SEI CERT C Coding Standard

Space shortcuts

Page tree

Title: SEI CERT C Coding Standard  
Author: Admin May 24, 2006
Last Changed by: David Svoboda Apr 04, 2024
Tiny Link: (useful for email) https://wiki.sei.cmu.edu/confluence/x/rNUxBQ
Export As: Word · PDF  
Incoming Links
SEI CERT C++ Coding Standard (34)
    Page: MSC54-CPP. A signal handler must be a plain old function
    Page: EXP54-CPP. Do not access an object outside of its lifetime
    Page: OOP51-CPP. Do not slice derived objects
    Page: EXP50-CPP. Do not depend on the order of evaluation for side effects
    Page: STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
    Page: CON55-CPP. Preserve thread safety and liveness when using condition variables
    Page: CTR50-CPP. Guarantee that container indices and iterators are within the valid range
    Page: CON53-CPP. Avoid deadlock by locking in a predefined order
    Home page: SEI CERT C++ Coding Standard
    Page: CTR52-CPP. Guarantee that library functions do not overflow
    Page: MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers
    Page: CTR55-CPP. Do not use an additive operator on an iterator if the result would overflow
    Page: STR51-CPP. Do not attempt to create a std::string from a null pointer
    Page: DCL55-CPP. Avoid information leakage when passing a class object across a trust boundary
    Page: ERR62-CPP. Detect errors when converting a string to a number
    Page: CON52-CPP. Prevent data races when accessing bit-fields from multiple threads
    Page: CON51-CPP. Ensure actively held locks are released on exceptional conditions
    Page: EXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type
    Page: MEM50-CPP. Do not access freed memory
    Page: EXP53-CPP. Do not read uninitialized memory
    Page: CTR54-CPP. Do not subtract iterators that do not refer to the same container
    Page: MEM52-CPP. Detect and handle memory allocation errors
    Page: CON54-CPP. Wrap functions that can spuriously wake up in a loop
    Page: CTR56-CPP. Do not use pointer arithmetic on polymorphic objects
    Page: EXP52-CPP. Do not rely on side effects in unevaluated operands
    Page: Relation to the CERT C Coding Standard
    Page: Rules from C
    Page: DCL51-CPP. Do not declare or define a reserved identifier
    Page: MEM51-CPP. Properly deallocate dynamically allocated resources
    Page: MSC51-CPP. Ensure your random number generator is properly seeded
    Page: CON56-CPP. Do not speculatively lock a non-recursive mutex that is already owned by the calling thread
    Page: CON50-CPP. Do not destroy a mutex while it is locked
    Page: How this Coding Standard Is Organized
    Page: MEM55-CPP. Honor replacement dynamic storage management requirements
Android (2)
    Page: DRD19. Properly verify server certificate on SSL/TLS
    Page: AA. Bibliography
CERT Secure Coding (2)
    Home page: SEI CERT Coding Standards
    Page: Deprecations
SEI CERT Oracle Coding Standard for Java (43)
    Page: NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
    Page: FIO04-J. Release resources when they are no longer needed
    Page: IDS06-J. Exclude unsanitized user input from format strings
    Page: Rule: Contents and Organization
    Page: Rec.: Audience
    Page: NUM01-J. Do not perform bitwise and arithmetic operations on the same data
    Page: EXP01-J. Do not use a null in a case where an object is required
    Page: MSC03-J. Never hard code sensitive information
    Page: IDS17-J. Prevent XML External Entity Attacks
    Page: IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
    Page: NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms
    Page: NUM54-J. Do not use denormalized numbers
    Page: FIO08-J. Distinguish between characters or bytes read from a stream and -1
    Page: EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression
    Page: FIO03-J. Remove temporary files before termination
    Page: MSC02-J. Generate strong random numbers
    Page: NUM09-J. Do not use floating-point variables as loop counters
    Page: FIO14-J. Perform proper cleanup at program termination
    Page: FIO16-J. Canonicalize path names before validating them
    Page: NUM08-J. Check floating-point inputs for exceptional values
    Page: EXP00-J. Do not ignore values returned by methods
    Page: NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
    Page: Rec. Preface
    Page: NUM13-J. Avoid loss of precision when converting primitive integers to floating-point
    Page: LCK07-J. Avoid deadlock by requesting and releasing locks in the same order
    Page: MSC57-J. Strive for logical completeness
    Page: IDS50-J. Use conservative file naming conventions
    Page: FIO00-J. Do not operate on files in shared directories
    Page: FIO01-J. Create files with appropriate access permissions
