diff --git a/c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.md b/c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.md index bafad6e688..e5403d0f7a 100644 --- a/c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.md +++ b/c/cert/src/rules/CON31-C/DoNotAllowAMutexToGoOutOfScopeWhileLocked.md @@ -165,7 +165,7 @@ CWE-667 = Union, CON31-C, POS48-C, list) where list = ## Implementation notes -None +This implementation does not allow for thread synchronization to be performed in subroutines. All synchronization must be performed within the context of the other thread management functions. ## References diff --git a/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.md b/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.md index 5cf6747dff..660e164cb3 100644 --- a/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.md +++ b/c/cert/src/rules/CON37-C/DoNotCallSignalInMultithreadedProgram.md @@ -105,6 +105,8 @@ Search for [vulnerabilities](https://wiki.sei.cmu.edu/confluence/display/c/BB.+D ## Implementation notes +This implementation does not consider threads created function pointers. + ## References * CERT-C: [CON37-C: Do not call signal() in a multithreaded program](https://wiki.sei.cmu.edu/confluence/display/c) diff --git a/c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.md b/c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.md index 03825f5376..17e4e95822 100644 --- a/c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.md +++ b/c/cert/src/rules/CON38-C/PreserveSafetyWhenUsingConditionVariables.md @@ -350,7 +350,7 @@ Search for [vulnerabilities](https://www.securecoding.cert.org/confluence/displa ## Implementation notes -None +This implementation does not attempt to identify unique condition variables and instead advocates for the usage of `cnd_broadcast`. ## References diff --git a/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.md b/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.md index da6cf2e1ed..b176e77da2 100644 --- a/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.md +++ b/c/cert/src/rules/CON41-C/WrapFunctionsThatCanFailSpuriouslyInLoop.md @@ -149,7 +149,7 @@ Search for [vulnerabilities](https://www.securecoding.cert.org/confluence/displa ## Implementation notes -None +This implementation does not attempt to identify a relationship between the condition variable and the atomic operation. ## References diff --git a/c/cert/src/rules/ENV31-C/EnvPointerIsInvalidAfterCertainOperations.md b/c/cert/src/rules/ENV31-C/EnvPointerIsInvalidAfterCertainOperations.md index bb222bfbce..c86861e4b8 100644 --- a/c/cert/src/rules/ENV31-C/EnvPointerIsInvalidAfterCertainOperations.md +++ b/c/cert/src/rules/ENV31-C/EnvPointerIsInvalidAfterCertainOperations.md @@ -218,7 +218,7 @@ Search for vulnerabilities resulting from the violation of this rule on the [CER ## Implementation notes -None +The rule is enforced in the context of a single function. ## References diff --git a/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.md b/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.md index b569443fec..bcde34316c 100644 --- a/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.md +++ b/c/cert/src/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.md @@ -249,7 +249,7 @@ FIO32-C = Union( CWE-67, list) where list = ## Implementation notes -None +The rule checks that filenames are not tainted. It does not verify that appropriate OS-specific checks are in place to exclude that the opened file is a device. ## References diff --git a/c/cert/src/rules/FIO34-C/DistinguishBetweenCharReadFromAFileAndEofOrWeof.md b/c/cert/src/rules/FIO34-C/DistinguishBetweenCharReadFromAFileAndEofOrWeof.md index 6d04ae9354..e872ae8f97 100644 --- a/c/cert/src/rules/FIO34-C/DistinguishBetweenCharReadFromAFileAndEofOrWeof.md +++ b/c/cert/src/rules/FIO34-C/DistinguishBetweenCharReadFromAFileAndEofOrWeof.md @@ -199,7 +199,7 @@ Therefore: FIO34-C = Subset( CWE-197) ## Implementation notes -None +The rule is enforced in the context of a single function. The query does not validate if the FILE status is handled correctly after being read. ## References diff --git