|
Checker
|
Guideline
|
|---|
|
arithOperationsOnVoidPointer
|
API04-C. Provide a consistent and usable error-checking mechanism
|
|
arrayIndexOutOfBoundsCond
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
assignmentInAssert
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
autoVariables
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
autovarInvalidDeallocation
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C01
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C02
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C03
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C04
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C05
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C06
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C07
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C08
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C08
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C09
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C10
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C11
|
CON02-C. Do not use volatile as a synchronization primitive
|
|
C12
|
CON05-C. Do not perform operations that can block while holding a lock
|
|
C13
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C14
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C15
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C16
|
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
|
|
C17
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C18
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C19
|
DCL31-C. Declare identifiers before using them
|
|
C20
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C21
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C22
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C23
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C24
|
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
|
|
C25
|
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
|
|
C26
|
DCL40-C. Do not create incompatible declarations of the same function or object
|
|
C27
|
ENV30-C. Do not modify the object referenced by the return value of certain functions
|
|
C28
|
ENV30-C. Do not modify the object referenced by the return value of certain functions
|
|
C29
|
ENV30-C. Do not modify the object referenced by the return value of certain functions
|
|
C31
|
ERR04-C. Choose an appropriate termination strategy
|
|
C32
|
ERR05-C. Application-independent code should provide error detection without dictating error handling
|
|
C33
|
ERR05-C. Application-independent code should provide error detection without dictating error handling
|
|
C34
|
ERR32-C. Do not rely on indeterminate values of errno
|
|
C37
|
EXP00-C. Use parentheses for precedence of operation
|
|
C37
|
EXP08-C. Ensure pointer arithmetic is used correctly
|
|
C38
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C39
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C40
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C42
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C44
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C45
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C46
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C46
|
EXP09-C. Use sizeof to determine the size of a type or variable
|
|
C47
|
EXP12-C. Do not ignore values returned by functions
|
|
C48
|
EXP12-C. Do not ignore values returned by functions
|
|
C49
|
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
|
|
C50
|
EXP30-C. Do not depend on the order of evaluation for side effects
|
|
C50
|
EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
|
|
C51
|
EXP19-C. Use braces for the body of an if, for, or while statement
|
|
C52
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C54
|
EXP33-C. Do not read uninitialized memory
|
|
C55
|
EXP33-C. Do not read uninitialized memory
|
|
C56
|
EXP33-C. Do not read uninitialized memory
|
|
C57
|
EXP33-C. Do not read uninitialized memory
|
|
C58
|
EXP33-C. Do not read uninitialized memory
|
|
C59
|
EXP33-C. Do not read uninitialized memory
|
|
C60
|
EXP33-C. Do not read uninitialized memory
|
|
C61
|
EXP33-C. Do not read uninitialized memory
|
|
C62
|
EXP33-C. Do not read uninitialized memory
|
|
C63
|
EXP33-C. Do not read uninitialized memory
|
|
C64
|
EXP34-C. Do not dereference null pointers
|
|
C65
|
EXP34-C. Do not dereference null pointers
|
|
C66
|
EXP34-C. Do not dereference null pointers
|
|
C67
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C68
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C69
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C70
|
EXP36-C. Do not cast pointers into more strictly aligned pointer types
|
|
C71
|
EXP37-C. Call functions with the correct number and type of arguments
|
|
C73
|
EXP40-C. Do not modify constant objects
|
|
C73
|
EXP46-C. Do not use a bitwise operator with a Boolean-like operand
|
|
C76
|
FIO21-C. Do not create temporary files in shared directories
|
|
C77
