# This file was generated from template 'codesonar/presets/cert.conf.in' # # enables warning classes related to any of the following standards # - SEI CERT C Coding Standard # - SEI CERT C++ Coding Standard # - SEI CERT Oracle Coding Standard for Java # need to enable time tainting DISABLED_TAINT_KINDS = # Needed for CERT-C:DCL38-C TYPE_OVERRUN_ON_LAST_ARRAY_FIELD = Yes # # This part of this file was generated from 'cso_wcmanifest.py' # # At least one of the classes enabled by this preset requires unnormalized C ASTs RETAIN_UNNORMALIZED_C_AST = Yes # At least one of the classes enabled by this preset is incompatible with incremental analysis. INCREMENTAL_BUILD = No # CERT-C:PRE30-C: Do not create a universal character name through concatenation WARNING_FILTER += allow class="## Follows # Operator" # CERT-Java:NUM00-J: Detect or prevent integer overflow # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Abs on random (Java)" # CERT-Java:ENV03-J: Do not grant dangerous combinations of permissions # CERT-Java:FIO01-J: Create files with appropriate access permissions # CERT-Java:SEC01-J: Do not allow tainted variables in privileged blocks # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Accessing File in Permissive Mode (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Actual Parameter Element may be null (Java)" # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow # CERT-C:MEM35-C: Allocate sufficient memory for an object WARNING_FILTER += allow class="Addition Overflow of Allocation Size" # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow WARNING_FILTER += allow class="Addition Overflow of Size" # CERT-Java:SER02-J: Sign then seal objects before sending them outside a trust boundary WARNING_FILTER += allow class="Android Message Injection (Java)" # CERT-CPP:DCL59-CPP: Do not define an unnamed namespace in a header file WARNING_FILTER += allow class="Anonymous Namespace in Header File" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Approximate e Constant (Java)" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Approximate pi Constant (Java)" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Arctangent Domain Error" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Argument Too High" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Argument Too Low" # CERT-C:EXP37-C: Call functions with the correct number and type of arguments WARNING_FILTER += allow class="Array Parameter Mismatch" # CERT-C:ARR00-C: Understand how arrays work # CERT-C:EXP35-C: Do not modify objects with temporary lifetime WARNING_FILTER += allow class="Array to Pointer Conversion on Temporary Object" # CERT-Java:DCL00-J: Prevent class initialization cycles # CERT-Java:EXP06-J: Expressions used in assertions must not produce side effects # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Assertion Contains Side Effects (Java)" # "Assignment Result in Expression" is not enabled by this preset. # - All of its relevant categories are more closely related to other classes that are enabled by the preset. # - CERT-C:EXP45-C is better matched by "Assignment in Conditional" # CERT-C:EXP45-C: Do not perform assignments in selection statements WARNING_FILTER += allow class="Assignment in Conditional" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Asymmetric compareTo (Java)" # CERT-C:MSC09-C: Character encoding: Use subset of ASCII for safety WARNING_FILTER += allow class="Bad Token" # CERT-C:INT01-C: Use rsize_t or size_t for all integer values representing the size of an object WARNING_FILTER += allow class="Basic Numerical Type Used" # CERT-C:INT12-C: Do not make assumptions about the type of a plain int bit-field when used in an expression WARNING_FILTER += allow class="Bit-field Signedness Not Explicit" # CERT-C:CON05-C: Do not perform operations that can block while holding a lock # CERT-C:POS52-C: Do not perform operations that can block while holding a POSIX lock # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Blocking in Critical Section" # CERT-Java:LCK09-J: Do not perform operations that can block while holding a lock # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Blocking in Critical Section (Java)" # CERT-C:MSC20-C: Do not use a switch statement to transfer control into a complex block # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Branch Into Handler" # CERT-C:MSC20-C: Do not use a switch statement to transfer control into a complex block # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Branch Into try Block" # CERT-Java:ERR07-J: Do not throw RuntimeException, Exception, or Throwable # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Broad Throws Clause (Java)" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR38-C: Guarantee that library functions do not form invalid pointers # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:ENV01-C: Do not make assumptions about the size of an environment variable # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-C:POS30-C: Use the readlink() function properly # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-C:STR38-C: Do not confuse narrow and wide character strings and functions # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow # CERT-CPP:CTR53-CPP: Use valid iterator ranges # CERT-CPP:MEM54-CPP: Provide placement new with properly aligned pointers to sufficient storage capacity # CERT-CPP:STR50-CPP: Guarantee that storage for strings has sufficient space for character data and the null terminator # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Buffer Overrun" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR38-C: Guarantee that library functions