JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc

BSI-Specific BADFUNC Classes

A number of BADFUNC warning classes have been implemented specifically to support the Build Security In (BSI) rule set.

Some of these classes warn about functions that should not be used at all, but many of them warn about function uses so that programmers can verify that certain precautions have been taken before the function executes. Each warning class page describes the appropriate resolution for warnings of that class.

To enable checks for these classes, apply the bsi preset to the CodeSonar build/analysis.

BSI-Specific BADFUNC Classes and Corresponding BSI Rules

The BSI-specific BADFUNC classes are listed in the following table, along with their corresponding BSI rules. The Build Security In website is no longer available, so we are not able to provide links to individual rules.

Warning Class BSI Rule
Use of _exec Exec-SearchPath-01
Exec-SearchPath-02
Use of _spawn Exec-SearchPath-01
Exec-SearchPath-02
Use of AddAccessAllowedAce AddAccess-ACE
Use of AddAccessDeniedAce
Use of AfxLoadLibrary AfxLoadLibrary
Use of AfxParseURL AfxParseURL
Use of catopen Catopen
Use of chroot CHROOT-01
CHROOT-02
CHROOT-03
Use of CoLoadLibrary AfxLoadLibrary
Use of CreateFile CreateFile-01
CreateFile-02
Use of CreateProcess CreateProcess-02
CreateProcess-03
CreateProcess-04
Use of CreateThread CreateThread
Use of cuserid CUSERID
Use of execlp Exec-SearchPath-01
Exec-SearchPath-02
Use of execvp Exec-SearchPath-01
Exec-SearchPath-02
Use of FormatMessage FormatMessage
Use of getlogin GETLOGIN
Use of getopt GETOPT
Use of getpass GETPASS
Use of getwd GETWD
Use of LoadLibrary LoadLibrary
Use of LoadModule LoadModule
Use of memset MEMSET
Use of mkstemp Mkstemp
Use of MoveFile MoveFile
Use of OemToAnsi OemToChar
Use of OemToChar
Use of popen Exec-SearchPath-01
Exec-SearchPath-02
Use of rand MetaRule (5)
Use of rand48 Function
Use of random
Use of realpath REALPATH
Use of recvmsg RecvMsg
Use of setuid SIGNAL-02
Use of signal SIGNAL-01
Use of SHCreateProcessAsUserW SHCreateProcessAsUserW
Use of ShellExecute ShellExecute
Use of strcat STRCAT
Use of StrCatChainW StrCatChainW
Use of strcmp STRCMP
Use of strcpy STRCPY
Use of strlen STRLEN
Use of strtrns STRTRNS
Use of syslog SYSLOG-1
Use of t_open T_Open
Use of ttyname TTYNAME
Use of vfork VFORK
Use of WinExec WinExec

Enabling BSI Checks

You can enable all BSI checks, or individual classes.

Enabling All BSI Checks

To enable the full set of BSI checks, apply the bsi configuration preset to the CodeSonar build/analysis.

Command Line Specify -preset bsi as part of your build/analysis command. For example:
codesonar analyze MyProj -preset bsi localhost:7340 make
Define as a default preset Copy bsi.conf from $CSONAR/codesonar/presets/ to $CSONAR/codesonar/default_presets/.
OR
Use the CodeSonar Configuration Tool Modify Analysis Settings option.
Windows Build Wizard Select bsi from the Preset list on screen 2.
Eclipse Plug-In Select bsi from the Presets list in the Properties dialog.
Visual Studio Plug-In Select bsi from the Presets list in the Project Properties dialog.

Enabling Individual BSI Checks

To enable an individual BSI-specific class, use a WARNING_FILTER allow rule in the general template configuration file or a general project configuration file (depending on whether you want to enable the classes for all projects or a single project). For example:

WARNING_FILTER += allow class="Use of syslog"
 

To report problems with this documentation, please visit https://support.codesecure.com/.