Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (6)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
SEI CERT C Coding Standard
Page Information
Title:
SEI CERT C Coding Standard
Author:
Admin
May 24, 2006
Last Changed by:
David Svoboda
Apr 04, 2024
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/rNUxBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT C++ Coding Standard (34)
Page:
MSC54-CPP. A signal handler must be a plain old function
Page:
EXP54-CPP. Do not access an object outside of its lifetime
Page:
OOP51-CPP. Do not slice derived objects
Page:
EXP50-CPP. Do not depend on the order of evaluation for side effects
Page:
STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
Page:
CON55-CPP. Preserve thread safety and liveness when using condition variables
Page:
CTR50-CPP. Guarantee that container indices and iterators are within the valid range
Page:
CON53-CPP. Avoid deadlock by locking in a predefined order
Home page:
SEI CERT C++ Coding Standard
Page:
CTR52-CPP. Guarantee that library functions do not overflow
Page:
MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers
Page:
CTR55-CPP. Do not use an additive operator on an iterator if the result would overflow
Page:
STR51-CPP. Do not attempt to create a std::string from a null pointer
Page:
DCL55-CPP. Avoid information leakage when passing a class object across a trust boundary
Page:
ERR62-CPP. Detect errors when converting a string to a number
Page:
CON52-CPP. Prevent data races when accessing bit-fields from multiple threads
Page:
CON51-CPP. Ensure actively held locks are released on exceptional conditions
Page:
EXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type
Page:
MEM50-CPP. Do not access freed memory
Page:
EXP53-CPP. Do not read uninitialized memory
Page:
CTR54-CPP. Do not subtract iterators that do not refer to the same container
Page:
MEM52-CPP. Detect and handle memory allocation errors
Page:
CON54-CPP. Wrap functions that can spuriously wake up in a loop
Page:
CTR56-CPP. Do not use pointer arithmetic on polymorphic objects
Page:
EXP52-CPP. Do not rely on side effects in unevaluated operands
Page:
Relation to the CERT C Coding Standard
Page:
Rules from C
Page:
DCL51-CPP. Do not declare or define a reserved identifier
Page:
MEM51-CPP. Properly deallocate dynamically allocated resources
Page:
MSC51-CPP. Ensure your random number generator is properly seeded
Page:
CON56-CPP. Do not speculatively lock a non-recursive mutex that is already owned by the calling thread
Page:
CON50-CPP. Do not destroy a mutex while it is locked
Page:
How this Coding Standard Is Organized
Page:
MEM55-CPP. Honor replacement dynamic storage management requirements
Android (2)
Page:
DRD19. Properly verify server certificate on SSL/TLS
Page:
AA. Bibliography
CERT Secure Coding (2)
Home page:
SEI CERT Coding Standards
Page:
Deprecations
SEI CERT Oracle Coding Standard for Java (43)
Page:
NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
FIO04-J. Release resources when they are no longer needed
Page:
IDS06-J. Exclude unsanitized user input from format strings
Page:
Rule: Contents and Organization
Page:
Rec.: Audience
Page:
NUM01-J. Do not perform bitwise and arithmetic operations on the same data
Page:
EXP01-J. Do not use a null in a case where an object is required
Page:
MSC03-J. Never hard code sensitive information
Page:
IDS17-J. Prevent XML External Entity Attacks
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Page:
NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms
Page:
NUM54-J. Do not use denormalized numbers
Page:
FIO08-J. Distinguish between characters or bytes read from a stream and -1
Page:
EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
Page:
FIO03-J. Remove temporary files before termination
Page:
MSC02-J. Generate strong random numbers
Page:
NUM09-J. Do not use floating-point variables as loop counters
Page:
FIO14-J. Perform proper cleanup at program termination
Page:
FIO16-J. Canonicalize path names before validating them
Page:
NUM08-J. Check floating-point inputs for exceptional values
Page:
EXP00-J. Do not ignore values returned by methods
Page:
NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
Page:
Rec. Preface
Page:
NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
Page:
LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
Page:
MSC57-J. Strive for logical completeness
Page:
