cp-mapping

C checkers	CERT C Secure Coding Standard
BAD_COMPARE	MSC02-A. Avoid errors of omission
BAD_FREE	MEM34-C. Only free memory allocated dynamically
CHAR_IO	FIO34-C. Use int to capture the return value of character IO functions
CHECKED_RETURN	FIO33-C. Detect and handle input output errors resulting in undefined behavior
DEADCODE	MSC07-A. Detect and remove dead code
FORWARD_NULL	EXP34-C. Ensure a pointer is valid before dereferencing it
MISSING_RETURN	MSC02-A. Avoid errors of omission
NEGATIVE_RETURNS	INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
NO_EFFECT	MSC12-A. Detect and remove code that has no effect
NULL_RETURNS	EXP34-C. Ensure a pointer is valid before dereferencing it
OVERRUN_STATIC	STR34-C. Do not copy data from an unbounded source to a fixed-length array
OVERRUN_DYNAMIC	STR34-C. Do not copy data from an unbounded source to a fixed-length array
RESOURCE_LEAK	MEM31-C. Free dynamically allocated memory exactly once
RETURN_LOCAL	DCL30-C. Do not refer to an object outside of its lifetime
REVERSE_INULL	EXP34-C. Ensure a pointer is valid before dereferencing it
REVERSE_NEGATIVE	INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
SIZECHECK	MEM35-C. Allocate sufficient memory for an object
STACK_USE	MEM05-A. Avoid large stack allocations
UNINIT	EXP33-C. Do not reference uninitialized variables
UNUSED_VALUE	MSC13-A. Detect and remove unused values
USE_AFTER_FREE	MEM30-C. Do not access freed memory, MEM31-C. Free dynamically allocated memory exactly once
VARARGS	No equivalent

C++ Checkers	CERT C++ Secure Coding Standard
BAD_OVERRIDE	No equivalent
CTOR_DTOR_LEAK	No equivalent
DELETE_ARRAY	No equivalent
INVALIDATE_ITERATOR	STL30-C. Use Valid Iterators
PASS_BY_VALUE	No equivalent
UNCAUGHT_EXCEPT	ERR30-C. Check for all error conditions
UNINIT_CTOR	No equivalent
WRAPPER_ESCAPE	No equivalent

Concurrency Checkers	CERT C Secure Coding Standard
LOCK	Out of scope
ORDER_REVERSAL	Out of scope
SLEEP	Out of scope

Security checkers	CERT C Secure Coding Standard
BUFFER_SIZE	STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator, ARR33-C. Guarantee that copies are made into storage of sufficient size
CHROOT	Out of scope
OPEN_ARGS	FIO03-A. Do not make assumptions about fopen() and file creation
READLINK	POS30-C. Use the readlink() function properly
SECURE_CODING	STR34-C. Do not copy data from an unbounded source to a fixed-length array, others?
SECURE_TEMP	TMP30-C. Temporary files must created with unique and unpredictable file names, TMP31-C. Temporary files must have an unpredictable name, TMP32-C. Temporary files must be opened with exclusive access, TMP33-C. Temporary files must be removed before the program exits, TMPxx-C. Temporary file names must be unique when the file is created
STRING_OVERFLOW	STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
STRING_NULL	STR32-C. Guarantee that all byte strings are null-terminated
STRING_SIZE	STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
TAINTED_SCALAR	ARR30-C. Guarantee that array indices are within the valid range, INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data, INT32-C. Ensure that integer operations do not result in an overflow
TAINTED_STRING	STR02-A. Sanitize data passed to complex subsystems, FIO30-C. Exclude user input from format strings, FIO02-A. Canonicalize file names originating from untrusted sources
TOCTOU	FIO03-A. Do not make assumptions about fopen() and file creation, FIO01-A. Prefer functions that do not rely on file names for identification, FIO08-A. Take care when calling remove() on an open file, others?
USER_POINTER	No equivalent

Space shortcuts

Page tree