a/c/cert/src/rules/FIO34-C/EndOfFileCheckPortability.md b/c/cert/src/rules/FIO34-C/EndOfFileCheckPortability.md index f6d1bdc661..5855bc9092 100644 --- a/c/cert/src/rules/FIO34-C/EndOfFileCheckPortability.md +++ b/c/cert/src/rules/FIO34-C/EndOfFileCheckPortability.md @@ -199,7 +199,7 @@ Therefore: FIO34-C = Subset( CWE-197) ## Implementation notes -None +The rule is enforced in the context of a single function. The query does not validate if the FILE status is handled correctly after being read. ## References diff --git a/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.md b/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.md index 45a3faf210..f39749cf78 100644 --- a/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.md +++ b/c/cert/src/rules/FIO37-C/SuccessfulFgetsOrFgetwsMayReturnAnEmptyString.md @@ -102,7 +102,7 @@ CWE-241 = Union( FIO37-C, list) where list = ## Implementation notes -None +The rule checks that access to a string returned by fgets() or fgetws() if protected by a guard condition. The rule is enforced in the context of a single function. ## References diff --git a/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.md b/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.md index 1289c5b2d8..c2a5d76395 100644 --- a/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.md +++ b/c/cert/src/rules/FIO39-C/DoNotAlternatelyIOFromAStreamWithoutPositioning.md @@ -135,7 +135,7 @@ This CWE is vague on what constitutes “improper control of a resource”. It c ## Implementation notes -None +The rule is enforced in the context of a single function. ## References diff --git a/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.md b/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.md index 9ade9f1fdc..91654e8ee2 100644 --- a/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.md +++ b/c/cert/src/rules/FIO42-C/CloseFilesWhenTheyAreNoLongerNeeded.md @@ -229,7 +229,7 @@ FIO42-C - CWE-403 = SPECIAL_CASES, where SPECIAL_CASES = ## Implementation notes -None +The rule is enforced in the context of a single function. ## References diff --git a/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.md b/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.md index 0e851012c6..bef8cafc81 100644 --- a/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.md +++ b/c/cert/src/rules/FIO46-C/UndefinedBehaviorAccessingAClosedFile.md @@ -68,7 +68,7 @@ Search for [vulnerabilities](https://wiki.sei.cmu.edu/confluence/display/c/BB.+D ## Implementation notes -None +The rule is enforced in the context of a single function. ## References diff --git a/c/cert/src/rules/MSC32-C/ProperlySeedPseudorandomNumberGenerators.md b/c/cert/src/rules/MSC32-C/ProperlySeedPseudorandomNumberGenerators.md index dedaf6d25a..e1e24344c6 100644 --- a/c/cert/src/rules/MSC32-C/ProperlySeedPseudorandomNumberGenerators.md +++ b/c/cert/src/rules/MSC32-C/ProperlySeedPseudorandomNumberGenerators.md @@ -162,7 +162,7 @@ MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They e ## Implementation notes -None +This rule will be checked by looking for calls to random that are no preceded by a call to srandom(). We perform a simple check for the argument to srandom() and verify it is not a literal (or a value easily deduced to be a literal). ## References diff --git a/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.md b/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.md index 76559426cd..dd0fb40f57 100644 --- a/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.md +++ b/c/cert/src/rules/STR31-C/StringsHasSufficientSpaceForTheNullTerminator.md @@ -475,7 +475,7 @@ Copying string data to a buffer that is too small to hold that data results in a Array access out of bounds, Buffer overflow from incorrect string format specifier, Destination buffer overflow in string manipulation, Invalid use of standard library string routine, Missing null in string array, Pointer access out of bounds, Tainted NULL or non-null-terminated string, Use of dangerous standard function -
Tool Version Checker Description
Astrée 22.04 Supported Astrée reports all buffer overflows resulting from copying data to a buffer that is not large enough to hold that data.