IDS50-J. Use conservative file naming conventions
Page:
FIO00-J. Do not operate on files in shared directories
Page:
FIO01-J. Create files with appropriate access permissions
Page:
EXP06-J. Expressions used in assertions must not produce side effects
Page:
IDS00-J. Prevent SQL injection
Page:
THI02-J. Notify all waiting threads rather than a single thread
Page:
Java Coding Guidelines
Page:
MSC05-J. Do not exhaust heap space
Page:
NUM00-J. Detect or prevent integer overflow
Page:
IDS16-J. Prevent XML Injection
Page:
NUM04-J. Do not use floating-point numbers if precise computation is required
Page:
Rec.: Scope
Page:
MSC61-J. Do not use insecure or weak cryptographic algorithms
Page:
DCL01-J. Do not reuse public identifiers from the Java Standard Library
Page:
THI05-J. Do not use Thread.stop() to terminate threads
Page:
LCK09-J. Do not perform operations that can block while holding a lock
Page:
Rec.: Contents and Organization
SEI CERT C Coding Standard (344)
Page:
PRE06-C. Enclose header files in an include guard
Page:
FLP07-C. Cast the return value of a function that returns a floating-point type
Page:
STR06-C. Do not assume that strtok() leaves the parse string unchanged
Page:
ARR38-C. Guarantee that library functions do not form invalid pointers
Page:
MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
Page:
Rule 02. Declarations and Initialization (DCL)
Page:
MEM03-C. Clear sensitive information stored in reusable resources
Page:
MSC00-C. Compile cleanly at high warning levels
Page:
Rec. 07. Characters and Strings (STR)
Page:
ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
Page:
Rec. 14. Concurrency (CON)
Page:
CON30-C. Clean up thread-specific storage
Page:
Rule 09. Input Output (FIO)
Page:
PRE08-C. Guarantee that header file names are unique
Page:
EXP09-C. Use sizeof to determine the size of a type or variable
Page:
PRE10-C. Wrap multistatement macros in a do-while loop
Page:
ERR34-C. Detect errors when converting a string to a number
Page:
ERR06-C. Understand the termination behavior of assert() and abort()
Page:
DCL01-C. Do not reuse variable names in subscopes
Page:
FLP03-C. Detect and handle floating-point errors
Page:
MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro
Page:
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
Page:
DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
Page:
FIO15-C. Ensure that file operations are performed in a secure directory
Page:
DCL08-C. Properly encode relationships in constant definitions
Page:
STR02-C. Sanitize data passed to complex subsystems
Page:
PRE32-C. Do not use preprocessor directives in invocations of function-like macros
Page:
EXP34-C. Do not dereference null pointers
Page:
MEM33-C. Allocate and copy structures containing a flexible array member dynamically
Page:
INT16-C. Do not make assumptions about representation of signed integers
Page:
ENV32-C. All exit handlers must return normally
Page:
DCL40-C. Do not create incompatible declarations of the same function or object
Page:
DCL04-C. Do not declare more than one variable per declaration
Page:
EXP08-C. Ensure pointer arithmetic is used correctly
Page:
EXP05-C. Do not cast away a const qualification
Page:
INT02-C. Understand integer conversion rules
Page:
CON36-C. Wrap functions that can spuriously wake up in a loop
Page:
EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators
Page:
FIO34-C. Distinguish between characters read from a file and EOF or WEOF
Page:
Rec. 06. Arrays (ARR)
Page:
EXP40-C. Do not modify constant objects
Page:
Rec. 03. Expressions (EXP)
Page:
CON39-C. Do not join or detach a thread that was previously joined or detached
Page:
INT07-C. Use only explicitly signed or unsigned char type for numeric values
Page:
FIO08-C. Take care when calling remove() on an open file
Page:
MSC32-C. Properly seed pseudorandom number generators
Page:
INT35-C. Use correct integer precisions
Page:
MEM06-C. Ensure that sensitive data is not written out to disk
Page:
DCL10-C. Maintain the contract between the writer and caller of variadic functions
Page:
STR37-C. Arguments to character-handling functions must be representable as an unsigned char
Page:
CON33-C. Avoid race conditions when using library functions
Page:
STR00-C. Represent characters using an appropriate type
Page:
ERR30-C. Take care when reading errno
Page:
DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