    Page: EXP06-J. Expressions used in assertions must not produce side effects
    Page: IDS00-J. Prevent SQL injection
    Page: THI02-J. Notify all waiting threads rather than a single thread
    Page: Java Coding Guidelines
    Page: MSC05-J. Do not exhaust heap space
    Page: NUM00-J. Detect or prevent integer overflow
    Page: IDS16-J. Prevent XML Injection
    Page: NUM04-J. Do not use floating-point numbers if precise computation is required
    Page: Rec.: Scope
    Page: MSC61-J. Do not use insecure or weak cryptographic algorithms
    Page: DCL01-J. Do not reuse public identifiers from the Java Standard Library
    Page: THI05-J. Do not use Thread.stop() to terminate threads
    Page: LCK09-J. Do not perform operations that can block while holding a lock
    Page: Rec.: Contents and Organization
SEI CERT C Coding Standard (344)
    Page: PRE06-C. Enclose header files in an include guard
    Page: FLP07-C. Cast the return value of a function that returns a floating-point type
    Page: STR06-C. Do not assume that strtok() leaves the parse string unchanged
    Page: ARR38-C. Guarantee that library functions do not form invalid pointers
    Page: MEM07-C. Ensure that the arguments to calloc(), when multiplied, do not wrap
    Page: Rule 02. Declarations and Initialization (DCL)
    Page: MEM03-C. Clear sensitive information stored in reusable resources
    Page: MSC00-C. Compile cleanly at high warning levels
    Page: Rec. 07. Characters and Strings (STR)
    Page: ARR36-C. Do not subtract or compare two pointers that do not refer to the same array
    Page: Rec. 14. Concurrency (CON)
    Page: CON30-C. Clean up thread-specific storage
    Page: Rule 09. Input Output (FIO)
    Page: PRE08-C. Guarantee that header file names are unique
    Page: EXP09-C. Use sizeof to determine the size of a type or variable
    Page: PRE10-C. Wrap multistatement macros in a do-while loop
    Page: ERR34-C. Detect errors when converting a string to a number
    Page: ERR06-C. Understand the termination behavior of assert() and abort()
    Page: DCL01-C. Do not reuse variable names in subscopes
    Page: FLP03-C. Detect and handle floating-point errors
    Page: MSC38-C. Do not treat a predefined identifier as an object if it might only be implemented as a macro
    Page: INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
    Page: DCL18-C. Do not begin integer constants with 0 when specifying a decimal value
    Page: FIO15-C. Ensure that file operations are performed in a secure directory
    Page: DCL08-C. Properly encode relationships in constant definitions
    Page: STR02-C. Sanitize data passed to complex subsystems
    Page: PRE32-C. Do not use preprocessor directives in invocations of function-like macros
    Page: EXP34-C. Do not dereference null pointers
    Page: MEM33-C. Allocate and copy structures containing a flexible array member dynamically
    Page: INT16-C. Do not make assumptions about representation of signed integers
    Page: ENV32-C. All exit handlers must return normally
    Page: DCL40-C. Do not create incompatible declarations of the same function or object
    Page: DCL04-C. Do not declare more than one variable per declaration
    Page: EXP08-C. Ensure pointer arithmetic is used correctly
    Page: EXP05-C. Do not cast away a const qualification
    Page: INT02-C. Understand integer conversion rules
    Page: CON36-C. Wrap functions that can spuriously wake up in a loop
    Page: EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators
    Page: FIO34-C. Distinguish between characters read from a file and EOF or WEOF
    Page: Rec. 06. Arrays (ARR)
    Page: EXP40-C. Do not modify constant objects
    Page: Rec. 03. Expressions (EXP)
    Page: CON39-C. Do not join or detach a thread that was previously joined or detached
    Page: INT07-C. Use only explicitly signed or unsigned char type for numeric values
    Page: FIO08-C. Take care when calling remove() on an open file
    Page: MSC32-C. Properly seed pseudorandom number generators
    Page: INT35-C. Use correct integer precisions
    Page: MEM06-C. Ensure that sensitive data is not written out to disk
    Page: DCL10-C. Maintain the contract between the writer and caller of variadic functions
    Page: STR37-C. Arguments to character-handling functions must be representable as an unsigned char
    Page: CON33-C. Avoid race conditions when using library functions
    Page: STR00-C. Represent characters using an appropriate type
    Page: ERR30-C. Take care when reading errno
    Page: DCL15-C. Declare file-scope objects or functions that do not need external linkage as static
    Page: FLP32-C. Prevent or detect domain and range errors in math functions