Axivion Bauhaus Suite 7.2.0 CertC-STR31 Detects calls to unsafe string function that may cause buffer overflow Detects potential buffer overruns, including those caused by unsafe usage of fscanf()
CodeSonar 7.0p0 LANG.MEM.BO LANG.MEM.TO MISC.MEM.NTERM BADFUNC.BO.\* Buffer overrun Type overrun No space for null terminator A collection of warning classes that report uses of library functions prone to internal buffer overflows
Compass/ROSE Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example
Coverity 2017.07 STRING_OVERFLOW BUFFER_SIZE OVERRUN STRING_SIZE Fully implemented
Fortify SCA 5.0
Helix QAC 2022.2 C2840, C2841, C2842, C2843, C2845, C2846, C2847, C2848, C2930, C2931, C2932, C2933, C2935, C2936, C2937, C2938 C++0145, C++2840, C++2841, C++2842, C++2843, C++2845, C++2846, C++2847, C++2848, C++2930, C++2931, C++2932, C++2933, C++2935, C++2936, C++2937, C++2938
Klocwork 2022.2 SV.FMT_STR.BAD_SCAN_FORMAT SV.UNBOUND_STRING_INPUT.FUNC
LDRA tool suite 9.7.1 489 S, 109 D, 66 X, 70 X, 71 X Partially implemented
Parasoft C/C++test 2022.1 CERT_C-STR31-a CERT_C-STR31-b CERT_C-STR31-c CERT_C-STR31-d CERT_C-STR31-e Avoid accessing arrays out of bounds Avoid overflow when writing to a buffer Prevent buffer overflows from tainted data Avoid buffer write overflow from tainted data Avoid using unsafe string functions which may cause buffer overflows
PC-lint Plus 1.4 421, 498 Partially supported
Polyspace Bug Finder R2022a CERT C: Rule STR31-C Checks for: Use of dangerous standard functionse of dangerous standard function, missing null in string arrayissing null in string array, buffer overflow from incorrect string format specifieruffer overflow from incorrect string format specifier, destination buffer overflow in string manipulationestination buffer overflow in string manipulation, tainted null or non-null-terminated stringainted null or non-null-terminated string. Rule partially covered.
PRQA QA-C 9.7 5009, 5038, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938 Partially implemented
PRQA QA-C++ 4.4 0145, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938, 5006, 5038
PVS-Studio 7.19 V518 , V645 , V727 , V755
Splint 3.1.1
TrustInSoft Analyzer 1.38 mem_access Exhaustively verified (see one compliant and one non-compliant example ).
+
Tool Version Checker Description
Astrée 22.04 Supported Astrée reports all buffer overflows resulting from copying data to a buffer that is not large enough to hold that data.
Axivion Bauhaus Suite 7.2.0 CertC-STR31 Detects calls to unsafe string function that may cause buffer overflow Detects potential buffer overruns, including those caused by unsafe usage of fscanf()
CodeSonar 7.0p0 LANG.MEM.BO LANG.MEM.TO MISC.MEM.NTERM BADFUNC.BO.\* Buffer overrun Type overrun No space for null terminator A collection of warning classes that report uses of library functions prone to internal buffer overflows
Compass/ROSE Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example
Coverity 2017.07 STRING_OVERFLOW BUFFER_SIZE OVERRUN STRING_SIZE Fully implemented
Fortify SCA 5.0
Helix QAC 2022.2 C2840, C2841, C2842, C2843, C2845, C2846, C2847, C2848, C2930, C2931, C2932, C2933, C2935, C2936, C2937, C2938 C++0145, C++2840, C++2841, C++2842, C++2843, C++2845, C++2846, C++2847, C++2848, C++2930, C++2931, C++2932, C++2933, C++2935, C++2936, C++2937, C++2938
Klocwork 2022.2 SV.FMT_STR.BAD_SCAN_FORMAT SV.UNBOUND_STRING_INPUT.FUNC
LDRA tool suite 9.7.1 489 S, 109 D, 66 X, 70 X, 71 X Partially implemented
Parasoft C/C++test 2022.1 CERT_C-STR31-a CERT_C-STR31-b CERT_C-STR31-c CERT_C-STR31-d CERT_C-STR31-e Avoid accessing arrays out of bounds Avoid overflow when writing to a buffer Prevent buffer overflows from tainted data Avoid buffer write overflow from tainted data Avoid using unsafe string functions which may cause buffer overflows
PC-lint Plus 1.4 421, 498 Partially supported
Polyspace Bug Finder R2022a CERT C: Rule STR31-C Checks for: Use of dangerous standard functionse of dangerous standard function, missing null in string arrayissing null in string array, buffer overflow from incorrect string format specifieruffer overflow from incorrect string format specifier, destination buffer overflow in string manipulationestination buffer overflow in string manipulation, tainted null or non-null-terminated stringainted null or non-null-terminated string. Rule partially covered.