Page:
FLP32-C. Prevent or detect domain and range errors in math functions
Page:
MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
Page:
PRE07-C. Avoid using repeated question marks
Page:
INT14-C. Avoid performing bitwise and arithmetic operations on the same data
Page:
CON38-C. Preserve thread safety and liveness when using condition variables
Page:
MEM05-C. Avoid large stack allocations
Page:
MSC05-C. Do not manipulate time_t typed values directly
Page:
DCL21-C. Understand the storage of compound literals
Page:
Rule 07. Characters and Strings (STR)
Page:
POS54-C. Detect and handle POSIX library errors
Page:
POS47-C. Do not use threads that can be canceled asynchronously
Page:
DCL36-C. Do not declare an identifier with conflicting linkage classifications
Page:
Rule 14. Concurrency (CON)
Page:
SIG00-C. Mask signals handled by noninterruptible signal handlers
Page:
API01-C. Avoid laying out strings in memory directly before sensitive data
Page:
SIG34-C. Do not call signal() from within interruptible signal handlers
Page:
Rule 01. Preprocessor (PRE)
Page:
FIO18-C. Never expect fwrite() to terminate the writing process at a null character
Page:
CON34-C. Declare objects shared between threads with appropriate storage durations
Page:
POS48-C. Do not unlock or destroy another POSIX thread's mutex
Page:
CON07-C. Ensure that compound operations on shared variables are atomic
Page:
Rule 50. POSIX (POS)
Page:
ERR33-C. Detect and handle standard library errors
Page:
INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
Page:
WIN00-C. Be specific when dynamically loading libraries
Page:
FLP34-C. Ensure that floating-point conversions are within range of the new type
Page:
WIN01-C. Do not forcibly terminate execution
Page:
MEM34-C. Only free memory allocated dynamically
Page:
STR38-C. Do not confuse narrow and wide character strings and functions
Page:
MSC20-C. Do not use a switch statement to transfer control into a complex block
Page:
MSC09-C. Character encoding: Use subset of ASCII for safety
Page:
FIO30-C. Exclude user input from format strings
Page:
INT30-C. Ensure that unsigned integer operations do not wrap
Page:
EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
Page:
DCL30-C. Declare objects with appropriate storage durations
Page:
FLP02-C. Avoid using floating-point numbers when precise computation is needed
Page:
MEM01-C. Store a new value in pointers immediately after free()
Page:
CON35-C. Avoid deadlock by locking in a predefined order
Page:
INT04-C. Enforce limits on integer values originating from tainted sources
Page:
Rec. 50. POSIX (POS)
Page:
CON09-C. Avoid the ABA problem when using lock-free algorithms
Page:
DCL12-C. Implement abstract data types using opaque types
Page:
FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()
Page:
WIN02-C. Restrict privileges when spawning child processes
Page:
SIG31-C. Do not access shared objects in signal handlers
Page:
FIO11-C. Take care when specifying the mode parameter of fopen()
Page:
Rec. 11. Signals (SIG)
Page:
SIG35-C. Do not return from a computational exception signal handler
Page:
EXP30-C. Do not depend on the order of evaluation for side effects
Page:
INT32-C. Ensure that operations on signed integers do not result in overflow
Page:
ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
Page:
DCL05-C. Use typedefs of non-pointer types only
Page:
EXP37-C. Call functions with the correct number and type of arguments
Page:
CC. Undefined Behavior
Page:
Rec. 08. Memory Management (MEM)
Page:
EXP16-C. Do not compare function pointers to constant values
Page:
ARR32-C. Ensure size arguments for variable length arrays are in a valid range
Page:
API09-C. Compatible values should have the same type
Page:
MSC21-C. Use robust loop termination conditions
Page:
PRE11-C. Do not conclude macro definitions with a semicolon
Page:
PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
Page:
POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
Page:
MSC40-C. Do not violate constraints
Page:
FIO22-C. Close files before spawning processes
Page:
DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
Page:
ENV34-C. Do not store pointers returned by certain functions
Page:
FIO21-C. Do not create temporary files in shared directories
Page:
Rec. 13. Application Programming Interfaces (API)
Page:
MSC14-C. Do not introduce unnecessary platform dependencies
Page:
