JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
The categories list for each CodeSonar warning includes any relevant rule and recommendation identifiers from the SEI CERT coding standards for C, C++, and Java.
A broader set of CERT correspondences is shown in Broad Mapping: CERT.
CSV tables of warning classes by CERT identifier are provided in CERT-C-mapping.csv, CERT-CPP-mapping.csv, and CERT-Java-mapping.csv.
CodeSonar includes a large number of warning classes that support checking for rules and recommendations in the following coding standards, published by the CERT Division of the Carnegie Mellon University Software Engineering Institute (SEI).
The categories list for each CodeSonar warning includes any relevant rule/recommendation identifiers from these standards.
The following table shows the CodeSonar warning classes that are associated with the rules and recommendations in the SEI CERT C Coding Standard.
This table is also available in CSV format: CERT-C-mapping.csv.
| CERT-C | Category | C/C++ Warning Classes |
|---|---|---|
| CERT-C:API00-C Functions should validate their parameters | Recommendation | |
| CERT-C:API01-C Avoid laying out strings in memory directly before sensitive data | Recommendation | - |
| CERT-C:API02-C Functions that read or write to or from an array should take an argument to specify the source or target size | Recommendation |
|
| CERT-C:API03-C Create consistent interfaces and capabilities across related functions | Recommendation | - |
| CERT-C:API04-C Provide a consistent and usable error-checking mechanism | Recommendation | - |
| CERT-C:API05-C Use conformant array parameters | Recommendation | - |
| CERT-C:API07-C Enforce type safety | Recommendation | |
| CERT-C:API09-C Compatible values should have the same type | Recommendation | - |
| CERT-C:API10-C APIs should have security options enabled by default | Recommendation | - |
| CERT-C:ARR00-C Understand how arrays work | Recommendation | |
| CERT-C:ARR01-C Do not apply the sizeof operator to a pointer when taking the size of an array | Recommendation | |
| CERT-C:ARR02-C Explicitly specify array bounds, even if implicitly defined by an initializer | Recommendation | - |
| CERT-C:ARR30-C Do not form or use out-of-bounds pointers or array subscripts | Rule | |
| CERT-C:ARR32-C Ensure size arguments for variable length arrays are in a valid range | Rule | |
| CERT-C:ARR36-C Do not subtract or compare two pointers that do not refer to the same array | Rule | |
| CERT-C:ARR37-C Do not add or subtract an integer to a pointer to a non-array object | Rule | |
| CERT-C:ARR38-C Guarantee that library functions do not form invalid pointers | Rule | |
| CERT-C:ARR39-C Do not add or subtract a scaled integer to a pointer | Rule | |
| CERT-C:CON01-C Acquire and release synchronization primitives in the same module, at the same level of abstraction | Recommendation | |
| CERT-C:CON02-C Do not use volatile as a synchronization primitive | Recommendation | |
| CERT-C:CON03-C Ensure visibility when accessing shared variables | Recommendation | - |
| CERT-C:CON04-C Join or detach threads even if their exit status is unimportant | Recommendation | - |
| CERT-C:CON05-C Do not perform operations that can block while holding a lock | Recommendation | |
| CERT-C:CON06-C Ensure that every mutex outlives the data it protects | Recommendation | - |
| CERT-C:CON07-C Ensure that compound operations on shared variables are atomic | Recommendation | |
| CERT-C:CON08-C Do not assume that a group of calls to independently atomic methods is atomic | Recommendation | - |
| CERT-C:CON09-C Avoid the ABA problem when using lock-free algorithms | Recommendation | - |
| CERT-C:CON30-C Clean up thread-specific storage | Rule | |
| CERT-C:CON31-C Do not destroy a mutex while it is locked | Rule | |
| CERT-C:CON32-C Prevent data races when accessing bit-fields from multiple threads | Rule | |
| CERT-C:CON33-C Avoid race conditions when using library functions | Rule | |
| CERT-C:CON34-C Declare objects shared between threads with appropriate storage durations | Rule | |
| CERT-C:CON35-C Avoid deadlock by locking in a predefined order | Rule | |
| CERT-C:CON36-C Wrap functions that can spuriously wake up in a loop | Rule | |
| CERT-C:CON37-C Do not call signal() in a multithreaded program | Rule | |
| CERT-C:CON38-C Preserve thread safety and liveness when using condition variables | Rule | |
| CERT-C:CON39-C Do not join or detach a thread that was previously joined or detached | Rule | |
| CERT-C:CON40-C Do not refer to an atomic variable twice in an expression | Rule | |
| CERT-C:CON41-C Wrap functions that can fail spuriously in a loop | Rule | |
| CERT-C:CON43-C Do not allow data races in multithreaded code | Rule | |
| CERT-C:DCL00-C Const-qualify immutable objects | Recommendation | |
| CERT-C:DCL01-C Do not reuse variable names in subscopes | Recommendation | |
| CERT-C:DCL02-C Use visually distinct identifiers | Recommendation | |
| CERT-C:DCL03-C Use a static assertion to test the value of a constant expression | Recommendation | - |
| CERT-C:DCL04-C Do not declare more than one variable per declaration | Recommendation | |
| CERT-C:DCL05-C Use typedefs of non-pointer types only | Recommendation | |
| CERT-C:DCL06-C Use meaningful symbolic constants to represent literal values | Recommendation | |
| CERT-C:DCL07-C Include the appropriate type information in function declarators | Recommendation | |
| CERT-C:DCL08-C Properly encode relationships in constant definitions | Recommendation | - |
| CERT-C:DCL09-C Declare functions that return errno with a return type of errno_t | Recommendation | - |
| CERT-C:DCL10-C Maintain the contract between the writer and caller of variadic functions | Recommendation | - |
| CERT-C:DCL11-C Understand the type issues associated with variadic functions | Recommendation | |
| CERT-C:DCL12-C Implement abstract data types using opaque types | Recommendation | - |
| CERT-C:DCL13-C Declare function parameters that are pointers to values not changed by the function as const | Recommendation | |
| CERT-C:DCL15-C Declare file-scope objects or functions that do not need external linkage as static | Recommendation | |
| CERT-C:DCL16-C Use "L," not "l," to indicate a long value | Recommendation | |
| CERT-C:DCL17-C Beware of miscompiled volatile-qualified variables | Recommendation | - |
| CERT-C:DCL18-C Do not begin integer constants with 0 when specifying a decimal value | Recommendation | |
| CERT-C:DCL19-C Minimize the scope of variables and functions | Recommendation | |
| CERT-C:DCL20-C Explicitly specify void when a function accepts no arguments | Recommendation | |
| CERT-C:DCL21-C Understand the storage of compound literals | Recommendation | - |
| CERT-C:DCL22-C Use volatile for data that cannot be cached | Recommendation | - |
| CERT-C:DCL23-C Guarantee that mutually visible identifiers are unique | Recommendation |
|
| CERT-C:DCL30-C Declare objects with appropriate storage durations | Rule | |
| CERT-C:DCL31-C Declare identifiers before using them | Rule | - |
| CERT-C:DCL36-C Do not declare an identifier with conflicting linkage classifications | Rule | |
| CERT-C:DCL37-C Do not declare or define a reserved identifier | Rule | |
| CERT-C:DCL38-C Use the correct syntax when declaring a flexible array member | Rule | - |
| CERT-C:DCL39-C Avoid information leakage when passing a structure across a trust boundary | Rule | |
| CERT-C:DCL40-C Do not create incompatible declarations of the same function or object | Rule | |
| CERT-C:DCL41-C Do not declare variables inside a switch statement before the first case label | Rule | |
| CERT-C:ENV01-C Do not make assumptions about the size of an environment variable | Recommendation | |
| CERT-C:ENV02-C Beware of multiple environment variables with the same effective name | Recommendation | - |
| CERT-C:ENV03-C Sanitize the environment when invoking external programs | Recommendation | - |
| CERT-C:ENV30-C Do not modify the object referenced by the return value of certain functions | Rule | |
| CERT-C:ENV31-C Do not rely on an environment pointer following an operation that may invalidate it | Rule | - |
| CERT-C:ENV32-C All exit handlers must return normally | Rule | |