do not form invalid pointers # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:FIO37-C: Do not assume that fgets() or fgetws() returns a nonempty string when successful # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Buffer Underrun" # CERT-Java:EXP00-J: Do not ignore values returned by methods # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Call Might Return Null (Java)" # CERT-C:API07-C: Enforce type safety # CERT-C:INT02-C: Understand integer conversion rules # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data # CERT-CPP:INT50-CPP: Do not cast to an out-of-range enumeration value # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast Alters Value" # CERT-C:DCL00-C: Const-qualify immutable objects # CERT-C:EXP05-C: Do not cast away a const qualification WARNING_FILTER += allow class="Cast Removes const Qualifier" # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data WARNING_FILTER += allow class="Cast: Arithmetic Type/Void Pointer" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # CERT-Java:NUM13-J: Avoid loss of precision when converting primitive integers to floating-point # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast: Integer to Floating Point (Java)" # CERT-C:EXP36-C: Do not cast pointers into more strictly aligned pointer types WARNING_FILTER += allow class="Cast: Object Pointers" # CERT-C:EXP36-C: Do not cast pointers into more strictly aligned pointer types WARNING_FILTER += allow class="Cast: Virtual Base to Derived" # CERT-Java:NUM00-J: Detect or prevent integer overflow # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cast: int Computation to long (Java)" # CERT-Java:ENV06-J: Production code must not contain debugging entry points # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Class Enables Debug Features (Java)" # CERT-Java:MET53-J: Ensure that the clone() method calls super.clone() # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Clone Call to Super is Missing (Java)" # CERT-Java:FIO04-J: Release resources when they are no longer needed # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Closeable Not Closed (Java)" # CERT-Java:FIO04-J: Release resources when they are no longer needed # CERT-Java:MSC05-J: Do not exhaust heap space # CERT-Java:SER10-J: Avoid memory and resource leaks during serialization # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Closeable Not Stored (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Code Injection (Java)" # CERT-C:API07-C: Enforce type safety # CERT-C:FIO34-C: Distinguish between characters read from a file and EOF or WEOF # CERT-C:INT02-C: Understand integer conversion rules # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data # CERT-CPP:INT50-CPP: Do not cast to an out-of-range enumeration value # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Coercion Alters Value" # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data # CERT-C:INT36-C: Converting a pointer to integer or integer to pointer WARNING_FILTER += allow class="Coercion: Integer Constant to Pointer" # CERT-C:ENV33-C: Do not call system() # CERT-C:STR02-C: Sanitize data passed to complex subsystems # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection" # CERT-Java:IDS07-J: Sanitize untrusted data passed to the Runtime.exec() method # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Command Injection (Java)" # CERT-C:ARR36-C: Do not subtract or compare two pointers that do not refer to the same array # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-CPP:CTR54-CPP: Do not subtract iterators that do not refer to the same container # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Comparison of Unrelated Pointers" # CERT-Java:EXP03-J: Do not use the equality operators when comparing values of boxed primitives # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Comparison to Empty String (Java)" # "Condition Contains Side Effects" is not enabled by this preset. # - All of its relevant categories are more closely related to other classes that are enabled by the preset. # - CERT-C:EXP45-C is better matched by "Assignment in Conditional" # CERT-C:CON35-C: Avoid deadlock by locking in a predefined order # CERT-C:POS51-C: Avoid deadlock with POSIX threads by locking in predefined order # CERT-CPP:CON53-CPP: Avoid deadlock by locking in a predefined order WARNING_FILTER += allow class="Conflicting Lock Order" # CERT-C:DCL16-C: Use "L," not "l," to indicate a long value WARNING_FILTER += allow class="Confusing Literal Suffix" # CERT-CPP:EXP57-CPP: Do not cast or delete pointers to incomplete classes WARNING_FILTER += allow class="Conversion: Pointer to Incomplete" # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data # CERT-C:INT36-C: Converting a pointer to integer or integer to pointer WARNING_FILTER += allow class="Conversion: Pointer/Integer" # CERT-CPP:OOP58-CPP: Copy operations must not mutate the source object WARNING_FILTER += allow class="Copy Operation Parameter Is Not const" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cross Site Scripting In Error Message Web Page (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Risky Default Cipher (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Cipher (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Cryptographic Algorithm with Weak Hash (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DLL Injection (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="DOS Injection (Java)" # CERT-C:CON07-C: Ensure that compound operations on shared variables are atomic # CERT-C:CON32-C: Prevent data races when accessing bit-fields from multiple threads # CERT-C:CON43-C: Do not