FIO02-C. Canonicalize path names originating from tainted sources
Page:
FIO06-C. Create files with appropriate access permissions
Page:
EXP20-C. Perform explicit tests to determine success, true and false, and equality
Page:
PRE09-C. Do not replace secure functions with deprecated or obsolescent functions
Page:
EXP13-C. Treat relational and equality operators as if they were nonassociative
Page:
MEM10-C. Define and use a pointer validation function
Page:
POS01-C. Check for the existence of links when dealing with files
Page:
Rule 12. Error Handling (ERR)
Page:
STR34-C. Cast characters to unsigned char before converting to larger integer sizes
Page:
EXP35-C. Do not modify objects with temporary lifetime
Page:
MEM30-C. Do not access freed memory
Page:
Rec. 09. Input Output (FIO)
Page:
EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members
Page:
MSC19-C. For functions that return an array, prefer returning an empty array over a null value
Page:
STR30-C. Do not attempt to modify string literals
Page:
MSC33-C. Do not pass invalid data to the asctime() function
Page:
Rec. 10. Environment (ENV)
Page:
POS38-C. Beware of race conditions when using fork and file descriptors
Page:
ENV33-C. Do not call system()
Page:
Rule 08. Memory Management (MEM)
Page:
WIN03-C. Understand HANDLE inheritance
Page:
FLP01-C. Take care in rearranging floating-point expressions
Page:
INT09-C. Ensure enumeration constants map to unique values
Page:
DCL02-C. Use visually distinct identifiers
Page:
CON03-C. Ensure visibility when accessing shared variables
Page:
TODO List
Page:
Rule 05. Floating Point (FLP)
Page:
Rule 11. Signals (SIG)
Page:
MSC07-C. Detect and remove dead code
Page:
INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
Page:
CON31-C. Do not destroy a mutex while it is locked
Page:
POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
Page:
ENV30-C. Do not modify the object referenced by the return value of certain functions
Page:
MEM31-C. Free dynamically allocated memory when no longer needed
Page:
EXP39-C. Do not access a variable through a pointer of an incompatible type
Page:
FLP36-C. Preserve precision when converting integral values to floating-point type
Page:
MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
Page:
Rule 51. Microsoft Windows (WIN)
Page:
FIO40-C. Reset strings on fgets() or fgetws() failure
Page:
POS35-C. Avoid race conditions while checking for the existence of a symbolic link
Page:
INT13-C. Use bitwise operators only on unsigned operands
Page:
STR05-C. Use pointers to const when referring to string literals
Page:
FIO10-C. Take care when using the rename() function
Page:
ERR01-C. Use ferror() rather than errno to check for FILE stream errors
Page:
Rec. 51. Microsoft Windows (WIN)
Page:
FIO14-C. Understand the difference between text mode and binary mode with file streams
Page:
DCL06-C. Use meaningful symbolic constants to represent literal values
Page:
EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
Page:
API07-C. Enforce type safety
Page:
MSC13-C. Detect and remove unused values
Page:
INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
Page:
CON02-C. Do not use volatile as a synchronization primitive
Page:
Rec. 01. Preprocessor (PRE)
Page:
CON32-C. Prevent data races when accessing bit-fields from multiple threads
Page:
FIO17-C. Do not rely on an ending null character when using fread()
Page:
CON04-C. Join or detach threads even if their exit status is unimportant
Page:
DCL20-C. Explicitly specify void when a function accepts no arguments
Page:
DCL37-C. Do not declare or define a reserved identifier
Page:
FIO13-C. Never push back anything other than one read character
Page:
EXP45-C. Do not perform assignments in selection statements
Page:
PRE31-C. Avoid side effects in arguments to unsafe macros
Page:
CON43-C. Do not allow data races in multithreaded code
Page:
EXP12-C. Do not ignore values returned by functions
Page:
FIO47-C. Use valid format strings
Page:
API03-C. Create consistent interfaces and capabilities across related functions
Page:
SIG30-C. Call only asynchronous-safe functions within signal handlers
Page:
ENV03-C. Sanitize the environment when invoking external programs
Page:
POS02-C. Follow the principle of least privilege
Page:
MSC22-C. Use the setjmp(), longjmp() facility securely
Page:
ERR07-C. Prefer functions that support error checking over equivalent functions that don't