| CERT-C:ENV33-C Do not call system() | Rule | |
| CERT-C:ENV34-C Do not store pointers returned by certain functions | Rule | - |
| CERT-C:ERR00-C Adopt and implement a consistent and comprehensive error-handling policy | Recommendation | - |
| CERT-C:ERR01-C Use ferror() rather than errno to check for FILE stream errors | Recommendation | - |
| CERT-C:ERR02-C Avoid in-band error indicators | Recommendation | - |
| CERT-C:ERR03-C Use runtime-constraint handlers when calling the bounds-checking interfaces | Recommendation | - |
| CERT-C:ERR04-C Choose an appropriate termination strategy | Recommendation | - |
| CERT-C:ERR05-C Application-independent code should provide error detection without dictating error handling | Recommendation | - |
| CERT-C:ERR06-C Understand the termination behavior of assert() and abort() | Recommendation | - |
| CERT-C:ERR07-C Prefer functions that support error checking over equivalent functions that don't | Recommendation | - |
| CERT-C:ERR30-C Take care when reading errno | Rule | |
| CERT-C:ERR32-C Do not rely on indeterminate values of errno | Rule | - |
| CERT-C:ERR33-C Detect and handle standard library errors | Rule | |
| CERT-C:ERR34-C Detect errors when converting a string to a number | Rule | |
| CERT-C:EXP00-C Use parentheses for precedence of operation | Recommendation | |
| CERT-C:EXP02-C Be aware of the short-circuit behavior of the logical AND and OR operators | Recommendation | - |
| CERT-C:EXP03-C Do not assume the size of a structure is the sum of the sizes of its members | Recommendation | - |
| CERT-C:EXP05-C Do not cast away a const qualification | Recommendation | |
| CERT-C:EXP07-C Do not diminish the benefits of constants by assuming their values in expressions | Recommendation | - |
| CERT-C:EXP08-C Ensure pointer arithmetic is used correctly | Recommendation | |
| CERT-C:EXP09-C Use sizeof to determine the size of a type or variable | Recommendation | - |
| CERT-C:EXP10-C Do not depend on the order of evaluation of subexpressions or the order in which side effects take place | Recommendation | |
| CERT-C:EXP11-C Do not make assumptions regarding the layout of structures with bit-fields | Recommendation | - |
| CERT-C:EXP12-C Do not ignore values returned by functions | Recommendation | |
| CERT-C:EXP13-C Treat relational and equality operators as if they were nonassociative | Recommendation | - |
| CERT-C:EXP14-C Beware of integer promotion when performing bitwise operations on integer types smaller than int | Recommendation | |
| CERT-C:EXP15-C Do not place a semicolon on the same line as an if, for, or while statement | Recommendation | |
| CERT-C:EXP16-C Do not compare function pointers to constant values | Recommendation | - |
| CERT-C:EXP19-C Use braces for the body of an if, for, or while statement | Recommendation | - |
| CERT-C:EXP20-C Perform explicit tests to determine success, true and false, and equality | Recommendation | - |
| CERT-C:EXP30-C Do not depend on the order of evaluation for side effects | Rule | |
| CERT-C:EXP32-C Do not access a volatile object through a nonvolatile reference | Rule | - |
| CERT-C:EXP33-C Do not read uninitialized memory | Rule | |
| CERT-C:EXP34-C Do not dereference null pointers | Rule | |
| CERT-C:EXP35-C Do not modify objects with temporary lifetime | Rule | |
| CERT-C:EXP36-C Do not cast pointers into more strictly aligned pointer types | Rule | |
| CERT-C:EXP37-C Call functions with the correct number and type of arguments | Rule | |
| CERT-C:EXP39-C Do not access a variable through a pointer of an incompatible type | Rule | - |
| CERT-C:EXP40-C Do not modify constant objects | Rule | - |
| CERT-C:EXP42-C Do not compare padding data | Rule | |
| CERT-C:EXP43-C Avoid undefined behavior when using restrict-qualified pointers | Rule | |
| CERT-C:EXP44-C Do not rely on side effects in operands to sizeof, _Alignof, or _Generic | Rule | |
| CERT-C:EXP45-C Do not perform assignments in selection statements | Rule | |
| CERT-C:EXP46-C Do not use a bitwise operator with a Boolean-like operand | Rule | |
| CERT-C:EXP47-C Do not call va_arg with an argument of the incorrect type | Rule | |
| CERT-C:FIO01-C Be careful using functions that use file names for identification | Recommendation | |
| CERT-C:FIO02-C Canonicalize path names originating from tainted sources | Recommendation | |
| CERT-C:FIO03-C Do not make assumptions about fopen() and file creation | Recommendation | - |
| CERT-C:FIO05-C Identify files using multiple file attributes | Recommendation | - |
| CERT-C:FIO06-C Create files with appropriate access permissions | Recommendation | |
| CERT-C:FIO08-C Take care when calling remove() on an open file | Recommendation | - |
| CERT-C:FIO09-C Be careful with binary data when transferring data across systems | Recommendation | - |
| CERT-C:FIO10-C Take care when using the rename() function | Recommendation | - |
| CERT-C:FIO11-C Take care when specifying the mode parameter of fopen() | Recommendation | - |
| CERT-C:FIO13-C Never push back anything other than one read character | Recommendation | - |
| CERT-C:FIO14-C Understand the difference between text mode and binary mode with file streams | Recommendation | - |
| CERT-C:FIO15-C Ensure that file operations are performed in a secure directory | Recommendation | - |
| CERT-C:FIO17-C Do not rely on an ending null character when using fread() | Recommendation | - |
| CERT-C:FIO18-C Never expect fwrite() to terminate the writing process at a null character | Recommendation | - |
| CERT-C:FIO19-C Do not use fseek() and ftell() to compute the size of a regular file | Recommendation | - |
| CERT-C:FIO20-C Avoid unintentional truncation when using fgets() or fgetws() | Recommendation | - |
| CERT-C:FIO21-C Do not create temporary files in shared directories | Recommendation | |
| CERT-C:FIO22-C Close files before spawning processes | Recommendation | - |
| CERT-C:FIO23-C Do not exit with unflushed data in stdout or stderr | Recommendation | - |
| CERT-C:FIO24-C Do not open a file that is already open | Recommendation | |
| CERT-C:FIO30-C Exclude user input from format strings | Rule | |
| CERT-C:FIO32-C Do not perform operations on devices that are only appropriate for files | Rule | - |
| CERT-C:FIO34-C Distinguish between characters read from a file and EOF or WEOF | Rule | |
| CERT-C:FIO37-C Do not assume that fgets() or fgetws() returns a nonempty string when successful | Rule | |
| CERT-C:FIO38-C Do not copy a FILE object | Rule | - |
| CERT-C:FIO39-C Do not alternately input and output from a stream without an intervening flush or positioning call | Rule | |
| CERT-C:FIO40-C Reset strings on fgets() or fgetws() failure | Rule | |
| CERT-C:FIO41-C Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects | Rule | - |
| CERT-C:FIO42-C Close files when they are no longer needed | Rule | |
| CERT-C:FIO44-C Only use values for fsetpos() that are returned from fgetpos() | Rule | - |
| CERT-C:FIO45-C Avoid TOCTOU race conditions while accessing files | Rule | |
| CERT-C:FIO46-C Do not access a closed file | Rule | |
| CERT-C:FIO47-C Use valid format strings | Rule | |
| CERT-C:FLP00-C Understand the limitations of floating-point numbers | Recommendation | |
| CERT-C:FLP01-C Take care in rearranging floating-point expressions | Recommendation | - |
| CERT-C:FLP02-C Avoid using floating-point numbers when precise computation is needed | Recommendation | |
| CERT-C:FLP03-C Detect and handle floating-point errors | Recommendation | - |
| CERT-C:FLP04-C Check floating-point inputs for exceptional values | Recommendation | - |
| CERT-C:FLP05-C Do not use denormalized numbers | Recommendation | - |
| CERT-C:FLP06-C Convert integers to floating point for floating-point operations | Recommendation | |
| CERT-C:FLP07-C Cast the return value of a function that returns a floating-point type | Recommendation | - |
| CERT-C:FLP30-C Do not use floating-point variables as loop counters | Rule | |
| CERT-C:FLP32-C Prevent or detect domain and range errors in math functions | Rule | |
| CERT-C:FLP34-C Ensure that floating-point conversions are within range of the new type | Rule | |
| CERT-C:FLP36-C Preserve precision when converting integral values to floating-point type | Rule | |