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C78
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C79
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C80
|
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
|
|
C80
|
FIO42-C. Close files when they are no longer needed
|
|
C81
|
FIO47-C. Use valid format strings
|
|
C82
|
FIO47-C. Use valid format strings
|
|
C83
|
FIO47-C. Use valid format strings
|
|
C83
|
FIO47-C. Use valid format strings
|
|
C84
|
FIO47-C. Use valid format strings
|
|
C85
|
FIO47-C. Use valid format strings
|
|
C86
|
FIO47-C. Use valid format strings
|
|
C86
|
FIO47-C. Use valid format strings
|
|
C87
|
FLP03-C. Detect and handle floating-point errors
|
|
C88
|
FLP34-C. Ensure that floating-point conversions are within range of the new type
|
|
C101
|
ARR32-C. Ensure size arguments for variable length arrays are in a valid range
|
|
C107
|
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
|
|
C109
|
ARR38-C. Guarantee that library functions do not form invalid pointers
|
|
C122
|
CON40-C. Do not refer to an atomic variable twice in an expression
|
|
C123
|
CON40-C. Do not refer to an atomic variable twice in an expression
|
|
C126
|
DCL01-C. Do not reuse variable names in subscopes
|
|
C127
|
DCL01-C. Do not reuse variable names in subscopes
|
|
C129
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C130
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C132
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C133
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C135
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C154
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C155
|
DCL03-C. Use a static assertion to test the value of a constant expression
|
|
C176
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C177
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C178
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C179
|
DCL30-C. Declare objects with appropriate storage durations
|
|
C999
|
INT01-C. Use size_t or rsize_t for all integer values representing the size of an object
|
|
CbOB
|
INT02-C. Understand integer conversion rules
|
|
CconstVariable
|
INT02-C. Understand integer conversion rules
|
|
CdLT
|
INT02-C. Understand integer conversion rules
|
|
CdoubleFree
|
INT02-C. Understand integer conversion rules
|
|
CduplicateCondition
|
INT02-C. Understand integer conversion rules
|
|
CE6
|
INT02-C. Understand integer conversion rules
|
|
CE6_S
|
INT02-C. Understand integer conversion rules
|
|
CE7
|
INT02-C. Understand integer conversion rules
|
|
CE8
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
CE11
|
INT02-C. Understand integer conversion rules
|
|
CE12
|
INT02-C. Understand integer conversion rules
|
|
CE13
|
INT02-C. Understand integer conversion rules
|
|
CE256
|
INT02-C. Understand integer conversion rules
|
|
CfCO
|
INT02-C. Understand integer conversion rules
|
|
CinvalidLifetime
|
INT02-C. Understand integer conversion rules
|
|
CinvalidScanfArgType_int
|
INT02-C. Understand integer conversion rules
|
|
CiRV
|
INT02-C. Understand integer conversion rules
|
|
CiSFW
|
INT02-C. Understand integer conversion rules
|
|
CknownConditionTrueFalse
|
INT02-C. Understand integer conversion rules
|
|
clarifyCalculation
|
INT08-C. Verify that all integer values are in range
|
|
ClRVNU
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmAD
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmemleakOnRealloc
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmissingReturn
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CMR
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CmVOOR
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CnAS
|
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
|
|
CNI
|
INT32-C. Ensure that operations on signed integers do not result in overflow
|
|
CPP_02
|
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
|
|
CPP_03
|
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
|
|
CPP_05
|
INT36-C. Converting a pointer to integer or integer to pointer
|
|
CPP_07
|
MEM03-C. Clear sensitive information stored in reusable resources
|
|
CPP_08
|
MEM04-C. Beware of zero-length allocations
|
|
CPP_010
|
MEM05-C. Avoid large stack allocations
|
|
CPP_11
|
MEM10-C. Define and use a pointer validation function
|
|
CPP_12
|
MEM30-C. Do not access freed memory
|
|
CPP_17
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_18
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_22
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_23
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_24
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_25
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_26
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_27
|
MEM31-C. Free dynamically allocated memory when no longer needed
|
|
CPP_028
|
MEM33-C. Allocate and copy structures containing a flexible array member dynamically
|
|
CPP_31
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_32