    Page: MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
    Page: PRE07-C. Avoid using repeated question marks
    Page: INT14-C. Avoid performing bitwise and arithmetic operations on the same data
    Page: CON38-C. Preserve thread safety and liveness when using condition variables
    Page: MEM05-C. Avoid large stack allocations
    Page: MSC05-C. Do not manipulate time_t typed values directly
    Page: DCL21-C. Understand the storage of compound literals
    Page: Rule 07. Characters and Strings (STR)
    Page: POS54-C. Detect and handle POSIX library errors
    Page: POS47-C. Do not use threads that can be canceled asynchronously
    Page: DCL36-C. Do not declare an identifier with conflicting linkage classifications
    Page: Rule 14. Concurrency (CON)
    Page: SIG00-C. Mask signals handled by noninterruptible signal handlers
    Page: API01-C. Avoid laying out strings in memory directly before sensitive data
    Page: SIG34-C. Do not call signal() from within interruptible signal handlers
    Page: Rule 01. Preprocessor (PRE)
    Page: FIO18-C. Never expect fwrite() to terminate the writing process at a null character
    Page: CON34-C. Declare objects shared between threads with appropriate storage durations
    Page: POS48-C. Do not unlock or destroy another POSIX thread's mutex
    Page: CON07-C. Ensure that compound operations on shared variables are atomic
    Page: Rule 50. POSIX (POS)
    Page: ERR33-C. Detect and handle standard library errors
    Page: INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs
    Page: WIN00-C. Be specific when dynamically loading libraries
    Page: FLP34-C. Ensure that floating-point conversions are within range of the new type
    Page: WIN01-C. Do not forcibly terminate execution
    Page: MEM34-C. Only free memory allocated dynamically
    Page: STR38-C. Do not confuse narrow and wide character strings and functions
    Page: MSC20-C. Do not use a switch statement to transfer control into a complex block
    Page: MSC09-C. Character encoding: Use subset of ASCII for safety
    Page: FIO30-C. Exclude user input from format strings
    Page: INT30-C. Ensure that unsigned integer operations do not wrap
    Page: EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place
    Page: DCL30-C. Declare objects with appropriate storage durations
    Page: FLP02-C. Avoid using floating-point numbers when precise computation is needed
    Page: MEM01-C. Store a new value in pointers immediately after free()
    Page: CON35-C. Avoid deadlock by locking in a predefined order
    Page: INT04-C. Enforce limits on integer values originating from tainted sources
    Page: Rec. 50. POSIX (POS)
    Page: CON09-C. Avoid the ABA problem when using lock-free algorithms
    Page: DCL12-C. Implement abstract data types using opaque types
    Page: FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()
    Page: WIN02-C. Restrict privileges when spawning child processes
    Page: SIG31-C. Do not access shared objects in signal handlers
    Page: FIO11-C. Take care when specifying the mode parameter of fopen()
    Page: Rec. 11. Signals (SIG)
    Page: SIG35-C. Do not return from a computational exception signal handler
    Page: EXP30-C. Do not depend on the order of evaluation for side effects
    Page: INT32-C. Ensure that operations on signed integers do not result in overflow
    Page: ARR37-C. Do not add or subtract an integer to a pointer to a non-array object
    Page: DCL05-C. Use typedefs of non-pointer types only
    Page: EXP37-C. Call functions with the correct number and type of arguments
    Page: CC. Undefined Behavior
    Page: Rec. 08. Memory Management (MEM)
    Page: EXP16-C. Do not compare function pointers to constant values
    Page: ARR32-C. Ensure size arguments for variable length arrays are in a valid range
    Page: API09-C. Compatible values should have the same type
    Page: MSC21-C. Use robust loop termination conditions
    Page: PRE11-C. Do not conclude macro definitions with a semicolon
    Page: PRE05-C. Understand macro replacement when concatenating tokens or performing stringification
    Page: POS53-C. Do not use more than one mutex for concurrent waiting operations on a condition variable
    Page: MSC40-C. Do not violate constraints
    Page: FIO22-C. Close files before spawning processes
    Page: DCL13-C. Declare function parameters that are pointers to values not changed by the function as const
    Page: ENV34-C. Do not store pointers returned by certain functions
    Page: FIO21-C. Do not create temporary files in shared directories
    Page: Rec. 13. Application Programming Interfaces (API)
    Page: MSC14-C. Do not introduce unnecessary platform dependencies
    Page: FIO02-C. Canonicalize path names originating from tainted sources