Page:
INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
Page:
Rec. 02. Declarations and Initialization (DCL)
Page:
API00-C. Functions should validate their parameters
Page:
DCL22-C. Use volatile for data that cannot be cached
Page:
FIO45-C. Avoid TOCTOU race conditions while accessing files
Page:
EXP00-C. Use parentheses for precedence of operation
Page:
EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
Page:
MEM35-C. Allocate sufficient memory for an object
Page:
FIO05-C. Identify files using multiple file attributes
Page:
FLP30-C. Do not use floating-point variables as loop counters
Page:
MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
Page:
MEM36-C. Do not modify the alignment of objects by calling realloc()
Page:
POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks
Page:
FLP06-C. Convert integers to floating point for floating-point operations
Page:
DCL09-C. Declare functions that return errno with a return type of errno_t
Page:
Rec. 12. Error Handling (ERR)
Page:
EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions
Page:
CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
Page:
DCL17-C. Beware of miscompiled volatile-qualified variables
Page:
EXP32-C. Do not access a volatile object through a nonvolatile reference
Page:
DCL03-C. Use a static assertion to test the value of a constant expression
Page:
ENV01-C. Do not make assumptions about the size of an environment variable
Page:
FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file
Page:
PRE30-C. Do not create a universal character name through concatenation
Page:
MSC37-C. Ensure that control never reaches the end of a non-void function
Page:
INT36-C. Converting a pointer to integer or integer to pointer
Page:
DCL07-C. Include the appropriate type information in function declarators
Page:
Rule 04. Integers (INT)
Page:
Rule 13. Application Programming Interfaces (API)
Page:
MEM04-C. Beware of zero-length allocations
Page:
EXP33-C. Do not read uninitialized memory
Page:
POS44-C. Do not use signals to terminate threads
Page:
PRE00-C. Prefer inline or static functions to function-like macros
Page:
STR07-C. Use the bounds-checking interfaces for string manipulation
Page:
ERR03-C. Use runtime-constraint handlers when calling the bounds-checking interfaces
Page:
SIG01-C. Understand implementation-specific details regarding signal handler persistence
Page:
DCL11-C. Understand the type issues associated with variadic functions
Page:
FIO38-C. Do not copy a FILE object
Page:
DD. Unspecified Behavior
Page:
FLP37-C. Do not use object representations to compare floating-point values
Page:
PRE12-C. Do not define unsafe macros
Page:
EXP19-C. Use braces for the body of an if, for, or while statement
Page:
MSC23-C. Beware of vendor-specific library and language differences
Page:
STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
Page:
FIO01-C. Be careful using functions that use file names for identification
Page:
API05-C. Use conformant array parameters
Page:
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
Page:
BB. Definitions
Page:
Rule 03. Expressions (EXP)
Page:
POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
Page:
INT00-C. Understand the data model used by your implementation(s)
Page:
PRE02-C. Macro replacement lists should be parenthesized
Page:
ERR02-C. Avoid in-band error indicators
Page:
STR04-C. Use plain char for characters in the basic character set
Page:
STR10-C. Do not concatenate different type of string literals
Page:
WIN30-C. Properly pair allocation and deallocation functions
Page:
Errata for SEI CERT C Coding Standard (2016 Edition)
Page:
FIO32-C. Do not perform operations on devices that are only appropriate for files
Page:
EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
Page:
INT08-C. Verify that all integer values are in range
Page:
POS50-C. Declare objects shared between POSIX threads with appropriate storage durations
Page:
AA. Bibliography
Page:
Rec. 48. Miscellaneous (MSC)
Page:
EXP36-C. Do not cast pointers into more strictly aligned pointer types
Page:
CON40-C. Do not refer to an atomic variable twice in an expression
Page:
ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
Page:
CON06-C. Ensure that every mutex outlives the data it protects
Page:
PRE04-C. Do not reuse a standard header file name
Page:
MSC17-C. Finish every set of statements associated with a case label with a break statement