| CERT-C:FLP37-C Do not use object representations to compare floating-point values | Rule | - |
| CERT-C:INT00-C Understand the data model used by your implementation(s) | Recommendation | - |
| CERT-C:INT01-C Use rsize_t or size_t for all integer values representing the size of an object | Recommendation | |
| CERT-C:INT02-C Understand integer conversion rules | Recommendation | |
| CERT-C:INT04-C Enforce limits on integer values originating from tainted sources | Recommendation | |
| CERT-C:INT05-C Do not use input functions to convert character data if they cannot handle all possible inputs | Recommendation | |
| CERT-C:INT07-C Use only explicitly signed or unsigned char type for numeric values | Recommendation | |
| CERT-C:INT08-C Verify that all integer values are in range | Recommendation | |
| CERT-C:INT09-C Ensure enumeration constants map to unique values | Recommendation | |
| CERT-C:INT10-C Do not assume a positive remainder when using the % operator | Recommendation | - |
| CERT-C:INT12-C Do not make assumptions about the type of a plain int bit-field when used in an expression | Recommendation | |
| CERT-C:INT13-C Use bitwise operators only on unsigned operands | Recommendation | |
| CERT-C:INT14-C Avoid performing bitwise and arithmetic operations on the same data | Recommendation | - |
| CERT-C:INT15-C Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types | Recommendation | - |
| CERT-C:INT16-C Do not make assumptions about representation of signed integers | Recommendation | - |
| CERT-C:INT17-C Define integer constants in an implementation-independent manner | Recommendation | - |
| CERT-C:INT18-C Evaluate integer expressions in a larger size before comparing or assigning to that size | Recommendation |
|
| CERT-C:INT30-C Ensure that unsigned integer operations do not wrap | Rule | |
| CERT-C:INT31-C Ensure that integer conversions do not result in lost or misinterpreted data | Rule | |
| CERT-C:INT32-C Ensure that operations on signed integers do not result in overflow | Rule | |
| CERT-C:INT33-C Ensure that division and remainder operations do not result in divide-by-zero errors | Rule | |
| CERT-C:INT34-C Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand | Rule | |
| CERT-C:INT35-C Use correct integer precisions | Rule | |
| CERT-C:INT36-C Converting a pointer to integer or integer to pointer | Rule | |
| CERT-C:MEM00-C Allocate and free memory in the same module, at the same level of abstraction | Recommendation | |
| CERT-C:MEM01-C Store a new value in pointers immediately after free() | Recommendation | |
| CERT-C:MEM02-C Immediately cast the result of a memory allocation function call into a pointer to the allocated type | Recommendation | - |
| CERT-C:MEM03-C Clear sensitive information stored in reusable resources | Recommendation | - |
| CERT-C:MEM04-C Beware of zero-length allocations | Recommendation | - |
| CERT-C:MEM05-C Avoid large stack allocations | Recommendation | |
| CERT-C:MEM06-C Ensure that sensitive data is not written out to disk | Recommendation | - |
| CERT-C:MEM07-C Ensure that the arguments to calloc(), when multiplied, do not wrap | Recommendation | |
| CERT-C:MEM10-C Define and use a pointer validation function | Recommendation | - |
| CERT-C:MEM11-C Do not assume infinite heap space | Recommendation | |
| CERT-C:MEM12-C Consider using a goto chain when leaving a function on error when using and releasing resources | Recommendation | - |
| CERT-C:MEM30-C Do not access freed memory | Rule | |
| CERT-C:MEM31-C Free dynamically allocated memory when no longer needed | Rule | |
| CERT-C:MEM33-C Allocate and copy structures containing a flexible array member dynamically | Rule | |
| CERT-C:MEM34-C Only free memory allocated dynamically | Rule | |
| CERT-C:MEM35-C Allocate sufficient memory for an object | Rule |
|
| CERT-C:MEM36-C Do not modify the alignment of objects by calling realloc() | Rule | |
| CERT-C:MSC00-C Compile cleanly at high warning levels | Recommendation | |
| CERT-C:MSC01-C Strive for logical completeness | Recommendation | - |
| CERT-C:MSC04-C Use comments consistently and in a readable fashion | Recommendation | - |
| CERT-C:MSC05-C Do not manipulate time_t typed values directly | Recommendation | - |
| CERT-C:MSC06-C Beware of compiler optimizations | Recommendation | |
| CERT-C:MSC07-C Detect and remove dead code | Recommendation | |
| CERT-C:MSC09-C Character encoding: Use subset of ASCII for safety | Recommendation | |
| CERT-C:MSC10-C Character encoding: UTF8-related issues | Recommendation | - |
| CERT-C:MSC11-C Incorporate diagnostic tests using assertions | Recommendation | |
| CERT-C:MSC12-C Detect and remove code that has no effect or is never executed | Recommendation |
|
| CERT-C:MSC13-C Detect and remove unused values | Recommendation | |
| CERT-C:MSC14-C Do not introduce unnecessary platform dependencies | Recommendation | - |
| CERT-C:MSC15-C Do not depend on undefined behavior | Recommendation | - |
| CERT-C:MSC17-C Finish every set of statements associated with a case label with a break statement | Recommendation | |
| CERT-C:MSC18-C Be careful while handling sensitive data, such as passwords, in program code | Recommendation | |
| CERT-C:MSC19-C For functions that return an array, prefer returning an empty array over a null value | Recommendation | - |
| CERT-C:MSC20-C Do not use a switch statement to transfer control into a complex block | Recommendation | |
| CERT-C:MSC21-C Use robust loop termination conditions | Recommendation | |
| CERT-C:MSC22-C Use the setjmp(), longjmp() facility securely | Recommendation | |
| CERT-C:MSC23-C Beware of vendor-specific library and language differences | Recommendation |
|
| CERT-C:MSC24-C Do not use deprecated or obsolescent functions | Recommendation | |
| CERT-C:MSC25-C Do not use insecure or weak cryptographic algorithms | Recommendation | |
| CERT-C:MSC30-C Do not use the rand() function for generating pseudorandom numbers | Rule | |
| CERT-C:MSC32-C Properly seed pseudorandom number generators | Rule | |
| CERT-C:MSC33-C Do not pass invalid data to the asctime() function | Rule | |
| CERT-C:MSC37-C Ensure that control never reaches the end of a non-void function | Rule | |
| CERT-C:MSC38-C Do not treat a predefined identifier as an object if it might only be implemented as a macro | Rule | |
| CERT-C:MSC39-C Do not call va_arg() on a va_list that has an indeterminate value | Rule | |
| CERT-C:MSC40-C Do not violate constraints | Rule | - |
| CERT-C:MSC41-C Never hard code sensitive information | Rule | |
| CERT-C:POS01-C Check for the existence of links when dealing with files | Recommendation | - |
| CERT-C:POS02-C Follow the principle of least privilege | Recommendation | - |
| CERT-C:POS04-C Avoid using PTHREAD_MUTEX_NORMAL type mutex locks | Recommendation | - |
| CERT-C:POS05-C Limit access to files by creating a jail | Recommendation | |
| CERT-C:POS30-C Use the readlink() function properly | Rule | |
| CERT-C:POS34-C Do not call putenv() with a pointer to an automatic variable as the argument | Rule | |
| CERT-C:POS35-C Avoid race conditions while checking for the existence of a symbolic link | Rule | - |
| CERT-C:POS36-C Observe correct revocation order while relinquishing privileges | Rule | |
| CERT-C:POS37-C Ensure that privilege relinquishment is successful | Rule | |
| CERT-C:POS38-C Beware of race conditions when using fork and file descriptors | Rule | |
| CERT-C:POS39-C Use the correct byte ordering when transferring data between systems | Rule | - |
| CERT-C:POS44-C Do not use signals to terminate threads | Rule | |
| CERT-C:POS47-C Do not use threads that can be canceled asynchronously | Rule | - |
| CERT-C:POS48-C Do not unlock or destroy another POSIX thread's mutex | Rule | |
| CERT-C:POS49-C When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed | Rule | |
| CERT-C:POS50-C Declare objects shared between POSIX threads with appropriate storage durations | Rule | - |
| CERT-C:POS51-C Avoid deadlock with POSIX threads by locking in predefined order | Rule | |
| CERT-C:POS52-C Do not perform operations that can block while holding a POSIX lock | Rule | |
| CERT-C:POS53-C Do not use more than one mutex for concurrent waiting operations on a condition variable | Rule | - |