allow data races in multithreaded code # CERT-C:POS49-C: When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed # CERT-C:SIG31-C: Do not access shared objects in signal handlers # CERT-CPP:CON52-CPP: Prevent data races when accessing bit-fields from multiple threads WARNING_FILTER += allow class="Data Race" # CERT-Java:ERR09-J: Do not allow untrusted code to terminate the JVM # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Call (Java)" # CERT-Java:ERR02-J: Prevent exceptions while logging data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Debug Warning (Java)" # CERT-C:MEM33-C: Allocate and copy structures containing a flexible array member dynamically WARNING_FILTER += allow class="Declaration of Flexible Array Member" # CERT-C:DCL37-C: Do not declare or define a reserved identifier # CERT-CPP:DCL51-CPP: Do not declare or define a reserved identifier WARNING_FILTER += allow class="Declaration of Reserved Name" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Declaration of Variable Length Array" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Declared but Not Referenced" # CERT-C:MSC32-C: Properly seed pseudorandom number generators # CERT-CPP:MSC51-CPP: Ensure your random number generator is properly seeded WARNING_FILTER += allow class="Default Initialization of Random Number Generator" # CERT-C:MSC32-C: Properly seed pseudorandom number generators # CERT-CPP:MSC51-CPP: Ensure your random number generator is properly seeded WARNING_FILTER += allow class="Default Seed in PRNG" # CERT-Java:MET09-J: Classes that define an equals() method must also define a hashCode() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Defines equals but not hashCode (Java)" # CERT-Java:MET09-J: Classes that define an equals() method must also define a hashCode() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Defines hashCode but not equals (Java)" # CERT-Java:DRD17-J: Do not use the Android cryptographic security provider encryption default for AES # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Cryptography Provider (Java)" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Deprecated Entity" # CERT-C:EXP36-C: Do not cast pointers into more strictly aligned pointer types WARNING_FILTER += allow class="Derived Class From Virtual Base" # CERT-C:INT33-C: Ensure that division and remainder operations do not result in divide-by-zero errors # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Division By Zero" # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Double Close" # CERT-C:MEM00-C: Allocate and free memory in the same module, at the same level of abstraction # CERT-C:MEM01-C: Store a new value in pointers immediately after free() # CERT-CPP:MEM51-CPP: Properly deallocate dynamically allocated resources # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Double Free" # CERT-C:POS48-C: Do not unlock or destroy another POSIX thread's mutex # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Double Unlock" # CERT-Java:LCK10-J: Use a correct form of the double-checked locking idiom # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Double-Checked Locking (Java)" # CERT-C:DCL11-C: Understand the type issues associated with variadic functions # CERT-CPP:DCL50-CPP: Do not define a C-style variadic function WARNING_FILTER += allow class="Ellipsis" # CERT-C:EXP15-C: Do not place a semicolon on the same line as an if, for, or while statement # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty Branch Statement" # CERT-Java:ERR00-J: Do not suppress or ignore checked exceptions # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty Exception Handler (Java)" # CERT-C:EXP15-C: Do not place a semicolon on the same line as an if, for, or while statement # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty for Statement" # CERT-C:EXP15-C: Do not place a semicolon on the same line as an if, for, or while statement # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty if Statement" # CERT-C:EXP15-C: Do not place a semicolon on the same line as an if, for, or while statement # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty switch Statement" # CERT-C:EXP15-C: Do not place a semicolon on the same line as an if, for, or while statement # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Empty while Statement" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Explicit Zero Alignment" # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size WARNING_FILTER += allow class="Expression Value Widened by Assignment" # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size WARNING_FILTER += allow class="Expression Value Widened by Other Operand" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Field Element may be null (deep) (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Field may be null (deep) (Java)" # CERT-C:FIO24-C: Do not open a file that is already open # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="File Open for Both Read and Write" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO24-C: Do not open a file that is already open # CERT-C:FIO45-C: Avoid TOCTOU race conditions while accessing files # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="File System Race Condition" # CERT-C:INT33-C: Ensure that division and remainder operations do not result in divide-by-zero errors # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Float Division By Zero" # CERT-C:FLP00-C: Understand the limitations of floating-point numbers WARNING_FILTER += allow class="Float Multiplication Overflow" # CERT-C:FLP30-C: Do not use floating-point variables as loop counters WARNING_FILTER += allow class="Float-typed