    Page: FIO06-C. Create files with appropriate access permissions
    Page: EXP20-C. Perform explicit tests to determine success, true and false, and equality
    Page: PRE09-C. Do not replace secure functions with deprecated or obsolescent functions
    Page: EXP13-C. Treat relational and equality operators as if they were nonassociative
    Page: MEM10-C. Define and use a pointer validation function
    Page: POS01-C. Check for the existence of links when dealing with files
    Page: Rule 12. Error Handling (ERR)
    Page: STR34-C. Cast characters to unsigned char before converting to larger integer sizes
    Page: EXP35-C. Do not modify objects with temporary lifetime
    Page: MEM30-C. Do not access freed memory
    Page: Rec. 09. Input Output (FIO)
    Page: EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members
    Page: MSC19-C. For functions that return an array, prefer returning an empty array over a null value
    Page: STR30-C. Do not attempt to modify string literals
    Page: MSC33-C. Do not pass invalid data to the asctime() function
    Page: Rec. 10. Environment (ENV)
    Page: POS38-C. Beware of race conditions when using fork and file descriptors
    Page: ENV33-C. Do not call system()
    Page: Rule 08. Memory Management (MEM)
    Page: WIN03-C. Understand HANDLE inheritance
    Page: FLP01-C. Take care in rearranging floating-point expressions
    Page: INT09-C. Ensure enumeration constants map to unique values
    Page: DCL02-C. Use visually distinct identifiers
    Page: CON03-C. Ensure visibility when accessing shared variables
    Page: TODO List
    Page: Rule 05. Floating Point (FLP)
    Page: Rule 11. Signals (SIG)
    Page: MSC07-C. Detect and remove dead code
    Page: INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
    Page: CON31-C. Do not destroy a mutex while it is locked
    Page: POS51-C. Avoid deadlock with POSIX threads by locking in predefined order
    Page: ENV30-C. Do not modify the object referenced by the return value of certain functions
    Page: MEM31-C. Free dynamically allocated memory when no longer needed
    Page: EXP39-C. Do not access a variable through a pointer of an incompatible type
    Page: FLP36-C. Preserve precision when converting integral values to floating-point type
    Page: MSC39-C. Do not call va_arg() on a va_list that has an indeterminate value
    Page: Rule 51. Microsoft Windows (WIN)
    Page: FIO40-C. Reset strings on fgets() or fgetws() failure
    Page: POS35-C. Avoid race conditions while checking for the existence of a symbolic link
    Page: INT13-C. Use bitwise operators only on unsigned operands
    Page: STR05-C. Use pointers to const when referring to string literals
    Page: FIO10-C. Take care when using the rename() function
    Page: ERR01-C. Use ferror() rather than errno to check for FILE stream errors
    Page: Rec. 51. Microsoft Windows (WIN)
    Page: FIO14-C. Understand the difference between text mode and binary mode with file streams
    Page: DCL06-C. Use meaningful symbolic constants to represent literal values
    Page: EXP43-C. Avoid undefined behavior when using restrict-qualified pointers
    Page: API07-C. Enforce type safety
    Page: MSC13-C. Detect and remove unused values
    Page: INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
    Page: CON02-C. Do not use volatile as a synchronization primitive
    Page: Rec. 01. Preprocessor (PRE)
    Page: CON32-C. Prevent data races when accessing bit-fields from multiple threads
    Page: FIO17-C. Do not rely on an ending null character when using fread()
    Page: CON04-C. Join or detach threads even if their exit status is unimportant
    Page: DCL20-C. Explicitly specify void when a function accepts no arguments
    Page: DCL37-C. Do not declare or define a reserved identifier
    Page: FIO13-C. Never push back anything other than one read character
    Page: EXP45-C. Do not perform assignments in selection statements
    Page: PRE31-C. Avoid side effects in arguments to unsafe macros
    Page: CON43-C. Do not allow data races in multithreaded code
    Page: EXP12-C. Do not ignore values returned by functions
    Page: FIO47-C. Use valid format strings
    Page: API03-C. Create consistent interfaces and capabilities across related functions
    Page: SIG30-C. Call only asynchronous-safe functions within signal handlers
    Page: ENV03-C. Sanitize the environment when invoking external programs
    Page: POS02-C. Follow the principle of least privilege
    Page: MSC22-C. Use the setjmp(), longjmp() facility securely
    Page: ERR07-C. Prefer functions that support error checking over equivalent functions that don't
    Page: INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
    Page: Rec. 02. Declarations and Initialization (DCL)