| CERT-C:POS54-C Detect and handle POSIX library errors | Rule | |
| CERT-C:PRE00-C Prefer inline or static functions to function-like macros | Recommendation | |
| CERT-C:PRE01-C Use parentheses within macros around parameter names | Recommendation | - |
| CERT-C:PRE02-C Macro replacement lists should be parenthesized | Recommendation | |
| CERT-C:PRE03-C Prefer typedefs to defines for encoding non-pointer types | Recommendation | - |
| CERT-C:PRE04-C Do not reuse a standard header file name | Recommendation | - |
| CERT-C:PRE05-C Understand macro replacement when concatenating tokens or performing stringification | Recommendation | |
| CERT-C:PRE06-C Enclose header files in an include guard | Recommendation | - |
| CERT-C:PRE07-C Avoid using repeated question marks | Recommendation | - |
| CERT-C:PRE08-C Guarantee that header file names are unique | Recommendation | - |
| CERT-C:PRE09-C Do not replace secure functions with deprecated or obsolescent functions | Recommendation | - |
| CERT-C:PRE10-C Wrap multistatement macros in a do-while loop | Recommendation | - |
| CERT-C:PRE11-C Do not conclude macro definitions with a semicolon | Recommendation | |
| CERT-C:PRE12-C Do not define unsafe macros | Recommendation | - |
| CERT-C:PRE13-C Use the Standard predefined macros to test for versions and features. | Recommendation | - |
| CERT-C:PRE30-C Do not create a universal character name through concatenation | Rule | |
| CERT-C:PRE31-C Avoid side effects in arguments to unsafe macros | Rule | |
| CERT-C:PRE32-C Do not use preprocessor directives in invocations of function-like macros | Rule | |
| CERT-C:SIG00-C Mask signals handled by noninterruptible signal handlers | Recommendation | |
| CERT-C:SIG01-C Understand implementation-specific details regarding signal handler persistence | Recommendation | |
| CERT-C:SIG02-C Avoid using signals to implement normal functionality | Recommendation | |
| CERT-C:SIG30-C Call only asynchronous-safe functions within signal handlers | Rule | |
| CERT-C:SIG31-C Do not access shared objects in signal handlers | Rule | |
| CERT-C:SIG34-C Do not call signal() from within interruptible signal handlers | Rule | |
| CERT-C:SIG35-C Do not return from a computational exception signal handler | Rule | |
| CERT-C:STR00-C Represent characters using an appropriate type | Recommendation | |
| CERT-C:STR01-C Adopt and implement a consistent plan for managing strings | Recommendation | - |
| CERT-C:STR02-C Sanitize data passed to complex subsystems | Recommendation | |
| CERT-C:STR03-C Do not inadvertently truncate a string | Recommendation | |
| CERT-C:STR04-C Use plain char for characters in the basic character set | Recommendation | |
| CERT-C:STR05-C Use pointers to const when referring to string literals | Recommendation | |
| CERT-C:STR06-C Do not assume that strtok() leaves the parse string unchanged | Recommendation | - |
| CERT-C:STR07-C Use the bounds-checking interfaces for string manipulation | Recommendation | |
| CERT-C:STR08-C Use managed strings for development of new string manipulation code | Recommendation | - |
| CERT-C:STR09-C Don't assume numeric values for expressions with type plain character | Recommendation | - |
| CERT-C:STR10-C Do not concatenate different type of string literals | Recommendation | |
| CERT-C:STR11-C Do not specify the bound of a character array initialized with a string literal | Recommendation | - |
| CERT-C:STR30-C Do not attempt to modify string literals | Rule | - |
| CERT-C:STR31-C Guarantee that storage for strings has sufficient space for character data and the null terminator | Rule | |
| CERT-C:STR32-C Do not pass a non-null-terminated character sequence to a library function that expects a string | Rule | |
| CERT-C:STR34-C Cast characters to unsigned char before converting to larger integer sizes | Rule | |
| CERT-C:STR37-C Arguments to character-handling functions must be representable as an unsigned char | Rule | |
| CERT-C:STR38-C Do not confuse narrow and wide character strings and functions | Rule | |
| CERT-C:WIN00-C Be specific when dynamically loading libraries | Recommendation | |
| CERT-C:WIN01-C Do not forcibly terminate execution | Recommendation | - |
| CERT-C:WIN02-C Restrict privileges when spawning child processes | Recommendation | |
| CERT-C:WIN03-C Understand HANDLE inheritance | Recommendation | - |
| CERT-C:WIN04-C Consider encrypting function pointers | Recommendation | - |
| CERT-C:WIN30-C Properly pair allocation and deallocation functions | Rule |
The following table shows the CodeSonar warning classes that are associated with the rules and recommendations in the SEI CERT C++ Coding Standard.
This table is also available in CSV format: CERT-CPP-mapping.csv.
| CERT-CPP | Category | C++ Warning Classes |
|---|---|---|
| CERT-CPP:CON50-CPP Do not destroy a mutex while it is locked | Rule | |
| CERT-CPP:CON51-CPP Ensure actively held locks are released on exceptional conditions | Rule | |
| CERT-CPP:CON52-CPP Prevent data races when accessing bit-fields from multiple threads | Rule | |
| CERT-CPP:CON53-CPP Avoid deadlock by locking in a predefined order | Rule | |
| CERT-CPP:CON54-CPP Wrap functions that can spuriously wake up in a loop | Rule | |
| CERT-CPP:CON55-CPP Preserve thread safety and liveness when using condition variables | Rule | |
| CERT-CPP:CON56-CPP Do not speculatively lock a non-recursive mutex that is already owned by the calling thread | Rule | |
| CERT-CPP:CTR50-CPP Guarantee that container indices and iterators are within the valid range | Rule | |
| CERT-CPP:CTR51-CPP Use valid references, pointers, and iterators to reference elements of a container | Rule | |
| CERT-CPP:CTR52-CPP Guarantee that library functions do not overflow | Rule |
|
| CERT-CPP:CTR53-CPP Use valid iterator ranges | Rule | |
| CERT-CPP:CTR54-CPP Do not subtract iterators that do not refer to the same container | Rule | |
| CERT-CPP:CTR55-CPP Do not use an additive operator on an iterator if the result would overflow | Rule | - |
| CERT-CPP:CTR56-CPP Do not use pointer arithmetic on polymorphic objects | Rule | |
| CERT-CPP:CTR57-CPP Provide a valid ordering predicate | Rule | |
| CERT-CPP:CTR58-CPP Predicate function objects should not be mutable | Rule | |
| CERT-CPP:DCL50-CPP Do not define a C-style variadic function | Rule | |
| CERT-CPP:DCL51-CPP Do not declare or define a reserved identifier | Rule | |
| CERT-CPP:DCL52-CPP Never qualify a reference type with const or volatile | Rule | - |
| CERT-CPP:DCL53-CPP Do not write syntactically ambiguous declarations | Rule | |
| CERT-CPP:DCL54-CPP Overload allocation and deallocation functions as a pair in the same scope | Rule | - |
| CERT-CPP:DCL55-CPP Avoid information leakage when passing a class object across a trust boundary | Rule | |
| CERT-CPP:DCL56-CPP Avoid cycles during initialization of static objects | Rule | |
| CERT-CPP:DCL57-CPP Do not let exceptions escape from destructors or deallocation functions | Rule | |
| CERT-CPP:DCL58-CPP Do not modify the standard namespaces | Rule | |
| CERT-CPP:DCL59-CPP Do not define an unnamed namespace in a header file | Rule | |
| CERT-CPP:DCL60-CPP Obey the one-definition rule | Rule | |
| CERT-CPP:ERR50-CPP Do not abruptly terminate the program | Rule | |
| CERT-CPP:ERR51-CPP Handle all exceptions | Rule | |
| CERT-CPP:ERR52-CPP Do not use setjmp() or longjmp() | Rule | |
| CERT-CPP:ERR53-CPP Do not reference base classes or class data members in a constructor or destructor function-try-block handler | Rule | - |
| CERT-CPP:ERR54-CPP Catch handlers should order their parameter types from most derived to least derived | Rule | |
| CERT-CPP:ERR55-CPP Honor exception specifications | Rule | |
| CERT-CPP:ERR56-CPP Guarantee exception safety | Rule | - |
| CERT-CPP:ERR57-CPP Do not leak resources when handling exceptions | Rule | |
| CERT-CPP:ERR58-CPP Handle all exceptions thrown before main() begins executing | Rule | |
| CERT-CPP:ERR59-CPP Do not throw an exception across execution boundaries | Rule | - |
| CERT-CPP:ERR60-CPP Exception objects must be nothrow copy constructible | Rule | - |
| CERT-CPP:ERR61-CPP Catch exceptions by lvalue reference | Rule | |
| CERT-CPP:ERR62-CPP Detect errors when converting a string to a number | Rule | |