Page:
ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
Page:
MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
Page:
INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
Page:
ARR00-C. Understand how arrays work
Page:
FLP04-C. Check floating-point inputs for exceptional values
Page:
ARR39-C. Do not add or subtract a scaled integer to a pointer
Page:
DCL16-C. Use "L," not "l," to indicate a long value
Page:
Rule 06. Arrays (ARR)
Page:
STR11-C. Do not specify the bound of a character array initialized with a string literal
Page:
POS52-C. Do not perform operations that can block while holding a POSIX lock
Page:
MEM11-C. Do not assume infinite heap space
Page:
DCL38-C. Use the correct syntax when declaring a flexible array member
Page:
FIO23-C. Do not exit with unflushed data in stdout or stderr
Page:
API10-C. APIs should have security options enabled by default
Page:
EXP42-C. Do not compare padding data
Page:
WIN04-C. Consider encrypting function pointers
Page:
ENV02-C. Beware of multiple environment variables with the same effective name
Page:
EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields
Page:
FIO42-C. Close files when they are no longer needed
Page:
MSC24-C. Do not use deprecated or obsolescent functions
Page:
API04-C. Provide a consistent and usable error-checking mechanism
Page:
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
Page:
POS30-C. Use the readlink() function properly
Page:
PRE03-C. Prefer typedefs to defines for encoding non-pointer types
Page:
FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
Page:
FIO09-C. Be careful with binary data when transferring data across systems
Page:
FLP00-C. Understand the limitations of floating-point numbers
Page:
CON08-C. Do not assume that a group of calls to independently atomic methods is atomic
Page:
API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
Page:
MSC11-C. Incorporate diagnostic tests using assertions
Page:
CON37-C. Do not call signal() in a multithreaded program
Page:
MSC06-C. Beware of compiler optimizations
Page:
POS37-C. Ensure that privilege relinquishment is successful
Page:
ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
Page:
DCL39-C. Avoid information leakage when passing a structure across a trust boundary
Page:
PRE01-C. Use parentheses within macros around parameter names
Page:
FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
Page:
ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
Page:
DCL19-C. Minimize the scope of variables and functions
Page:
EXP47-C. Do not call va_arg with an argument of the incorrect type
Page:
INT17-C. Define integer constants in an implementation-independent manner
Page:
FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
Page:
CON05-C. Do not perform operations that can block while holding a lock
Page:
Rule 48. Miscellaneous (MSC)
Page:
POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
Page:
ERR32-C. Do not rely on indeterminate values of errno
Page:
DCL41-C. Do not declare variables inside a switch statement before the first case label
Page:
MSC10-C. Character encoding: UTF8-related issues
Page:
DCL00-C. Const-qualify immutable objects
Page:
INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
Page:
MSC01-C. Strive for logical completeness
Page:
FLP05-C. Do not use denormalized numbers
Page:
MSC30-C. Do not use the rand() function for generating pseudorandom numbers
Page:
Rec. 04. Integers (INT)
Page:
ERR04-C. Choose an appropriate termination strategy
Page:
STR01-C. Adopt and implement a consistent plan for managing strings
Page:
POS36-C. Observe correct revocation order while relinquishing privileges
Page:
POS39-C. Use the correct byte ordering when transferring data between systems
Page:
FIO03-C. Do not make assumptions about fopen() and file creation
Page:
STR09-C. Don't assume numeric values for expressions with type plain character
Page:
ERR05-C. Application-independent code should provide error detection without dictating error handling
Page:
INT01-C. Use rsize_t or size_t for all integer values representing the size of an object
Page:
CON41-C. Wrap functions that can fail spuriously in a loop
Page:
MSC15-C. Do not depend on undefined behavior
Page:
STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
Page:
PRE13-C. Use the Standard predefined macros to test for versions and features.
