
Recommendations
DCL00-C. Const-qualify immutable objects
DCL01-C. Do not reuse variable names in subscopes
DCL02-C. Use visually distinct identifiers
DCL03-C. Use a static assertion to test the value of a constant expression
DCL04-C. Do not declare more than one variable per declaration
DCL05-C. Use typedefs to improve code readability
DCL06-C. Use meaningful symbolic constants to represent literal values
DCL07-C. Include the appropriate type information in function declarators
DCL08-C. Properly encode relationships in constant definitions
DCL09-C. Declare functions that return errno with a return type of errno_t
DCL10-C. Maintain the contract between the writer and caller of variadic functions
DCL11-C. Understand the type issues associated with variadic functions
DCL12-C. Implement abstract data types using opaque types
DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
DCL16-C. Use 'L', not 'l', to indicate a long value
DCL17-C. Beware of miscompiled volatile-qualified variables
DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
DCL19-C. Use as minimal a scope as possible for all variables and functions
DCL20-C. Always specify void even if a function takes no parameter
Rules
DCL30-C. Declare objects with appropriate storage durations
DCL31-C. Declare identifiers before using them
DCL32-C. Guarantee that mutually visible identifiers are unique
DCL34-C. Use volatile for data that cannot be cached
DCL35-C. Do not invoke a function using a type that does not match the function definition
DCL36-C. Do not declare an identifier with conflicting linkage classifications
Risk Assessment Summary
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DCL00-C |
low |
unlikely |
high |
P1 |
L3 |
DCL01-C |
low |
unlikely |
medium |
P2 |
L3 |
DCL02-C |
low |
unlikely |
medium |
P2 |
L3 |
DCL03-C |
low |
unlikely |
high |
P1 |
L3 |
DCL04-C |
low |
unlikely |
low |
P3 |
L3 |
DCL05-C |
low |
unlikely |
medium |
P2 |
L3 |
DCL06-C |
low |
unlikely |
medium |
P2 |
L3 |
DCL07-C |
low |
unlikely |
low |
P3 |
L3 |
DCL08-C |
low |
unlikely |
high |
P1 |
L3 |
DCL09-C |
low |
unlikely |
low |
P3 |
L3 |
DCL10-C |
high |
probable |
high |
P6 |
L2 |
DCL11-C |
high |
probable |
high |
P6 |
L2 |
DCL12-C |
low |
unlikely |
high |
P1 |
L3 |
DCL13-C |
low |
unlikely |
low |
P3 |
L3 |
DCL14-C |
medium |
probable |
medium |
P8 |
L2 |
DCL15-C |
low |
unlikely |
low |
P3 |
L3 |
DCL17-C |
medium |
probable |
high |
P4 |
L3 |
DCL18-C |
low |
unlikely |
low |
P3 |
L3 |
DCL19-C |
low |
unlikely |
medium |
P2 |
L3 |
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DCL30-C |
high |
probable |
high |
P6 |
L2 |
DCL31-C |
low |
unlikely |
low |
P3 |
L3 |
DCL32-C |
medium |
unlikely |
low |
P6 |
L2 |
DCL33-C |
medium |
probable |
high |
P4 |
L3 |
DCL34-C |
low |
probable |
high |
P2 |
L3 |
DCL35-C |
low |
probable |
medium |
P4 |
L3 |
DCL36-C |
medium |
probable |
medium |
P8 |
L2 |
PRE32-C. Do not use preprocessor directives inside macro arguments CERT C Secure Coding Standard