PRQA QA-C 9.7 5009, 5038, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938 Partially implemented
PRQA QA-C++ 4.4 0145, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938, 5006, 5038
PVS-Studio 7.20 V518 , V645 , V727 , V755
Splint 3.1.1
TrustInSoft Analyzer 1.38 mem_access Exhaustively verified (see one compliant and one non-compliant example ).
## Related Vulnerabilities @@ -574,7 +574,7 @@ CWE-193 involves an integer computation error (typically off-by-one), which is o ## Implementation notes -None +The enforcement of this rule does not try to approximate the effects of loops and as such may not find cases where a loop operation on a string fails to null terminate a string (or causes an overflow). ## References diff --git a/rule_packages/c/Concurrency1.json b/rule_packages/c/Concurrency1.json index 2dde41e511..15e38e941d 100644 --- a/rule_packages/c/Concurrency1.json +++ b/rule_packages/c/Concurrency1.json @@ -53,11 +53,13 @@ "precision": "very-high", "severity": "error", "short_name": "DoNotCallSignalInMultithreadedProgram", - "implementation_scope" : "This implementation does not consider threads created function pointers.", "tags": [ "correctness", "concurrency" - ] + ], + "implementation_scope": { + "description": "This implementation does not consider threads created function pointers." + } } ], "title": "Do not call signal() in a multithreaded program" diff --git a/rule_packages/c/Concurrency3.json b/rule_packages/c/Concurrency3.json index fccfd47e9d..a57b73f034 100644 --- a/rule_packages/c/Concurrency3.json +++ b/rule_packages/c/Concurrency3.json @@ -16,7 +16,10 @@ "tags": [ "correctness", "concurrency" - ] + ], + "implementation_scope": { + "description": "This implementation does not allow for thread synchronization to be performed in subroutines. All synchronization must be performed within the context of the other thread management functions." + } }, { "description": "Calling delete on a locked mutex removes protections around shared resources.", @@ -32,10 +35,7 @@ ] } ], - "title": "Do not destroy a mutex while it is locked", - "implementation_scope": { - "description": "This implementation does not allow for thread synchronization to be performed in subroutines. All synchronization must be performed within the context of the other thread management functions." - } + "title": "Do not destroy a mutex while it is locked" }, "CON38-C": { "properties": { @@ -53,13 +53,13 @@ "tags": [ "correctness", "concurrency" - ] + ], + "implementation_scope": { + "description": "This implementation does not attempt to identify unique condition variables and instead advocates for the usage of `cnd_broadcast`." + } } ], - "title": "Preserve thread safety and liveness when using condition variables", - "implementation_scope": { - "description": "This implementation does not attempt to identify unique condition variables and instead advocates for the usage of `cnd_broadcast`." - } + "title": "Preserve thread safety and liveness when using condition variables" }, "CON41-C": { "properties": { @@ -76,13 +76,13 @@ "tags": [ "correctness", "concurrency" - ] + ], + "implementation_scope": { + "description": "This implementation does not attempt to identify a relationship between the condition variable and the atomic operation." + } } ], - "title": "Wrap functions that can fail spuriously in a loop", - "implementation_scope": { - "description": "This implementation does not attempt to identify a relationship between the condition variable and the atomic operation." - } + "title": "Wrap functions that can fail spuriously in a loop" } } } \ No newline at end of file diff --git a/rule_packages/c/Contracts1.json b/rule_packages/c/Contracts1.json index c9be4424dd..ac405616ed 100644 --- a/rule_packages/c/Contracts1.json +++ b/rule_packages/c/Contracts1.json @@ -1,9 +1,6 @@ { "CERT-C": { "ENV30-C": { - "implementation_scope": { - "description": "None." - }, "properties": { "obligation": "rule" }, @@ -23,9 +20,6 @@ "title": "Do not modify the object referenced by the return value of certain functions" }, "ENV31-C": { - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - }, "properties": { "obligation": "rule" }, @@ -39,7 +33,10 @@ "short_name": "EnvPointerIsInvalidAfterCertainOperations", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], "title": "Do not rely on an environment pointer following an operation that may invalidate it" diff --git a/rule_packages/c/IO1.json