SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Barbara White

Saved on

compared with

New Version 22

changes.mady.by.user Sandy Shrum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This coding standard is organized into 11 chapters containing that contain rules in specific topic areas followed by five four appendices. Appendix A contains the bibliography. Appendix B lists the definitions of terms used throughout the standard. Appendix C lists the analyzers that claim to support checking for conformance to the rules. Appendix D lists the relationships between rules. Appendix E lists the Risk Assessments relationships between the rules of this standard and two other related guidelines: MISRA C++ 2008: Guidelines for the Use of the C++ Language in Critical Systems [MISRA 2008] and MITRE's Common Weakness Enumeration (CWE) [MITRE 2010]. Appendix D lists the risk assessments associated with all of the rules in the coding standard.

Most rules have a consistent structure. Each rule in this standard has a unique identifier, which is included in the title. The title and the introductory paragraphs define the rule and are typically followed by one or more pairs of noncompliant code examples and compliant solutions. Each rule also includes a risk assessment, related guidelines, and a bibliography (where applicable). Rules may also include a table of related vulnerabilities.

Identifiers

Each rule and recommendation is (see Rules Versus Recommendations) is given a unique identifier. These identifiers consist of three parts:

...

  • INT50-CPP Do not cast to an out-of-range enumeration value
    • This identifier indicates a rule
    • “INT” stands for the Integer category
    • “50” is the unique identifier
    • “-CPP” stands for the C++ language
  • EXP00-J Do not ignore values returned by methods
    • This identifier indicates a rule
    • “EXP” stands for the Expressions category
    • “00” is the unique identifier
    • “-J” stands for the Java language
  •  FLP00-C. Understand the limitations of floating-point numbers
    • This identifier indicates a recommendation
    • “FLP” stands for the Floating Point category
    • “00” is the unique identifier
    • “-C” stands for the C programming language

Noncompliant Code Examples and Compliant Solutions

Noncompliant code examples illustrate code that violates the guideline under discussion. It is important to note that these are only examples, and eliminating all occurrences of the example does not necessarily mean that the code being analyzed is now compliant with the guideline.

Noncompliant code examples are typically followed by compliant solutions, which show how the noncompliant code example can be recoded in a secure, compliant manner. Except where noted, noncompliant code examples should contain violations only of the guideline under discussion. Compliant solutions should comply with all of the secure coding rules but may on occasion fail to comply with a recommendation.

Exceptions

Any rule or recommendation may specify a small set of exceptions detailing the circumstances under which the guideline is not necessary to ensure the safety, reliability, or security of software. Exceptions are informative only and are not required to be followed.

Risk Assessment

Each guideline in the CERT C++ Coding Standard contains a risk assessment section that attempts to provide software developers with an indication of the potential consequences of not addressing a particular rule or recommendation in their code (along with some indication of expected remediation costs). This information may be used to prioritize the repair of rule violations by a development team. The metric is designed primarily for remediation projects. It is generally assumed that new code will be developed to be compliant with the entire coding standard and applicable recommendations.

...

Recommendations are not compulsory and are provided for information purposes only.

Automated Detection

On the wiki, both rules and recommendations frequently have sections that describe automated detection. These sections provide additional information on analyzers that can automatically diagnose violations of coding guidelines. Most automated analyses for the C++ programming language are neither sound nor complete, so the inclusion of a tool in this section typically means that the tool can diagnose some violations of this particular rule. The Secure Coding Validation Suite can be used to test the ability of analyzers to diagnose violations of rules from ISO/IEC TS 17961:2013, which is related to the rules in the c.

Include Page
seccode:Verification of Mappings to Static Analysis Tool Checkers
seccode:Verification of Mappings to Static Analysis Tool Checkers

Related Vulnerabilities

The risk assessment sections on the wiki also contain a link to search for related vulnerabilities on the CERT website. Whenever possible, CERT Vulnerability Notes are tagged with a keyword corresponding to the unique ID of the coding guideline. This search provides you with an up-to-date list of real-world vulnerabilities that have been determined to be at least partially caused by a violation of this specific guideline. These vulnerabilities are labeled as such only when the vulnerability analysis team at the CERT/CC is able to evaluate the source code and precisely determine the cause of the vulnerability. Because many vulnerability notes refer to vulnerabilities in closed-source software systems, it is not always possible to provide this additional analysis. Consequently, the related vulnerabilities field tends to be somewhat sparsely populated.

Related vulnerability sections are included only for specific rules in this standard, when the information is both relevant and interesting.

Related Guidelines

The related guidelines sections contain links to guidelines in related standards, technical specifications, and guideline collections such as Information Technology—Programming Languages, Their Environments and System Software Interfaces—C Secure Coding Rules [ISO/IEC TS 17961:2013]; Information Technology—Programming Languages —Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use [ISO/IEC TR 24772:2013]; MISRA C++ 2008: Guidelines for the Use of the C++ Language in Critical Systems [MISRA C++:2008]; and CWE IDs in MITRE’s Common Weakness Enumeration (CWE) [MITRE 2010].

...

The other referenced technical specifications, technical reports, and guidelines are commercially available.

Bibliography

Most guidelines have a small bibliography section that lists documents and sections in those documents that provide information relevant to the guideline.

...