    Page: API00-C. Functions should validate their parameters
    Page: DCL22-C. Use volatile for data that cannot be cached
    Page: FIO45-C. Avoid TOCTOU race conditions while accessing files
    Page: EXP00-C. Use parentheses for precedence of operation
    Page: EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement
    Page: MEM35-C. Allocate sufficient memory for an object
    Page: FIO05-C. Identify files using multiple file attributes
    Page: FLP30-C. Do not use floating-point variables as loop counters
    Page: MSC18-C. Be careful while handling sensitive data, such as passwords, in program code
    Page: MEM36-C. Do not modify the alignment of objects by calling realloc()
    Page: POS04-C. Avoid using PTHREAD_MUTEX_NORMAL type mutex locks
    Page: FLP06-C. Convert integers to floating point for floating-point operations
    Page: DCL09-C. Declare functions that return errno with a return type of errno_t
    Page: Rec. 12. Error Handling (ERR)
    Page: EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions
    Page: CON01-C. Acquire and release synchronization primitives in the same module, at the same level of abstraction
    Page: DCL17-C. Beware of miscompiled volatile-qualified variables
    Page: EXP32-C. Do not access a volatile object through a nonvolatile reference
    Page: DCL03-C. Use a static assertion to test the value of a constant expression
    Page: ENV01-C. Do not make assumptions about the size of an environment variable
    Page: FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file
    Page: PRE30-C. Do not create a universal character name through concatenation
    Page: MSC37-C. Ensure that control never reaches the end of a non-void function
    Page: INT36-C. Converting a pointer to integer or integer to pointer
    Page: DCL07-C. Include the appropriate type information in function declarators
    Page: Rule 04. Integers (INT)
    Page: Rule 13. Application Programming Interfaces (API)
    Page: MEM04-C. Beware of zero-length allocations
    Page: EXP33-C. Do not read uninitialized memory
    Page: POS44-C. Do not use signals to terminate threads
    Page: PRE00-C. Prefer inline or static functions to function-like macros
    Page: STR07-C. Use the bounds-checking interfaces for string manipulation
    Page: ERR03-C. Use runtime-constraint handlers when calling the bounds-checking interfaces
    Page: SIG01-C. Understand implementation-specific details regarding signal handler persistence
    Page: DCL11-C. Understand the type issues associated with variadic functions
    Page: FIO38-C. Do not copy a FILE object
    Page: DD. Unspecified Behavior
    Page: FLP37-C. Do not use object representations to compare floating-point values
    Page: PRE12-C. Do not define unsafe macros
    Page: EXP19-C. Use braces for the body of an if, for, or while statement
    Page: MSC23-C. Beware of vendor-specific library and language differences
    Page: STR32-C. Do not pass a non-null-terminated character sequence to a library function that expects a string
    Page: FIO01-C. Be careful using functions that use file names for identification
    Page: API05-C. Use conformant array parameters
    Page: ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
    Page: BB. Definitions
    Page: Rule 03. Expressions (EXP)
    Page: POS34-C. Do not call putenv() with a pointer to an automatic variable as the argument
    Page: INT00-C. Understand the data model used by your implementation(s)
    Page: PRE02-C. Macro replacement lists should be parenthesized
    Page: ERR02-C. Avoid in-band error indicators
    Page: STR04-C. Use plain char for characters in the basic character set
    Page: STR10-C. Do not concatenate different type of string literals
    Page: WIN30-C. Properly pair allocation and deallocation functions
    Page: Errata for SEI CERT C Coding Standard (2016 Edition)
    Page: FIO32-C. Do not perform operations on devices that are only appropriate for files
    Page: EXP44-C. Do not rely on side effects in operands to sizeof, _Alignof, or _Generic
    Page: INT08-C. Verify that all integer values are in range
    Page: POS50-C. Declare objects shared between POSIX threads with appropriate storage durations
    Page: AA. Bibliography
    Page: Rec. 48. Miscellaneous (MSC)
    Page: EXP36-C. Do not cast pointers into more strictly aligned pointer types
    Page: CON40-C. Do not refer to an atomic variable twice in an expression
    Page: ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
    Page: CON06-C. Ensure that every mutex outlives the data it protects
    Page: PRE04-C. Do not reuse a standard header file name
    Page: MSC17-C. Finish every set of statements associated with a case label with a break statement
