size arguments for variable length arrays are in a valid range
1051MEM05-C. Avoid large stack allocations
1054DCL21-C. Understand the storage of compound literals
1250,1251,1252,1253,1260,1263,1274,1800,1802,1803,1804,1810,1811,1812,INT02-C. Understand integer conversion rules
1256,1257,1266,1290,1291,1292,1293,1294,1295,1296,1297,1298,1299,4401,INT02-C. Understand integer conversion rules
1272DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
1280DCL16-C. Use "L," not "l," to indicate a long value
1292,1293,4401,4421,INT07-C. Use only explicitly signed or unsigned char type for numeric values
1302DCL31-C. Declare identifiers before using them
1304DCL07-C. Include the appropriate type information in function declarators
1312,0690STR11-C. Do not specify the bound of a character array initialized with a string literal
1331,1332,1333,3002,3320,3335EXP37-C. Call functions with the correct number and type of arguments
1460MSC01-C. Strive for logical completeness
1470MSC01-C. Strive for logical completeness
1472MSC01-C. Strive for logical completeness
1500,1502,3203,3205,3206,3207,3229,3196, 2980,2981,2982,2983,2984,2985,2986MSC13-C. Detect and remove unused values
1501,1503,2008,2880,2881,2882,2883,2877,3196,MSC07-C. Detect and remove dead code
1504DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
1504,1505,1531,1532,3210,3218DCL19-C. Minimize the scope of variables and functions
1510,778.779DCL40-C. Do not create incompatible declarations of the same function or object
1520MEM05-C. Avoid large stack allocations
1531DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
1813,1820,1821,1822,1823,1824,1830,1831,1832,1833,1834,1840,1841,1842,INT02-C. Understand integer conversion rules
1843,1844,1850,1851,1852,1853,1854,1860,1861,1862,1863,1864,1880,1881,1882,INT02-C. Understand integer conversion rules
1890INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
1891INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
1892INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
1893INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
1894INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
1895INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
2,2124,2130,2132,2134INT02-C. Understand integer conversion rules
2000MSC01-C. Strive for logical completeness
2002MSC01-C. Strive for logical completeness
2003MSC17-C. Finish every set of statements associated with a case label with a break statement
2004MSC01-C. Strive for logical completeness
2008DCL41-C. Do not declare variables inside a switch statement before the first case label
2019MSC20-C. Do not use a switch statement to transfer control into a complex block
2050DCL07-C. Include the appropriate type information in function declarators
2050DCL31-C. Declare identifiers before using them
2051DCL31-C. Declare identifiers before using them
2100,2101,2102,2103,2104,2105,2106,2107,2109,2110,2111,2112,2113,2114,INT02-C. Understand integer conversion rules
2106STR09-C. Don't assume numeric values for expressions with type plain character
2107STR09-C. Don't assume numeric values for expressions with type plain character
2115,2116,2117,2118,2119,2120,212INT02-C. Understand integer conversion rules
2212EXP19-C. Use braces for the body of an if, for, or while statement
2547DCL01-C. Do not reuse variable names in subscopes
2762,2763, 2766, 2767, 2768ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
2790INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
2791 (D)INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
2792 (A)INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
2793 (S)INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
2800,2801,2802,2803INT32-C. Ensure that operations on signed integers do not result in overflow
2800,2801,2802,2803,INT08-C. Verify that all integer values are in range
2810,2811,2812,2813,2814,2820,2821,2822,2823,2824EXP34-C. Do not dereference null pointers
2830 (C)INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
2831 (D)INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
2832 (A)INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
2833 (S)INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
2834 (P)INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
2840,2841,2842,2843,2844,2930,ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
2845,2846,2847,2848,ARR38-C. Guarantee that library functions do not form invalid pointers
2849,2930,2932,2933,2934ARR38-C. Guarantee that library functions do not form invalid pointers
2850,2851,2852,2853,2900,2901,2902,2903,INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
2882DCL41-C. Do not declare variables inside a switch statement before the first case label
2888MSC37-C. Ensure that control never reaches the end of a non-void function
2890, 2891, 2892, 2893, 2895, 2896, 2897, 2898INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
2905,2906,2907,2908, 2855, 2856, 2857, 2858,INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
2910 (C)INT30-C. Ensure that unsigned integer operations do not wrap