b/rule_packages/c/IO1.json index 481843d7ff..f772d6c4ee 100644 --- a/rule_packages/c/IO1.json +++ b/rule_packages/c/IO1.json @@ -19,10 +19,7 @@ ] } ], - "title": "Exclude user input from format strings", - "implementation_scope": { - "description": "None." - } + "title": "Exclude user input from format strings" }, "FIO34-C": { "properties": { @@ -39,7 +36,10 @@ "tags": [ "correctness", "security" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function. The query does not validate if the FILE status is handled correctly after being read." + } }, { "description": "Checks against EOF are only portable to platforms where type `char` is less wide than type `int`.", @@ -51,13 +51,13 @@ "tags": [ "correctness", "security" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function. The query does not validate if the FILE status is handled correctly after being read." + } } ], - "title": "Distinguish between characters read from a file and EOF or WEOF", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function. The query does not validate if the FILE status is handled correctly after being read." - } + "title": "Distinguish between characters read from a file and EOF or WEOF" }, "FIO39-C": { "properties": { @@ -74,13 +74,13 @@ "shared_implementation_short_name": "IOFstreamMissingPositioning", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], - "title": "Do not alternately input and output from a stream without an intervening flush or positioning call", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - } + "title": "Do not alternately input and output from a stream without an intervening flush or positioning call" }, "FIO42-C": { "properties": { @@ -97,13 +97,13 @@ "tags": [ "correctness", "security" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], - "title": "Close files when they are no longer needed", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - } + "title": "Close files when they are no longer needed" }, "FIO46-C": { "properties": { @@ -120,13 +120,13 @@ "shared_implementation_short_name": "DoNotAccessAClosedFile", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], - "title": "Do not access a closed file", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - } + "title": "Do not access a closed file" } }, "MISRA-C-2012": { @@ -145,13 +145,13 @@ "shared_implementation_short_name": "DoNotAccessAClosedFile", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], - "title": "The value of a pointer to a FILE shall not be used after the associated stream has been closed", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - } + "title": "The value of a pointer to a FILE shall not be used after the associated stream has been closed" } } } \ No newline at end of file diff --git a/rule_packages/c/IO2.json b/rule_packages/c/IO2.json index 453592b29e..41c14a0d0e 100644 --- a/rule_packages/c/IO2.json +++ b/rule_packages/c/IO2.json @@ -18,10 +18,7 @@ ] } ], - "title": "Do not copy a FILE object", - "implementation_scope": { - "description": "None." - } + "title": "Do not copy a FILE object" }, "FIO40-C": { "properties": { @@ -41,10 +38,7 @@ ] } ], - "title": "Reset strings on fgets() or fgetws() failure", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function. Not all failing calls can be recognized statically, the rule looks for specific patterns in comparisons against NULL." - } + "title": "Reset strings on fgets() or fgetws() failure" }, "FIO41-C": { "properties": { @@ -63,10 +57,7 @@ ] } ], - "title": "Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects", - "implementation_scope": { - "description": "None." - } + "title": "Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects" }, "FIO44-C": { "properties": { @@ -85,10 +76,7 @@ ] } ], - "title": "Only use values for fsetpos() that are returned from fgetpos()", - "implementation_scope": { - "description": "None." - } + "title": "Only use values for fsetpos() that are returned from fgetpos()" } } } \ No newline at end of file diff --git a/rule_packages/c/IO3.json b/rule_packages/c/IO3.json index dafe8e4081..88062fbf7e 100644 --- a/rule_packages/c/IO3.json +++ b/rule_packages/c/IO3.json @@ -15,13 +15,13 @@ "tags": [ "correctness", "security" - ] + ], + "implementation_scope": { + "description": "The rule checks that filenames are not tainted. It does not verify that appropriate OS-specific checks are in place to exclude that the opened file is a