TICS Coding Standard Viewer 
TIOBE Software Quality Framework
Print-friendly version
©TIOBE Software www.tiobe.com
 
C++ Coding Standard
Search

Category: Security

Synopsis:Security rules


Description:
Security rules from the Software Engineering Institute at the Carnegie Mellon University.

Coding Rules

NameCheckedSynopsis
ARR38-C Checked automatically with code checker Guarantee that library functions do not form invalid pointers
DCL50-CPP Checked automatically with code checker Do not define a C-style variadic function
ENV33-C Checked automatically with code checker Do not call system()
ERR33-C Checked automatically with code checker Detect and handle standard library errors
ERR54-CPP Checked automatically with code checker Catch handlers should order their parameter types from most derived to least derived
EXP34-C Checked automatically with code checker Do not dereference null pointers
EXP53-CPP Checked automatically with code checker Do not read uninitialized memory
EXT01-CPP Checked automatically with code checker The called function is unsafe for security related code
EXT02-CPP Checked automatically with code checker non-constant printf format string may be susceptible to format string attacks
EXT03-CPP Checked automatically with code checker Calling a function which may pose a security risk if it is used inappropriately
EXT04-CPP Checked automatically with code checker Using an insecure temporary file creation function
EXT05-CPP Checked automatically with code checker A user-land pointer is dereferenced without safety checks in the kernel
FIO30-C Checked automatically with code checker Exclude user input from format strings
FIO34-C Checked automatically with code checker Distinguish between characters read from a file and EOF or WEOF
FIO37-C Checked automatically with code checker Do not assume that fgets() or fgetws() returns a nonempty string when successful
FIO45-C Checked automatically with code checker Avoid TOCTOU race conditions while accessing files
MEM50-CPP Checked automatically with code checker Do not access freed memory
MEM56-CPP Checked automatically with code checker Do not store an already-owned pointer value in an unrelated smart pointer
MSC30-C Checked automatically with code checker Do not use the rand() function for generating pseudorandom numbers
MSC33-C Checked automatically with code checker Do not pass invalid data to the asctime() function
MSC51-CPP Checked automatically with code checker Ensure your random number generator is properly seeded
STR31-C Checked automatically with code checker Guarantee that storage for strings has sufficient space for character data and the null terminator
STR32-C Checked automatically with code checker Do not pass a non-null-terminated character sequence to a library function that expects a string
STR38-C Checked automatically with code checker Do not confuse narrow and wide character strings and functions
STR50-CPP Checked automatically with code checker Guarantee that storage for strings has sufficient space for character data and the null terminator
STR51-CPP Checked automatically with code checker Do not attempt to create a std::string from a null pointer