2910,2911,2912,2913INT08-C. Verify that all integer values are in range
2911 (D)INT30-C. Ensure that unsigned integer operations do not wrap
2912 (A)INT30-C. Ensure that unsigned integer operations do not wrap
2913 (S)INT30-C. Ensure that unsigned integer operations do not wrap
2930, 2931, 2932, 2933, 2934ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
2931,2932,2933,2934,2950,2951,ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
2940, 2941, 2942, 2943, 2945, 2946, 2947, 2948INT16-C. Do not make assumptions about representation of signed integers
2952,2953ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
2961,2962,2963,2966,2967,2968,2971,2972,2973, 2976, 2977, 2978EXP33-C. Do not read uninitialized memory
3001DCL20-C. Explicitly specify void when a function accepts no arguments
3004,3344,428EXP16-C. Do not compare function pointers to constant values
3007DCL20-C. Explicitly specify void when a function accepts no arguments
305, 306, 309, 674INT36-C. Converting a pointer to integer or integer to pointer
3103INT10-C. Do not assume a positive remainder when using the % operator
3108MSC04-C. Use comments consistently and in a readable fashion
3109EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
3120DCL06-C. Use meaningful symbolic constants to represent literal values
3120, 3121, 3122, 3123, 3131,3132EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions
3121DCL06-C. Use meaningful symbolic constants to represent literal values
3122DCL06-C. Use meaningful symbolic constants to represent literal values
3123DCL06-C. Use meaningful symbolic constants to represent literal values
3131DCL06-C. Use meaningful symbolic constants to represent literal values
3132DCL06-C. Use meaningful symbolic constants to represent literal values
3200EXP12-C. Do not ignore values returned by functions
3200ERR33-C. Detect and handle standard library errors
3200POS54-C. Detect and handle POSIX library errors
3202,3203,3205,3206,3207,3210,3219,3229,3404,MSC07-C. Detect and remove dead code
3204DCL00-C. Const-qualify immutable objects
3217DCL30-C. Declare objects with appropriate storage durations
3217DCL21-C. Understand the storage of compound literals
3225DCL30-C. Declare objects with appropriate storage durations
3226,3326,0400, 0401, 0402,0403EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
3227DCL00-C. Const-qualify immutable objects
3230DCL30-C. Declare objects with appropriate storage durations
3232DCL00-C. Const-qualify immutable objects
3234DCL41-C. Do not declare variables inside a switch statement before the first case label
3236,3237,3238,3244MSC40-C. Do not violate constraints
3239,3319,3438,0301,0302,0307,0475,0676,0678,0680,3311,3312,3437,1509,1510MSC15-C. Do not depend on undefined behavior
3305EXP36-C. Do not cast pointers into more strictly aligned pointer types
3305EXP39-C. Do not access a variable through a pointer of an incompatible type
3307EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
3314EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
3314,3326, 3344,3416EXP45-C. Do not perform assignments in selection statements
3334DCL01-C. Do not reuse variable names in subscopes
3335DCL07-C. Include the appropriate type information in function declarators
3335DCL31-C. Declare identifiers before using them
3340FLP30-C. Do not use floating-point variables as loop counters
3344EXP20-C. Perform explicit tests to determine success, true and false, and equality
3344,4502EXP17-C. Do not use a bitwise operator in place of logical operator, or vice versa
3389EXP00-C. Use parentheses for precedence of operation
3390EXP00-C. Use parentheses for precedence of operation
3391EXP00-C. Use parentheses for precedence of operation
3392EXP00-C. Use parentheses for precedence of operation
3392EXP13-C. Treat relational and equality operators as if they were nonassociative
3393EXP00-C. Use parentheses for precedence of operation
3394EXP00-C. Use parentheses for precedence of operation
3395EXP00-C. Use parentheses for precedence of operation
3396EXP00-C. Use parentheses for precedence of operation
3397EXP00-C. Use parentheses for precedence of operation
3398EXP00-C. Use parentheses for precedence of operation
3399EXP00-C. Use parentheses for precedence of operation
3400EXP00-C. Use parentheses for precedence of operation
3401EXP13-C. Treat relational and equality operators as if they were nonassociative
3408DCL07-C. Include the appropriate type information in function declarators
3409PRE02-C. Macro replacement lists should be parenthesized
341PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
3410PRE01-C. Use parentheses within macros around parameter names
3412PRE10-C. Wrap multistatement macros in a do-while loop
3412PRE11-C. Do not conclude macro definitions with a semicolon
3413PRE03-C. Prefer typedefs to defines for encoding types
3415EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators
3422,3423,3425,3470,2980,2981,2982,2983,2984,2985,2986,MSC07-C. Detect and remove dead code
3426,3427,3307,3110,3112,3404MSC12-C. Detect and remove code that has no effect
3450DCL07-C. Include the appropriate type information in function declarators