    Page: ARR02-C. Explicitly specify array bounds, even if implicitly defined by an initializer
    Page: MEM12-C. Consider using a goto chain when leaving a function on error when using and releasing resources
    Page: INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
    Page: ARR00-C. Understand how arrays work
    Page: FLP04-C. Check floating-point inputs for exceptional values
    Page: ARR39-C. Do not add or subtract a scaled integer to a pointer
    Page: DCL16-C. Use "L," not "l," to indicate a long value
    Page: Rule 06. Arrays (ARR)
    Page: STR11-C. Do not specify the bound of a character array initialized with a string literal
    Page: POS52-C. Do not perform operations that can block while holding a POSIX lock
    Page: MEM11-C. Do not assume infinite heap space
    Page: DCL38-C. Use the correct syntax when declaring a flexible array member
    Page: FIO23-C. Do not exit with unflushed data in stdout or stderr
    Page: API10-C. APIs should have security options enabled by default
    Page: EXP42-C. Do not compare padding data
    Page: WIN04-C. Consider encrypting function pointers
    Page: ENV02-C. Beware of multiple environment variables with the same effective name
    Page: EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields
    Page: FIO42-C. Close files when they are no longer needed
    Page: MSC24-C. Do not use deprecated or obsolescent functions
    Page: API04-C. Provide a consistent and usable error-checking mechanism
    Page: MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
    Page: POS30-C. Use the readlink() function properly
    Page: PRE03-C. Prefer typedefs to defines for encoding non-pointer types
    Page: FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
    Page: FIO09-C. Be careful with binary data when transferring data across systems
    Page: FLP00-C. Understand the limitations of floating-point numbers
    Page: CON08-C. Do not assume that a group of calls to independently atomic methods is atomic
    Page: API02-C. Functions that read or write to or from an array should take an argument to specify the source or target size
    Page: MSC11-C. Incorporate diagnostic tests using assertions
    Page: CON37-C. Do not call signal() in a multithreaded program
    Page: MSC06-C. Beware of compiler optimizations
    Page: POS37-C. Ensure that privilege relinquishment is successful
    Page: ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
    Page: DCL39-C. Avoid information leakage when passing a structure across a trust boundary
    Page: PRE01-C. Use parentheses within macros around parameter names
    Page: FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
    Page: ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array
    Page: DCL19-C. Minimize the scope of variables and functions
    Page: EXP47-C. Do not call va_arg with an argument of the incorrect type
    Page: INT17-C. Define integer constants in an implementation-independent manner
    Page: FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
    Page: CON05-C. Do not perform operations that can block while holding a lock
    Page: Rule 48. Miscellaneous (MSC)
    Page: POS49-C. When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
    Page: ERR32-C. Do not rely on indeterminate values of errno
    Page: DCL41-C. Do not declare variables inside a switch statement before the first case label
    Page: MSC10-C. Character encoding: UTF8-related issues
    Page: DCL00-C. Const-qualify immutable objects
    Page: INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression
    Page: MSC01-C. Strive for logical completeness
    Page: FLP05-C. Do not use denormalized numbers
    Page: MSC30-C. Do not use the rand() function for generating pseudorandom numbers
    Page: Rec. 04. Integers (INT)
    Page: ERR04-C. Choose an appropriate termination strategy
    Page: STR01-C. Adopt and implement a consistent plan for managing strings
    Page: POS36-C. Observe correct revocation order while relinquishing privileges
    Page: POS39-C. Use the correct byte ordering when transferring data between systems
    Page: FIO03-C. Do not make assumptions about fopen() and file creation
    Page: STR09-C. Don't assume numeric values for expressions with type plain character
    Page: ERR05-C. Application-independent code should provide error detection without dictating error handling
    Page: INT01-C. Use rsize_t or size_t for all integer values representing the size of an object
    Page: CON41-C. Wrap functions that can fail spuriously in a loop
    Page: MSC15-C. Do not depend on undefined behavior
    Page: STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator
    Page: PRE13-C. Use the Standard predefined macros to test for versions and features.