| CERT-CPP:EXP50-CPP Do not depend on the order of evaluation for side effects | Rule | |
| CERT-CPP:EXP51-CPP Do not delete an array through a pointer of the incorrect type | Rule | |
| CERT-CPP:EXP52-CPP Do not rely on side effects in unevaluated operands | Rule | |
| CERT-CPP:EXP53-CPP Do not read uninitialized memory | Rule | |
| CERT-CPP:EXP54-CPP Do not access an object outside of its lifetime | Rule | |
| CERT-CPP:EXP55-CPP Do not access a cv-qualified object through a cv-unqualified type | Rule | - |
| CERT-CPP:EXP56-CPP Do not call a function with a mismatched language linkage | Rule | - |
| CERT-CPP:EXP57-CPP Do not cast or delete pointers to incomplete classes | Rule | |
| CERT-CPP:EXP58-CPP Pass an object of the correct type to va_start | Rule | |
| CERT-CPP:EXP59-CPP Use offsetof() on valid types and members | Rule | |
| CERT-CPP:EXP60-CPP Do not pass a nonstandard-layout type object across execution boundaries | Rule | - |
| CERT-CPP:EXP61-CPP A lambda object must not outlive any of its reference captured objects | Rule | - |
| CERT-CPP:EXP62-CPP Do not access the bits of an object representation that are not part of the object's value representation | Rule | |
| CERT-CPP:EXP63-CPP Do not rely on the value of a moved-from object | Rule | |
| CERT-CPP:FIO50-CPP Do not alternately input and output from a file stream without an intervening positioning call | Rule | |
| CERT-CPP:FIO51-CPP Close files when they are no longer needed | Rule | |
| CERT-CPP:INT50-CPP Do not cast to an out-of-range enumeration value | Rule | |
| CERT-CPP:MEM50-CPP Do not access freed memory | Rule | |
| CERT-CPP:MEM51-CPP Properly deallocate dynamically allocated resources | Rule | |
| CERT-CPP:MEM52-CPP Detect and handle memory allocation errors | Rule | - |
| CERT-CPP:MEM53-CPP Explicitly construct and destruct objects when manually managing object lifetime | Rule | - |
| CERT-CPP:MEM54-CPP Provide placement new with properly aligned pointers to sufficient storage capacity | Rule | |
| CERT-CPP:MEM55-CPP Honor replacement dynamic storage management requirements | Rule | |
| CERT-CPP:MEM56-CPP Do not store an already-owned pointer value in an unrelated smart pointer | Rule | - |
| CERT-CPP:MEM57-CPP Avoid using default operator new for over-aligned types | Rule | - |
| CERT-CPP:MSC50-CPP Do not use std::rand() for generating pseudorandom numbers | Rule | |
| CERT-CPP:MSC51-CPP Ensure your random number generator is properly seeded | Rule | |
| CERT-CPP:MSC52-CPP Value-returning functions must return a value from all exit paths | Rule | |
| CERT-CPP:MSC53-CPP Do not return from a function declared [[noreturn]] | Rule | |
| CERT-CPP:MSC54-CPP A signal handler must be a plain old function | Rule | - |
| CERT-CPP:OOP50-CPP Do not invoke virtual functions from constructors or destructors | Rule | |
| CERT-CPP:OOP51-CPP Do not slice derived objects | Rule | |
| CERT-CPP:OOP52-CPP Do not delete a polymorphic object without a virtual destructor | Rule | |
| CERT-CPP:OOP53-CPP Write constructor member initializers in the canonical order | Rule | |
| CERT-CPP:OOP54-CPP Gracefully handle self-copy assignment | Rule | |
| CERT-CPP:OOP55-CPP Do not use pointer-to-member operators to access nonexistent members | Rule | |
| CERT-CPP:OOP56-CPP Honor replacement handler requirements | Rule | - |
| CERT-CPP:OOP57-CPP Prefer special member functions and overloaded operators to C Standard Library functions | Rule | |
| CERT-CPP:OOP58-CPP Copy operations must not mutate the source object | Rule | |
| CERT-CPP:STR50-CPP Guarantee that storage for strings has sufficient space for character data and the null terminator | Rule | |
| CERT-CPP:STR51-CPP Do not attempt to create a std::string from a null pointer | Rule | |
| CERT-CPP:STR52-CPP Use valid references, pointers, and iterators to reference elements of a basic_string | Rule | |
| CERT-CPP:STR53-CPP Range check element access | Rule | - |
The following table shows the CodeSonar warning classes that are associated with the rules and recommendations in the SEI CERT Oracle Coding Standard for Java.
This table is also available in CSV format: CERT-Java-mapping.csv.
| CERT-Java | Category | Java Warning Classes |
|---|---|---|
| CERT-Java:CON50-J Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object | Recommendation | - |
| CERT-Java:CON51-J Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics | Recommendation | - |
| CERT-Java:CON52-J Document thread-safety and use annotations where applicable | Recommendation | - |
| CERT-Java:DCL00-J Prevent class initialization cycles | Rule | |
| CERT-Java:DCL01-J Do not reuse public identifiers from the Java Standard Library | Rule | - |
| CERT-Java:DCL02-J Do not modify the collection's elements during an enhanced for statement | Rule | - |
| CERT-Java:DCL50-J Use visually distinct identifiers | Recommendation | - |
| CERT-Java:DCL51-J Do not shadow or obscure identifiers in subscopes | Recommendation | - |
| CERT-Java:DCL52-J Do not declare more than one variable per declaration | Recommendation | - |
| CERT-Java:DCL53-J Minimize the scope of variables | Recommendation | - |
| CERT-Java:DCL54-J Use meaningful symbolic constants to represent literal values in program logic | Recommendation | - |
| CERT-Java:DCL55-J Properly encode relationships in constant definitions | Recommendation | - |
| CERT-Java:DCL56-J Do not attach significance to the ordinal associated with an enum | Recommendation | - |
| CERT-Java:DCL57-J Avoid ambiguous overloading of variable arity methods | Recommendation | - |
| CERT-Java:DCL58-J Enable compile-time type checking of variable arity parameter types | Recommendation | - |
| CERT-Java:DCL59-J Do not apply public final to constants whose value might change in later releases | Recommendation | - |
| CERT-Java:DCL60-J Avoid cyclic dependencies between packages | Recommendation | - |
| CERT-Java:DCL61-J Do not use raw types | Recommendation | - |
| CERT-Java:DRD00 Do not store sensitive information on external storage (SD card) unless encrypted first | Rule | |
| CERT-Java:DRD01-X Limit the accessibility of an app's sensitive content provider | Rule | - |
| CERT-Java:DRD02-J Do not allow WebView to access sensitive local resource through file scheme | Rule | - |
| CERT-Java:DRD03-J Do not broadcast sensitive information using an implicit intent | Rule | - |
| CERT-Java:DRD04-J Do not log sensitive information | Rule | - |
| CERT-Java:DRD05-J Do not grant URI permissions on implicit intents | Rule | - |
| CERT-Java:DRD06 Do not act on malicious intents | Rule | - |
| CERT-Java:DRD07-X Protect exported services with strong permissions | Rule | - |
| CERT-Java:DRD08-J Always canonicalize a URL received by a content provider | Rule | - |
| CERT-Java:DRD09 Restrict access to sensitive activities | Rule | - |
| CERT-Java:DRD10-X Do not release apps that are debuggable | Rule | - |
| CERT-Java:DRD11 Ensure that sensitive data is kept secure | Rule | - |
| CERT-Java:DRD12 Do not trust data that is world writable | Rule | - |
| CERT-Java:DRD13 Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below) | Rule | |
| CERT-Java:DRD14-J Check that a calling app has appropriate permissions before responding | Rule | - |
| CERT-Java:DRD15-J Consider privacy concerns when using Geolocation API | Rule | - |
| CERT-Java:DRD16-X Explicitly define the exported attribute for private components | Rule | - |
| CERT-Java:DRD17-J Do not use the Android cryptographic security provider encryption default for AES | Rule | |
| CERT-Java:DRD18 Do not use the default behavior in a cryptographic library if it does not use recommended practices | Rule |
|
| CERT-Java:DRD19 Properly verify server certificate on SSL/TLS | Rule | - |
| CERT-Java:DRD20-C Specify permissions when creating files via the NDK | Rule | - |
| CERT-Java:DRD21-J Always pass explicit intents to a PendingIntent | Rule | - |
| CERT-Java:DRD22 Do not cache sensitive information | Rule | |
| CERT-Java:DRD23 Do not use world readable or writeable to share files between apps | Rule | - |
| CERT-Java:DRD23-J Do not use loopback when handling sensitive data | Rule | - |
| CERT-Java:DRD24 Do not bundle OAuth security-related protocol logic or sensitive data into a relying party's app | Rule | - |