device." + } } ], - "title": "Do not perform operations on devices that are only appropriate for files", - "implementation_scope": { - "description": "The rule checks that filenames are not tainted. It does not verify that appropriate OS-specific checks are in place to exclude that the opened file is a device." - } + "title": "Do not perform operations on devices that are only appropriate for files" }, "FIO37-C": { "properties": { @@ -37,13 +37,13 @@ "short_name": "SuccessfulFgetsOrFgetwsMayReturnAnEmptyString", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule checks that access to a string returned by fgets() or fgetws() if protected by a guard condition. The rule is enforced in the context of a single function." + } } ], - "title": "Do not assume that fgets() or fgetws() returns a nonempty string when successful", - "implementation_scope": { - "description": "The rule checks that access to a string returned by fgets() or fgetws() if protected by a guard condition. The rule is enforced in the context of a single function." - } + "title": "Do not assume that fgets() or fgetws() returns a nonempty string when successful" } }, "MISRA-C-2012": { @@ -61,13 +61,13 @@ "short_name": "FileOpenForReadAndWriteOnDifferentStreams", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], - "title": "The same file shall not be open for read and write access at the same time on different streams", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - } + "title": "The same file shall not be open for read and write access at the same time on different streams" }, "RULE-22-4": { "properties": { @@ -86,10 +86,7 @@ ] } ], - "title": "There shall be no attempt to write to a stream which has been opened as read-only", - "implementation_scope": { - "description": "None." - } + "title": "There shall be no attempt to write to a stream which has been opened as read-only" }, "RULE-22-5": { "properties": { @@ -108,10 +105,7 @@ ] } ], - "title": "A pointer to a FILE object shall not be dereferenced", - "implementation_scope": { - "description": "None." - } + "title": "A pointer to a FILE object shall not be dereferenced" }, "RULE-22-7": { "properties": { @@ -130,10 +124,7 @@ ] } ], - "title": "The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF", - "implementation_scope": { - "description": "None." - } + "title": "The macro EOF shall only be compared with the unmodified return value from any Standard Library function capable of returning EOF" } } } \ No newline at end of file diff --git a/rule_packages/c/Misc.json b/rule_packages/c/Misc.json index 8d7f515e2e..323ec17350 100644 --- a/rule_packages/c/Misc.json +++ b/rule_packages/c/Misc.json @@ -34,13 +34,13 @@ "short_name": "ProperlySeedPseudorandomNumberGenerators", "tags": [ "security" - ] + ], + "implementation_scope": { + "description": "This rule will be checked by looking for calls to random that are no preceded by a call to srandom(). We perform a simple check for the argument to srandom() and verify it is not a literal (or a value easily deduced to be a literal)." + } } ], - "title": "Properly seed pseudorandom number generators", - "implementation_scope": { - "description": "This rule will be checked by looking for calls to random that are no preceded by a call to srandom(). We perform a simple check for the argument to srandom() and verify it is not a literal (or a value easily deduced to be a literal)." - } + "title": "Properly seed pseudorandom number generators" }, "MSC37-C": { "properties": { diff --git a/rule_packages/c/Pointers1.json b/rule_packages/c/Pointers1.json index 1b1b94c9c3..2ec0775644 100644 --- a/rule_packages/c/Pointers1.json +++ b/rule_packages/c/Pointers1.json @@ -17,10 +17,7 @@ ] } ], - "title": "Conversions shall not be performed between a pointer to a function and any other type", - "implementation_scope": { - "description": "None." - } + "title": "Conversions shall not be performed between a pointer to a function and any other type" }, "RULE-11-2": { "properties": { @@ -39,10 +36,7 @@ ] } ], - "title": "Conversions shall not be performed between a pointer to an incomplete type and any other type", - "implementation_scope": { - "description": "None." - } + "title": "Conversions shall not be performed between a pointer to an incomplete type and any other type" }, "RULE-11-3": { "properties": { @@ -61,10 +55,7 @@ ] } ], - "title": "A cast shall not be performed between a pointer to object type and a pointer