CERT
Skip to end of metadata
Go to start of metadata

Eliminated Guideline

This guideline has been labeled void and designated for future elimination from the C++ Secure Coding Practices: It has been superseded by MSC00-CPP. Compile cleanly at high warning levels. It has not been erased yet in case it contains information that might still be useful.


Compile code using the highest warning level available for your compiler and eliminate warnings by modifying the code.

Exceptions

Compilers can produces diagnostic messages for correct code. This is permitted by C99 which allows a compiler to produce a diagnostic for any reason it wants. It is often preferable to rewrite code to eliminate compiler warnings, but in if the code is correct it is sufficient to provide a comment explaining why the warning message does not apply.

Risk Assessment

Eliminating violations of syntax rules and other constraints can eliminate serious software vulnerabilities that can lead to the execution of arbitrary code with the permissions of the vulnerable process.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC00-A

3 (high)

2 (probable)

2 (medium)

P12

L1

References

[Sutter 05] Item 1.
[Seacord 05] Chapter 8 Recommended Practices.
[Lockheed Martin 05] AV Rule 218 Compiler warning levels will be set in compliance with project policies.