| CERT-Java:DRD25 To request user permission for OAuth, identify relying party and its permissions scope | Rule | - |
| CERT-Java:DRD26-J For OAuth, use a secure Android method to deliver access tokens | Rule | - |
| CERT-Java:DRD27-J For OAuth, use an explicit intent method to deliver access tokens | Rule | - |
| CERT-Java:ENV00-J Do not sign code that performs only unprivileged operations | Rule | - |
| CERT-Java:ENV01-J Place all security-sensitive code in a single JAR and sign and seal it | Rule | |
| CERT-Java:ENV02-J Do not trust the values of environment variables | Rule | - |
| CERT-Java:ENV03-J Do not grant dangerous combinations of permissions | Rule | |
| CERT-Java:ENV04-J Do not disable bytecode verification | Rule | - |
| CERT-Java:ENV05-J Do not deploy an application that can be remotely monitored | Rule | - |
| CERT-Java:ENV06-J Production code must not contain debugging entry points | Rule | |
| CERT-Java:ERR00-J Do not suppress or ignore checked exceptions | Rule | |
| CERT-Java:ERR01-J Do not allow exceptions to expose sensitive information | Rule | - |
| CERT-Java:ERR02-J Prevent exceptions while logging data | Rule | |
| CERT-Java:ERR03-J Restore prior object state on method failure | Rule | - |
| CERT-Java:ERR04-J Do not complete abruptly from a finally block | Rule | - |
| CERT-Java:ERR05-J Do not let checked exceptions escape from a finally block | Rule | - |
| CERT-Java:ERR06-J Do not throw undeclared checked exceptions | Rule | - |
| CERT-Java:ERR07-J Do not throw RuntimeException, Exception, or Throwable | Rule | |
| CERT-Java:ERR08-J Do not catch NullPointerException or any of its ancestors | Rule | |
| CERT-Java:ERR09-J Do not allow untrusted code to terminate the JVM | Rule | |
| CERT-Java:ERR50-J Use exceptions only for exceptional conditions | Recommendation | - |
| CERT-Java:ERR51-J Prefer user-defined exceptions over more general exception types | Recommendation | - |
| CERT-Java:ERR52-J Avoid in-band error indicators | Recommendation | - |
| CERT-Java:ERR53-J Try to gracefully recover from system errors | Recommendation | - |
| CERT-Java:ERR54-J Use a try-with-resources statement to safely handle closeable resources | Recommendation | - |
| CERT-Java:EXP00-J Do not ignore values returned by methods | Rule | |
| CERT-Java:EXP01-J Do not use a null in a case where an object is required | Rule |
|
| CERT-Java:EXP02-J Do not use the Object.equals() method to compare two arrays | Rule | |
| CERT-Java:EXP03-J Do not use the equality operators when comparing values of boxed primitives | Rule | |
| CERT-Java:EXP04-J Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type | Rule | - |
| CERT-Java:EXP05-J Do not follow a write by a subsequent write or read of the same object within an expression | Rule | - |
| CERT-Java:EXP06-J Expressions used in assertions must not produce side effects | Rule | |
| CERT-Java:EXP07-J Prevent loss of useful data due to weak references | Rule | - |
| CERT-Java:EXP50-J Do not confuse abstract object equality with reference equality | Recommendation | - |
| CERT-Java:EXP51-J Do not perform assignments in conditional expressions | Recommendation | - |
| CERT-Java:EXP52-J Use braces for the body of an if, for, or while statement | Recommendation | - |
| CERT-Java:EXP53-J Use parentheses for precedence of operation | Recommendation | - |
| CERT-Java:EXP54-J Understand the differences between bitwise and logical operators | Recommendation | - |
| CERT-Java:EXP55-J Use the same type for the second and third operands in conditional expressions | Recommendation | - |
| CERT-Java:FIO00-J Do not operate on files in shared directories | Rule | - |
| CERT-Java:FIO01-J Create files with appropriate access permissions | Rule | |
| CERT-Java:FIO02-J Detect and handle file-related errors | Rule | |
| CERT-Java:FIO03-J Remove temporary files before termination | Rule | - |
| CERT-Java:FIO04-J Release resources when they are no longer needed | Rule | |
| CERT-Java:FIO05-J Do not expose buffers or their backing arrays methods to untrusted code | Rule | - |
| CERT-Java:FIO06-J Do not create multiple buffered wrappers on a single byte or character stream | Rule | - |
| CERT-Java:FIO07-J Do not let external processes block on IO buffers | Rule | - |
| CERT-Java:FIO08-J Distinguish between characters or bytes read from a stream and -1 | Rule | - |
| CERT-Java:FIO09-J Do not rely on the write() method to output integers outside the range 0 to 255 | Rule | - |
| CERT-Java:FIO10-J Ensure the array is filled when using read() to fill an array | Rule | - |
| CERT-Java:FIO11-J Do not convert between strings and bytes without specifying a valid character encoding | Rule | - |
| CERT-Java:FIO12-J Provide methods to read and write little-endian data | Rule | - |
| CERT-Java:FIO13-J Do not log sensitive information outside a trust boundary | Rule | - |
| CERT-Java:FIO14-J Perform proper cleanup at program termination | Rule | - |
| CERT-Java:FIO15-J Do not reset a servlet's output stream after committing it | Rule | - |
| CERT-Java:FIO16-J Canonicalize path names before validating them | Rule | - |
| CERT-Java:FIO50-J Do not make assumptions about file creation | Recommendation | - |
| CERT-Java:FIO51-J Identify files using multiple file attributes | Recommendation | - |
| CERT-Java:FIO52-J Do not store unencrypted sensitive information on the client side | Recommendation | - |
| CERT-Java:FIO53-J Use the serialization methods writeUnshared() and readUnshared() with care | Recommendation | - |
| CERT-Java:IDS00-J Prevent SQL injection | Rule | |
| CERT-Java:IDS01-J Normalize strings before validating them | Rule | - |
| CERT-Java:IDS02-J Canonicalize path names before validating them | Rule | - |
| CERT-Java:IDS03-J Do not log unsanitized user input | Rule | |
| CERT-Java:IDS04-J Safely extract files from ZipInputStream | Rule | - |
| CERT-Java:IDS05-J Use a safe subset of ASCII for file and path names | Rule | - |
| CERT-Java:IDS06-J Exclude unsanitized user input from format strings | Rule | - |
| CERT-Java:IDS07-J Sanitize untrusted data passed to the Runtime.exec() method | Rule | |
| CERT-Java:IDS08-J Sanitize untrusted data included in a regular expression | Rule | |
| CERT-Java:IDS09-J Specify an appropriate locale when comparing locale-dependent data | Rule | - |
| CERT-Java:IDS10-J Don't form strings containing partial characters | Rule | - |
| CERT-Java:IDS11-J Perform any string modifications before validation | Rule | - |
| CERT-Java:IDS13-J Use compatible character encodings on both sides of file or network IO | Rule | - |
| CERT-Java:IDS14-J Do not trust the contents of hidden form fields | Rule |
|
| CERT-Java:IDS15-J Do not allow sensitive information to leak outside a trust boundary | Rule | - |
| CERT-Java:IDS16-J Prevent XML Injection | Rule | - |
| CERT-Java:IDS17-J Prevent XML External Entity Attacks | Rule | - |
| CERT-Java:IDS50-J Use conservative file naming conventions | Recommendation | - |
| CERT-Java:IDS51-J Properly encode or escape output | Recommendation | - |
| CERT-Java:IDS52-J Prevent code injection | Recommendation | - |
| CERT-Java:IDS53-J Prevent XPath Injection | Recommendation | - |
| CERT-Java:IDS54-J Prevent LDAP injection | Recommendation | - |
| CERT-Java:IDS55-J Understand how escape characters are interpreted when strings are loaded | Recommendation | - |
| CERT-Java:IDS56-J Prevent arbitrary file upload | Recommendation | - |
| CERT-Java:JNI00-J Define wrappers around native methods | Rule | - |
| CERT-Java:JNI01-J Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary) | Rule | - |
| CERT-Java:JNI02-J Do not assume object references are constant or unique | Rule | - |
| CERT-Java:JNI03-J Do not use direct pointers to Java objects in JNI code | Rule | - |
| CERT-Java:JNI04-J Do not assume that Java strings are null-terminated | Rule | - |
| CERT-Java:LCK00-J Use private final lock objects to synchronize classes that may interact with untrusted code | Rule | |
| CERT-Java:LCK01-J Do not synchronize on objects that may be reused | Rule | - |
| CERT-Java:LCK02-J Do not synchronize on the class object returned by getClass() | Rule | - |
| CERT-Java:LCK03-J Do not synchronize on the intrinsic locks of high-level concurrency objects | Rule | - |