to a different object type", - "implementation_scope": { - "description": "None." - } + "title": "A cast shall not be performed between a pointer to object type and a pointer to a different object type" }, "RULE-11-4": { "properties": { @@ -83,10 +74,7 @@ ] } ], - "title": "A conversion should not be performed between a pointer to object and an integer type", - "implementation_scope": { - "description": "None." - } + "title": "A conversion should not be performed between a pointer to object and an integer type" }, "RULE-11-5": { "properties": { @@ -105,10 +93,7 @@ ] } ], - "title": "A conversion should not be performed from pointer to void into pointer to object", - "implementation_scope": { - "description": "None." - } + "title": "A conversion should not be performed from pointer to void into pointer to object" }, "RULE-11-6": { "properties": { @@ -127,10 +112,7 @@ ] } ], - "title": "A cast shall not be performed between pointer to void and an arithmetic type", - "implementation_scope": { - "description": "None." - } + "title": "A cast shall not be performed between pointer to void and an arithmetic type" }, "RULE-11-7": { "properties": { @@ -149,10 +131,7 @@ ] } ], - "title": "A cast shall not be performed between pointer to object and a non-integer arithmetic type", - "implementation_scope": { - "description": "None." - } + "title": "A cast shall not be performed between pointer to object and a non-integer arithmetic type" }, "RULE-11-8": { "properties": { @@ -171,10 +150,7 @@ ] } ], - "title": "A cast shall not remove any const or volatile qualification from the type pointed to by a pointer", - "implementation_scope": { - "description": "None." - } + "title": "A cast shall not remove any const or volatile qualification from the type pointed to by a pointer" }, "RULE-11-9": { "properties": { @@ -190,13 +166,13 @@ "short_name": "MacroNullNotUsedAsIntegerNullPointerConstant", "tags": [ "readability" - ] + ], + "implementation_scope": { + "description": "This rule allows two forms of null-pointer constants: a Zero literal created by the NULL macro or a Zero literal cast to a void pointer." + } } ], - "title": "The macro NULL shall be the only permitted form of integer null pointer constant", - "implementation_scope": { - "description": "This rule allows two forms of null-pointer constants: a Zero literal created by the NULL macro or a Zero literal cast to a void pointer." - } + "title": "The macro NULL shall be the only permitted form of integer null pointer constant" }, "RULE-18-1": { "properties": { @@ -216,10 +192,7 @@ ] } ], - "title": "A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand", - "implementation_scope": { - "description": "None." - } + "title": "A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand" }, "RULE-18-2": { "properties": { @@ -239,10 +212,7 @@ ] } ], - "title": "Subtraction between pointers shall only be applied to pointers that address elements of the same array", - "implementation_scope": { - "description": "None." - } + "title": "Subtraction between pointers shall only be applied to pointers that address elements of the same array" }, "RULE-18-3": { "properties": { @@ -262,10 +232,7 @@ ] } ], - "title": "The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object", - "implementation_scope": { - "description": "None." - } + "title": "The relational operators >, >=, < and <= shall not be applied to objects of pointer type except where they point into the same object" }, "RULE-18-4": { "properties": { @@ -285,10 +252,7 @@ ] } ], - "title": "The +, -, += and -= operators should not be applied to an expression of pointer type", - "implementation_scope": { - "description": "None." - } + "title": "The +, -, += and -= operators should not be applied to an expression of pointer type" }, "RULE-18-5": { "properties": { @@ -308,10 +272,7 @@ ] } ], - "title": "Declarations should contain no more than two levels of pointer nesting", - "implementation_scope": { - "description": "None." - } + "title": "Declarations should contain no more than two levels of pointer nesting" }, "RULE-18-6": { "properties": { @@ -331,10 +292,7 @@ ] } ], - "title": "The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist", - "implementation_scope": { - "description": "None." - } + "title": "The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist" }, "RULE-4-8": { "properties": { @@ -352,13 +310,13 @@ "readability", "maintainability", "readability" - ] + ], + "implementation_scope": { + "description": "This rule considers all cases where a structure or union is referenced as a pointer but has no FieldAccess within a translation unit. Further excluded from this rule are translation units in which the structure or union is declared as a non-pointer variable." + } } ], - "title": "If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden", - "implementation_scope": { - "description": "This rule considers all cases where a structure or union is referenced as a pointer but has no FieldAccess within a translation unit. Further excluded from this rule are translation units in which the structure or union is declared as a non-pointer variable." - } + "title": "If a pointer to a structure or union is never dereferenced within a translation unit, then the implementation of the object should be hidden" }, "RULE-8-13": { "properties": { @@ -376,13 +334,13 @@ "correctness", "maintainability", "readability" - ] + ], + "implementation_scope": { + "description": "To exclude compliant exceptions, this rule only excludes direct assignments of pointers to non-const-qualified types in the context of a single function and does not cover memory-copying functions. This rule also excludes pointers passed to other functions without conversion." + } } ], - "title": "A pointer should point to a const-qualified type whenever possible", - "implementation_scope": { - "description": "To exclude compliant exceptions, this rule only excludes direct assignments of pointers to non-const-qualified types in the context of a single function and does not cover memory-copying functions. This rule also excludes pointers passed to other functions without conversion." - } + "title": "A pointer should point to a const-qualified type whenever possible" } } } \ No newline at end of file diff --git a/rule_packages/c/Strings1.json b/rule_packages/c/Strings1.json index 159034b4aa..a0347aefc2 100644 --- a/rule_packages/c/Strings1.json +++ b/rule_packages/c/Strings1.json @@ -35,13 +35,13 @@ "tags": [ "correctness", "security" - ] + ], + "implementation_scope": { + "description": "The enforcement of this rule does not try to approximate the effects of loops and as such may not find cases where a loop operation on a string fails to null terminate a string (or causes an overflow)." + } } ], - "title": "Guarantee that storage for strings has sufficient space for character data and the null terminator", - "implementation_scope": { - "description": "The enforcement of this rule does not try to approximate the effects of loops and as such may not find cases where a loop operation on a string fails to null terminate a string (or causes an overflow)." - } + "title": "Guarantee that storage for strings has sufficient space for character data and the null terminator" }, "STR32-C": { "properties": { diff --git a/rule_packages/cpp/IO.json b/rule_packages/cpp/IO.json index 87edd72e83..9ad0650e62 100644 --- a/rule_packages/cpp/IO.json +++ b/rule_packages/cpp/IO.json @@ -19,13 +19,13 @@ "shared_implementation_short_name": "IOFstreamMissingPositioning", "tags": [ "correctness" - ] + ], + "implementation_scope": { + "description": "The rule is enforced in the context of a single function." + } } ], - "title": "Alternate input and output operations on a file stream shall not be used without an intervening flush or positioning call.", - "implementation_scope": { - "description": "The rule is enforced in the context of a single function." - } + "title": "Alternate input and output operations on a file stream shall not be used without an intervening flush or positioning call." } }, "CERT-C++": { @@ -70,4 +70,4 @@ "title": "Close files when they are no longer needed" } } -} +} \ No newline at end of file diff --git a/rule_packages/cpp/TypeRanges.json b/rule_packages/cpp/TypeRanges.json index 16887f1d72..e7f7b9425e 100644 --- a/rule_packages/cpp/TypeRanges.json +++ b/rule_packages/cpp/TypeRanges.json @@ -101,13 +101,13 @@ "tags": [ "correctness", "security" - ] + ], + "implementation_scope": { + "description": "The query is limited to the case of user input in format strings." + } } ], - "title": "Inputs from independent components shall be validated.", - "implementation_scope": { - "description": "The query is limited to the case of user input in format strings." - } + "title": "Inputs from independent components shall be validated." }, "A7-2-1": { "properties": {