3453PRE00-C. Prefer inline or static functions to function-like macros
3453PRE31-C. Avoid side effects in arguments to unsafe macros
3455PRE31-C. Avoid side effects in arguments to unsafe macros
3456PRE31-C. Avoid side effects in arguments to unsafe macros
3456PRE12-C. Do not define unsafe macros
3458PRE10-C. Wrap multistatement macros in a do-while loop
3601PRE07-C. Avoid using repeated question marks
3670MEM05-C. Avoid large stack allocations
3673DCL00-C. Const-qualify immutable objects
3673DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
4111EXP13-C. Treat relational and equality operators as if they were nonassociative
4112EXP13-C. Treat relational and equality operators as if they were nonassociative
4113EXP13-C. Treat relational and equality operators as if they were nonassociative
4116EXP20-C. Perform explicit tests to determine success, true and false, and equality
4117FLP06-C. Convert integers to floating point for floating-point operations
4118FLP06-C. Convert integers to floating point for floating-point operations
4140DCL30-C. Declare objects with appropriate storage durations
4402,4403,4404,4405,4410,4412,4413,4414,4415,4420,4421,4422,4423,4424,4425,4430,INT02-C. Understand integer conversion rules
4413,4414STR34-C. Cast characters to unsigned char before converting to larger integer sizes
4413,4414STR37-C. Arguments to character-handling functions must be representable as an unsigned char
4431,4432,4434,4435,4436,4437,4440,4441,4442,4443,4445,4446,4447,INT02-C. Understand integer conversion rules
4431,4441,4451INT07-C. Use only explicitly signed or unsigned char type for numeric values
4450FLP34-C. Ensure that floating-point conversions are within range of the new type
4451FLP34-C. Ensure that floating-point conversions are within range of the new type
4452FLP34-C. Ensure that floating-point conversions are within range of the new type
4453FLP34-C. Ensure that floating-point conversions are within range of the new type
4454FLP34-C. Ensure that floating-point conversions are within range of the new type
4460,4461,4463,4464,4470,4471,4480,4481,INT02-C. Understand integer conversion rules
4462FLP34-C. Ensure that floating-point conversions are within range of the new type
4465FLP34-C. Ensure that floating-point conversions are within range of the new type
4490INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
4491INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
4492INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
4532, 4533, 4534, 4543, 4544INT13-C. Use bitwise operators only on unsigned operands
627,776,0777,778,0779DCL23-C. Guarantee that mutually visible identifiers are unique
696MEM35-C. Allocate sufficient memory for an object
803PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
853PRE32-C. Do not use preprocessor directives in invocations of function-like macros
874STR10-C. Do not concatenate different type of string literals
Secondary AnalysisPRE08-C. Guarantee that header file names are unique
Secondary analysisPRE04-C. Do not reuse a standard header file name
Secondary analysisPRE09-C. Do not replace secure functions with deprecated or obsolescent functions
Secondary analysisDCL05-C. Use typedefs of non-pointer types only
Warncall -wc atoiINT06-C. Use strtol() or a related function to convert a string token to an integer
Warncall -wc randMSC30-C. Do not use the rand() function for generating pseudorandom numbers
Warncall -wc removeFIO08-C. Take care when calling remove() on an open file
Warncall -wc signalSIG34-C. Do not call signal() from within interruptible signal handlers
Warncall -wc strcpySTR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code
Warncall -wc systemENV33-C. Do not call system()
Warncall -wc vforkPOS33-C. Do not use vfork()
Warncall for scanf etcINT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
Warncall removeFIO01-C. Be careful using functions that use file names for identification
fopenFIO01-C. Be careful using functions that use file names for identification
freopenFIO01-C. Be careful using functions that use file names for identification
renameFIO01-C. Be careful using functions that use file names for identification
warncall -wc renameFIO10-C. Take care when using the rename() function
warncall -wc systemENV03-C. Sanitize the environment when invoking external programs
warncall fopenFIO06-C. Create files with appropriate access permissions
warncall for 'gets'STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
warncall for fopen and fopen_sFIO03-C. Do not make assumptions about fopen() and file creation
warncall for putenvPOS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
warncall for reallocMEM03-C. Clear sensitive information stored in reusable resources
warncall for signalSIG00-C. Mask signals handled by noninterruptible signal handlers
warncall for signalSIG01-C. Understand implementation-specific details regarding signal handler persistence
warncall tmpnam, tmpfile, mktemp, tmpnam_sFIO21-C. Do not create temporary files in shared directories

>

  • No labels