| CERT-Java:LCK04-J Do not synchronize on a collection view if the backing collection is accessible | Rule | - |
| CERT-Java:LCK05-J Synchronize access to static fields that can be modified by untrusted code | Rule | |
| CERT-Java:LCK06-J Do not use an instance lock to protect shared static data | Rule | - |
| CERT-Java:LCK07-J Avoid deadlock by requesting and releasing locks in the same order | Rule | - |
| CERT-Java:LCK08-J Ensure actively held locks are released on exceptional conditions | Rule | - |
| CERT-Java:LCK09-J Do not perform operations that can block while holding a lock | Rule | |
| CERT-Java:LCK10-J Use a correct form of the double-checked locking idiom | Rule | |
| CERT-Java:LCK11-J Avoid client-side locking when using classes that do not commit to their locking strategy | Rule | - |
| CERT-Java:MET00-J Validate method arguments | Rule | - |
| CERT-Java:MET01-J Never use assertions to validate method arguments | Rule | - |
| CERT-Java:MET02-J Do not use deprecated or obsolete classes or methods | Rule | - |
| CERT-Java:MET03-J Methods that perform a security check must be declared private or final | Rule | - |
| CERT-Java:MET04-J Do not increase the accessibility of overridden or hidden methods | Rule | - |
| CERT-Java:MET05-J Ensure that constructors do not call overridable methods | Rule | - |
| CERT-Java:MET06-J Do not invoke overridable methods in clone() | Rule | - |
| CERT-Java:MET07-J Never declare a class method that hides a method declared in a superclass or superinterface | Rule | - |
| CERT-Java:MET08-J Preserve the equality contract when overriding the equals() method | Rule | |
| CERT-Java:MET09-J Classes that define an equals() method must also define a hashCode() method | Rule | |
| CERT-Java:MET10-J Follow the general contract when implementing the compareTo() method | Rule | - |
| CERT-Java:MET11-J Ensure that keys used in comparison operations are immutable | Rule | - |
| CERT-Java:MET12-J Do not use finalizers | Rule | - |
| CERT-Java:MET13-J Do not assume that reassigning method arguments modifies the calling environment | Rule | - |
| CERT-Java:MET50-J Avoid ambiguous or confusing uses of overloading | Recommendation | - |
| CERT-Java:MET51-J Do not use overloaded methods to differentiate between runtime types | Recommendation | - |
| CERT-Java:MET52-J Do not use the clone() method to copy untrusted method parameters | Recommendation | - |
| CERT-Java:MET53-J Ensure that the clone() method calls super.clone() | Recommendation | |
| CERT-Java:MET54-J Always provide feedback about the resulting value of a method | Recommendation | - |
| CERT-Java:MET55-J Return an empty array or collection instead of a null value for methods that return an array or collection | Recommendation | - |
| CERT-Java:MET56-J Do not use Object.equals() to compare cryptographic keys | Recommendation | - |
| CERT-Java:MSC00-J Use SSLSocket rather than Socket for secure data exchange | Rule | - |
| CERT-Java:MSC01-J Do not use an empty infinite loop | Rule | - |
| CERT-Java:MSC02-J Generate strong random numbers | Rule | |
| CERT-Java:MSC03-J Never hard code sensitive information | Rule | |
| CERT-Java:MSC04-J Do not leak memory | Rule | - |
| CERT-Java:MSC05-J Do not exhaust heap space | Rule | |
| CERT-Java:MSC06-J Do not modify the underlying collection when an iteration is in progress | Rule | - |
| CERT-Java:MSC07-J Prevent multiple instantiations of singleton objects | Rule | - |
| CERT-Java:MSC08-J Do not store nonserializable objects as attributes in an HTTP session | Rule | - |
| CERT-Java:MSC09-J For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to]. | Rule | - |
| CERT-Java:MSC10-J Do not use OAuth 2.0 implicit grant (unmodified) for authentication | Rule | - |
| CERT-Java:MSC11-J Do not let session information leak within a servlet | Rule | - |
| CERT-Java:MSC50-J Minimize the scope of the @SuppressWarnings annotation | Recommendation | - |
| CERT-Java:MSC51-J Do not place a semicolon immediately following an if, for, or while condition | Recommendation | - |
| CERT-Java:MSC52-J Finish every set of statements associated with a case label with a break statement | Recommendation | - |
| CERT-Java:MSC53-J Carefully design interfaces before releasing them | Recommendation | - |
| CERT-Java:MSC54-J Avoid inadvertent wrapping of loop counters | Recommendation | - |
| CERT-Java:MSC55-J Use comments consistently and in a readable fashion | Recommendation | - |
| CERT-Java:MSC56-J Detect and remove superfluous code and values | Recommendation | - |
| CERT-Java:MSC57-J Strive for logical completeness | Recommendation | - |
| CERT-Java:MSC58-J Prefer using iterators over enumerations | Recommendation | - |
| CERT-Java:MSC59-J Limit the lifetime of sensitive data | Recommendation | - |
| CERT-Java:MSC60-J Do not use assertions to verify the absence of runtime errors | Recommendation | - |
| CERT-Java:MSC61-J Do not use insecure or weak cryptographic algorithms | Recommendation | - |
| CERT-Java:MSC62-J Store passwords using a hash function | Recommendation | - |
| CERT-Java:MSC63-J Ensure that SecureRandom is properly seeded | Recommendation | - |
| CERT-Java:NUM00-J Detect or prevent integer overflow | Rule | |
| CERT-Java:NUM01-J Do not perform bitwise and arithmetic operations on the same data | Rule | - |
| CERT-Java:NUM02-J Ensure that division and remainder operations do not result in divide-by-zero errors | Rule | - |
| CERT-Java:NUM03-J Use integer types that can fully represent the possible range of unsigned data | Rule | - |
| CERT-Java:NUM04-J Do not use floating-point numbers if precise computation is required | Rule | - |
| CERT-Java:NUM07-J Do not attempt comparisons with NaN | Rule | - |
| CERT-Java:NUM08-J Check floating-point inputs for exceptional values | Rule | - |
| CERT-Java:NUM09-J Do not use floating-point variables as loop counters | Rule | - |
| CERT-Java:NUM10-J Do not construct BigDecimal objects from floating-point literals | Rule | - |
| CERT-Java:NUM11-J Do not compare or inspect the string representation of floating-point values | Rule | - |
| CERT-Java:NUM12-J Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | Rule | |
| CERT-Java:NUM13-J Avoid loss of precision when converting primitive integers to floating-point | Rule | |
| CERT-Java:NUM14-J Use shift operators correctly | Rule | - |
| CERT-Java:NUM50-J Convert integers to floating point for floating-point operations | Recommendation | - |
| CERT-Java:NUM51-J Do not assume that the remainder operator always returns a nonnegative result for integral operands | Recommendation | - |
| CERT-Java:NUM52-J Be aware of numeric promotion behavior | Recommendation | - |
| CERT-Java:NUM53-J Use the strictfp modifier for floating-point calculation consistency across platforms | Recommendation | - |
| CERT-Java:NUM54-J Do not use denormalized numbers | Recommendation | - |
| CERT-Java:OBJ01-J Limit accessibility of fields | Rule | - |
| CERT-Java:OBJ02-J Preserve dependencies in subclasses when changing superclasses | Rule | - |
| CERT-Java:OBJ03-J Prevent heap pollution | Rule | - |
| CERT-Java:OBJ04-J Provide mutable classes with copy functionality to safely allow passing instances to untrusted code | Rule | - |
| CERT-Java:OBJ05-J Do not return references to private mutable class members | Rule | - |
| CERT-Java:OBJ06-J Defensively copy mutable inputs and mutable internal components | Rule | - |
| CERT-Java:OBJ07-J Sensitive classes must not let themselves be copied | Rule | |
| CERT-Java:OBJ08-J Do not expose private members of an outer class from within a nested class | Rule | |
| CERT-Java:OBJ09-J Compare classes and not class names | Rule | - |
| CERT-Java:OBJ10-J Do not use public static nonfinal fields | Rule | - |
| CERT-Java:OBJ11-J Be wary of letting constructors throw exceptions | Rule | - |
| CERT-Java:OBJ12-J Respect object-based annotations | Rule | - |
| CERT-Java:OBJ13-J Ensure that references to mutable objects are not exposed | Rule | - |
| CERT-Java:OBJ14-J Do not use an object that has been freed. | Rule | - |
| CERT-Java:OBJ50-J Never confuse the immutability of a reference with that of the referenced object | Recommendation | - |
| CERT-Java:OBJ51-J Minimize the accessibility of classes and their members | Recommendation | - |