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_33
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_34
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_35
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_36
|
MEM34-C. Only free memory allocated dynamically
|
|
CPP_039
|
MEM35-C. Allocate sufficient memory for an object
|
|
CPP_44
|
MSC01-C. Strive for logical completeness
|
|
CPP_48
|
MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
|
|
CPP_57
|
MSC07-C. Detect and remove dead code
|
|
CPP_58
|
MSC07-C. Detect and remove dead code
|
|
CPP_59
|
MSC07-C. Detect and remove dead code
|
|
CPP_60
|
MSC07-C. Detect and remove dead code
|
|
CPP_61
|
MSC07-C. Detect and remove dead code
|
|
CPP_62
|
MSC07-C. Detect and remove dead code
|
|
CPP_uninitvar
|
MSC07-C. Detect and remove dead code
|
|
CPPCrypt
|
MSC07-C. Detect and remove dead code
|
|
CPPDSLHardcoded
|
MSC07-C. Detect and remove dead code
|
|
CPPDSLRAND
|
MSC07-C. Detect and remove dead code
|
|
CPPDSLWES
|
MSC07-C. Detect and remove dead code
|
|
CpPED
|
MSC07-C. Detect and remove dead code
|
|
CPPEnterCriticalSection
|
MSC07-C. Detect and remove dead code
|
|
CPPIsBadWritePtr
|
MSC07-C. Detect and remove dead code
|
|
CPPLoadLibrary
|
MSC07-C. Detect and remove dead code
|
|
CPPLoop
|
MSC07-C. Detect and remove dead code
|
|
CPPOftenMisured
|
MSC09-C. Character encoding: Use subset of ASCII for safety
|
|
CPPPBE
|
MSC11-C. Incorporate diagnostic tests using assertions
|
|
CPtr
|
MSC12-C. Detect and remove code that has no effect or is never executed
|
|
CsFPC
|
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
|
|
ctuNullPointer
|
MSC20-C. Do not use a switch statement to transfer control into a complex block
|
|
ctuOneDefinitionRuleViolation
|
MSC21-C. Use robust loop termination conditions
|
|
CuEV
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CvariableScope
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CWE395TEST_2_CPP
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CWE561P25
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CwPSPPE
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
CzDC
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
deallocret
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
integerOverflowCond
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
invalidContainer
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
invalidFunctionArg
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
leakUnsafeArgAlloc
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
memleak
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
memleakOnRealloc
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
noCopyConstructor
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
noOperatorEq
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
nullPointerRedundantCheck
|
MSC24-C. Do not use deprecated or obsolescent functions
|
|
oppositeExpression
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
redundantPointerOp
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_01
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_02
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_03
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_04
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_05
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_06
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_07
|
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
|
|
RTOS_09
|
MSC37-C. Ensure that control never reaches the end of a non-void function
|
|
RTOS_13
|
MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
|
|
RTOS_14
|
MSC41-C. Never hard code sensitive information
|
|
RTOS_18
|
MSC25-C. Do not use insecure or weak cryptographic algorithms
|
|
RTOS_19
|
POS01-C. Check for the existence of links when dealing with files
|
|
RTOS_20
|
POS52-C. Do not perform operations that can block while holding a POSIX lock
|
|
RTOS_22
|
PRE04-C. Do not reuse a standard header file name
|
|
RTOS_26
|
PRE13-C. Use the Standard predefined macros to test for versions and features.
|
|
RTOS_27
|
PRE30-C. Do not create a universal character name through concatenation
|
|
RTOS_28
|
PRE31-C. Avoid side effects in arguments to unsafe macros
|
|
RTOS_31
|
STR05-C. Use pointers to const when referring to string literals
|
|
RTOS_33
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
RTOS_34
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
shadowVariable
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
shiftTooManyBits
|
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
|
|
UNSAFE_01
|
STR37-C. Arguments to character-handling functions must be representable as an unsigned char
|
|
UNSAFE_02
|
STR38-C. Do not confuse narrow and wide character strings and functions
|
|
UNSAFE_03
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
UNSAFE_04
|
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
|
|
UNSAFE_05
|
WIN02-C. Restrict privileges when spawning child processes
|