Page:
EXP46-C. Do not use a bitwise operator with a Boolean-like operand
Page:
Rec. 05. Floating Point (FLP)
Page:
POS05-C. Limit access to files by creating a jail
Page:
SIG02-C. Avoid using signals to implement normal functionality
Page:
DCL23-C. Guarantee that mutually visible identifiers are unique
Page:
FIO24-C. Do not open a file that is already open
Page:
FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
Page:
FIO46-C. Do not access a closed file
Page:
MSC04-C. Use comments consistently and in a readable fashion
Page:
STR08-C. Use managed strings for development of new string manipulation code
Page:
DCL31-C. Declare identifiers before using them
Page:
INT10-C. Do not assume a positive remainder when using the % operator
Page:
MSC12-C. Detect and remove code that has no effect or is never executed
Page:
EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
Page:
Rule 10. Environment (ENV)
Page:
STR03-C. Do not inadvertently truncate a string
SEI CERT Perl Coding Standard (14)
Page:
EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions
Page:
DCL01-PL. Do not reuse variable names in subscopes
Page:
MSC01-PL. Detect and remove unused variables
Page:
DCL31-PL. Do not overload reserved keywords or subroutines
Page:
IDS33-PL. Sanitize untrusted data passed across a trust boundary
Page:
EXP32-PL. Do not ignore function return values
Page:
IDS30-PL. Exclude user input from format strings
Page:
MSC02-PL. Run programs with full warnings and strict checking
Page:
IDS00-PL. Canonicalize path names before validating them
Page:
FIO01-PL. Do not operate on files that can be modified by untrusted users
Page:
IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter
Page:
DCL33-PL. Declare identifiers before using them
Page:
EXP30-PL. Do not use deprecated or obsolete functions or modules
Page:
MSC00-PL. Detect and remove dead code
Hierarchy
Children (7)
Page:
1 Front Matter
Page:
2 Rules
Page:
3 Recommendations
Page:
4 Back Matter
Page:
5 Admin
Page:
Wiki Contents
Page:
CERT manifest files
Labels
Global Labels (2)
wikimain
ear
Recent Changes
Time
Editor
Apr 04, 2024 13:54
David Svoboda
View Changes
Reverted from v. 159
Mar 22, 2024 13:43
David Svoboda
View Changes
Mar 22, 2024 13:06
David Svoboda
View Changes
Mar 20, 2024 16:15
David Svoboda
View Changes
Feb 14, 2024 11:38
Robert Schiela
Updated link to C Coding Standard download.
View Page History
Outgoing Links
External Links (5)
www.informit.com/store/secure-coding-in-c-and-c-plus-plus-9…
www.cert.org/secure-coding/contact.cfm
https://wiki.sei.cmu.edu/confluence/signup.action
https://resources.sei.cmu.edu/library/asset-view.cfm?assetI…
https://resources.sei.cmu.edu/library/asset-view.cfm?asseti…
CERT Secure Coding (2)
Page:
Secure Coding Space Homepage Notices
Page:
Understand the Difference Between Rules and Recommendations
SEI CERT C Coding Standard (4)
Page:
Errata for SEI CERT C Coding Standard (2016 Edition)
Page:
Acknowledgments
Home page:
SEI CERT C Coding Standard
Page:
CERT manifest files
Overview
Content Tools
{"serverDuration": 6982, "requestCorrelationId": "afea0143d00e4b81"}