    Page: EXP46-C. Do not use a bitwise operator with a Boolean-like operand
    Page: Rec. 05. Floating Point (FLP)
    Page: POS05-C. Limit access to files by creating a jail
    Page: SIG02-C. Avoid using signals to implement normal functionality
    Page: DCL23-C. Guarantee that mutually visible identifiers are unique
    Page: FIO24-C. Do not open a file that is already open
    Page: FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
    Page: FIO46-C. Do not access a closed file
    Page: MSC04-C. Use comments consistently and in a readable fashion
    Page: STR08-C. Use managed strings for development of new string manipulation code
    Page: DCL31-C. Declare identifiers before using them
    Page: INT10-C. Do not assume a positive remainder when using the % operator
    Page: MSC12-C. Detect and remove code that has no effect or is never executed
    Page: EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int
    Page: Rule 10. Environment (ENV)
    Page: STR03-C. Do not inadvertently truncate a string
SEI CERT Perl Coding Standard (14)
    Page: EXP03-PL. Do not diminish the benefits of constants by assuming their values in expressions
    Page: DCL01-PL. Do not reuse variable names in subscopes
    Page: MSC01-PL. Detect and remove unused variables
    Page: DCL31-PL. Do not overload reserved keywords or subroutines
    Page: IDS33-PL. Sanitize untrusted data passed across a trust boundary
    Page: EXP32-PL. Do not ignore function return values
    Page: IDS30-PL. Exclude user input from format strings
    Page: MSC02-PL. Run programs with full warnings and strict checking
    Page: IDS00-PL. Canonicalize path names before validating them
    Page: FIO01-PL. Do not operate on files that can be modified by untrusted users
    Page: IDS34-PL. Do not pass untrusted, unsanitized data to a command interpreter
    Page: DCL33-PL. Declare identifiers before using them
    Page: EXP30-PL. Do not use deprecated or obsolete functions or modules
    Page: MSC00-PL. Detect and remove dead code
Hierarchy
Children (7)
    Page: 1 Front Matter
    Page: 2 Rules
    Page: 3 Recommendations
    Page: 4 Back Matter
    Page: 5 Admin
    Page: Wiki Contents
    Page: CERT manifest files
Labels
Global Labels (2)
Recent Changes
Time Editor  
Apr 04, 2024 13:54 David Svoboda View Changes
Reverted from v. 159
Mar 22, 2024 13:43 David Svoboda View Changes
Mar 22, 2024 13:06 David Svoboda View Changes
Mar 20, 2024 16:15 David Svoboda View Changes
Feb 14, 2024 11:38 Robert Schiela  
Updated link to C Coding Standard download.
Outgoing Links
External Links (5)
    www.informit.com/store/secure-coding-in-c-and-c-plus-plus-9…
    www.cert.org/secure-coding/contact.cfm
    https://wiki.sei.cmu.edu/confluence/signup.action
    https://resources.sei.cmu.edu/library/asset-view.cfm?assetI…
    https://resources.sei.cmu.edu/library/asset-view.cfm?asseti…
CERT Secure Coding (2)     Page: Secure Coding Space Homepage Notices
    Page: Understand the Difference Between Rules and Recommendations
SEI CERT C Coding Standard (4)     Page: Errata for SEI CERT C Coding Standard (2016 Edition)
    Page: Acknowledgments
    Home page: SEI CERT C Coding Standard
    Page: CERT manifest files