| CERT-Java:OBJ52-J Write garbage-collection-friendly code | Recommendation | - |
| CERT-Java:OBJ53-J Do not use direct buffers for short-lived, infrequently used objects | Recommendation | - |
| CERT-Java:OBJ54-J Do not attempt to help the garbage collector by setting local reference variables to null | Recommendation | - |
| CERT-Java:OBJ55-J Remove short-lived objects from long-lived container objects | Recommendation | - |
| CERT-Java:OBJ56-J Provide sensitive mutable classes with unmodifiable wrappers | Recommendation | - |
| CERT-Java:OBJ57-J Do not rely on methods that can be overridden by untrusted code | Recommendation | - |
| CERT-Java:OBJ58-J Limit the extensibility of classes and methods with invariants | Recommendation | - |
| CERT-Java:SEC00-J Do not allow privileged blocks to leak sensitive information across a trust boundary | Rule | - |
| CERT-Java:SEC01-J Do not allow tainted variables in privileged blocks | Rule | |
| CERT-Java:SEC02-J Do not base security checks on untrusted sources | Rule | - |
| CERT-Java:SEC03-J Do not load trusted classes after allowing untrusted code to load arbitrary classes | Rule | - |
| CERT-Java:SEC04-J Protect sensitive operations with security manager checks | Rule | - |
| CERT-Java:SEC05-J Do not use reflection to increase accessibility of classes, methods, or fields | Rule | |
| CERT-Java:SEC06-J Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar | Rule | |
| CERT-Java:SEC07-J Call the superclass's getPermissions() method when writing a custom class loader | Rule | - |
| CERT-Java:SEC08-J Trusted code must discard or clean any arguments provided by untrusted code | Rule | - |
| CERT-Java:SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code | Rule | - |
| CERT-Java:SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs | Rule | - |
| CERT-Java:SEC50-J Avoid granting excess privileges | Recommendation | - |
| CERT-Java:SEC51-J Minimize privileged code | Recommendation | - |
| CERT-Java:SEC52-J Do not expose methods that use reduced-security checks to untrusted code | Recommendation | - |
| CERT-Java:SEC53-J Define custom security permissions for fine-grained security | Recommendation | - |
| CERT-Java:SEC54-J Create a secure sandbox using a security manager | Recommendation | - |
| CERT-Java:SEC55-J Ensure that security-sensitive methods are called with validated arguments | Recommendation | - |
| CERT-Java:SEC56-J Do not serialize direct handles to system resources | Recommendation | - |
| CERT-Java:SEC57-J Do not let untrusted code misuse privileges of callback methods | Recommendation | - |
| CERT-Java:SEC58-J Deserialization methods should not perform potentially dangerous operations | Recommendation | - |
| CERT-Java:SER00-J Enable serialization compatibility during class evolution | Rule | |
| CERT-Java:SER01-J Do not deviate from the proper signatures of serialization methods | Rule | |
| CERT-Java:SER02-J Sign then seal objects before sending them outside a trust boundary | Rule | |
| CERT-Java:SER03-J Do not serialize unencrypted sensitive data | Rule | |
| CERT-Java:SER04-J Do not allow serialization and deserialization to bypass the security manager | Rule | - |
| CERT-Java:SER05-J Do not serialize instances of inner classes | Rule | - |
| CERT-Java:SER06-J Make defensive copies of private mutable components during deserialization | Rule | |
| CERT-Java:SER07-J Do not use the default serialized form for classes with implementation-defined invariants | Rule | |
| CERT-Java:SER08-J Minimize privileges before deserializing from a privileged context | Rule | - |
| CERT-Java:SER09-J Do not invoke overridable methods from the readObject() method | Rule | - |
| CERT-Java:SER10-J Avoid memory and resource leaks during serialization | Rule | |
| CERT-Java:SER11-J Prevent overwriting of externalizable objects | Rule | - |
| CERT-Java:SER12-J Prevent deserialization of untrusted data | Rule | |
| CERT-Java:SER13-J Deserialization methods should not perform potentially dangerous operations | Rule | - |
| CERT-Java:STR00-J Don't form strings containing partial characters from variable-width encodings | Rule | - |
| CERT-Java:STR01-J Do not assume that a Java char fully represents a Unicode code point | Rule | - |
| CERT-Java:STR02-J Specify an appropriate locale when comparing locale-dependent data | Rule | - |
| CERT-Java:STR03-J Do not encode noncharacter data as a string | Rule | - |
| CERT-Java:STR04-J Use compatible character encodings when communicating string data between JVMs | Rule | - |
| CERT-Java:STR50-J Use the appropriate method for counting characters in a string | Recommendation | - |
| CERT-Java:STR51-J Use the charset encoder and decoder classes when more control over the encoding process is required | Recommendation | - |
| CERT-Java:THI00-J Do not invoke Thread.run() | Rule | |
| CERT-Java:THI01-J Do not invoke ThreadGroup methods | Rule | - |
| CERT-Java:THI02-J Notify all waiting threads rather than a single thread | Rule | - |
| CERT-Java:THI03-J Always invoke wait() and await() methods inside a loop | Rule | - |
| CERT-Java:THI04-J Ensure that threads performing blocking operations can be terminated | Rule | - |
| CERT-Java:THI05-J Do not use Thread.stop() to terminate threads | Rule | - |
| CERT-Java:TPS00-J Use thread pools to enable graceful degradation of service during traffic bursts | Rule | - |
| CERT-Java:TPS01-J Do not execute interdependent tasks in a bounded thread pool | Rule | - |
| CERT-Java:TPS02-J Ensure that tasks submitted to a thread pool are interruptible | Rule | - |
| CERT-Java:TPS03-J Ensure that tasks executing in a thread pool do not fail silently | Rule | - |
| CERT-Java:TPS04-J Ensure ThreadLocal variables are reinitialized when using thread pools | Rule | - |
| CERT-Java:TSM00-J Do not override thread-safe methods with methods that are not thread-safe | Rule | - |
| CERT-Java:TSM01-J Do not let the this reference escape during object construction | Rule | - |
| CERT-Java:TSM02-J Do not use background threads during class initialization | Rule | - |
| CERT-Java:TSM03-J Do not publish partially initialized objects | Rule | - |
| CERT-Java:VNA00-J Ensure visibility when accessing shared primitive variables | Rule | |
| CERT-Java:VNA01-J Ensure visibility of shared references to immutable objects | Rule | - |
| CERT-Java:VNA02-J Ensure that compound operations on shared variables are atomic | Rule | - |
| CERT-Java:VNA03-J Do not assume that a group of calls to independently atomic methods is atomic | Rule | |
| CERT-Java:VNA04-J Ensure that calls to chained methods are atomic | Rule | - |
| CERT-Java:VNA05-J Ensure atomicity when reading and writing 64-bit values | Rule | - |
CodeSonar ships with several taxonomy presets for CERT-related checks.
| cert |
Enables warning classes such that a given class C is
enabled if all of the following are true.
|
| certc | As for cert, but with mappings to the SEI CERT C Coding Standard only. |
| certcpp | As for cert, but with mappings to the SEI CERT C++ Coding Standard only. |
| certjava | As for cert, but with mappings to the SEI CERT Oracle Coding Standard for Java only. |
You can apply the cert preset to the CodeSonar build/analysis as shown in the following table.
| Command Line |
Specify -preset cert as part of your
build/analysis command. For example:
codesonar analyze MyProj -preset cert localhost:7340 make
|
|---|---|
| Define as a default preset | Copy cert.conf from $CSONAR/codesonar/presets/ to $CSONAR/codesonar/default_presets/. OR Use the CodeSonar Configuration Tool Modify Analysis Settings option. |
| Windows Build Wizard | Select cert from the Preset list on screen 2. |
| Eclipse Plug-In | Select cert from the Presets list in the Properties dialog. |
| Visual Studio Plug-In | Select cert from the Presets list in the Project Properties dialog. |
Use the same techniques to apply the certc, certcpp, or certjava preset.
To enable an individual warning class, follow the instructions in the warning class documentation page (linked in the tables above). The requirements will depend on the class: some classes only require a WARNING_FILTER allow rule, but others require additional settings in order to work correctly.
To report problems with this documentation, please visit https://support.codesecure.com/.