Loop Counter" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Floating Point Domain Error" # CERT-C:FLP00-C: Understand the limitations of floating-point numbers # CERT-C:FLP02-C: Avoid using floating-point numbers when precise computation is needed WARNING_FILTER += allow class="Floating Point Equality" # CERT-Java:NUM12-J: Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Floating Point Equality (Java)" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Floating Point Range Error" # CERT-C:FIO30-C: Exclude user input from format strings # CERT-C:FIO47-C: Use valid format strings # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String" # CERT-C:FIO30-C: Exclude user input from format strings # CERT-C:FIO47-C: Use valid format strings # CERT-C:STR02-C: Sanitize data passed to complex subsystems # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String Injection" # CERT-C:FIO47-C: Use valid format strings # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Format String Type Error" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Function Call Has No Effect" # CERT-CPP:DCL60-CPP: Obey the one-definition rule WARNING_FILTER += allow class="Function Defined in Header File" # CERT-C:PRE00-C: Prefer inline or static functions to function-like macros # CERT-C:PRE31-C: Avoid side effects in arguments to unsafe macros WARNING_FILTER += allow class="Function-Like Macro" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # CERT-C:MSC23-C: Beware of vendor-specific library and language differences # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Gamma on Zero" # CERT-Java:ERR08-J: Do not catch NullPointerException or any of its ancestors # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Generic Exception Handler (Java)" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Global Variable Declared with Different Types" # CERT-C:API07-C: Enforce type safety # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="GlobalHandle on GMEM_FIXED Memory" # CERT-C:API07-C: Enforce type safety # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="GlobalLock on GMEM_FIXED Memory" # CERT-C:API07-C: Enforce type safety # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="GlobalUnlock on GMEM_FIXED Memory" # CERT-C:MSC18-C: Be careful while handling sensitive data, such as passwords, in program code # CERT-C:MSC41-C: Never hard code sensitive information # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Authentication" # CERT-C:MSC18-C: Be careful while handling sensitive data, such as passwords, in program code # CERT-C:MSC41-C: Never hard code sensitive information # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Crypto Key" # CERT-C:MSC18-C: Be careful while handling sensitive data, such as passwords, in program code # CERT-C:MSC41-C: Never hard code sensitive information # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Crypto Salt" # CERT-C:MSC41-C: Never hard code sensitive information WARNING_FILTER += allow class="Hardcoded DNS Name" # CERT-Java:MSC03-J: Never hard code sensitive information # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Password (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Random Seed (Java)" # CERT-C:MSC32-C: Properly seed pseudorandom number generators # CERT-C:MSC41-C: Never hard code sensitive information # CERT-CPP:MSC51-CPP: Ensure your random number generator is properly seeded # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Hardcoded Seed in PRNG" # CERT-C:MSC21-C: Use robust loop termination conditions WARNING_FILTER += allow class="High Risk Loop" # CERT-C:ERR33-C: Detect and handle standard library errors # CERT-C:EXP12-C: Do not ignore values returned by functions # CERT-C:POS54-C: Detect and handle POSIX library errors # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Ignored Return Value" # CERT-Java:EXP00-J: Do not ignore values returned by methods # CERT-Java:FIO02-J: Detect and handle file-related errors # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Ignored Return Value (Java)" # CERT-C:STR10-C: Do not concatenate different type of string literals WARNING_FILTER += allow class="Implicit Encoding in String Concatenation" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Implicit Function Declaration" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Implicit int on main" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Impossible Client Side Locking (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices WARNING_FILTER += allow class="Inadequate Salt (Java)" # CERT-C:FLP34-C: Ensure that floating-point conversions are within range of the new type # CERT-C:FLP36-C: Preserve precision when converting integral values to floating-point type # CERT-C:STR04-C: Use plain char for characters in the basic character set WARNING_FILTER += allow class="Inappropriate Assignment Type" # CERT-C:CON33-C: Avoid race conditions when using library functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inappropriate C Atomic Initialization" # CERT-C:CON36-C: Wrap functions that can spuriously wake up in a loop # CERT-C:CON41-C: Wrap functions that can fail spuriously in a loop # CERT-CPP:CON54-CPP: Wrap functions that can spuriously wake up in a loop # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inappropriate Call Outside Loop" # CERT-C:STR04-C: Use plain char for characters in the basic character set WARNING_FILTER += allow class="Inappropriate Character Arithmetic" # CERT-CPP:CTR57-CPP: Provide a valid ordering predicate WARNING_FILTER += allow class="Inappropriate Compare Object" # CERT-Java:ERR08-J: Do not catch NullPointerException or any of its ancestors # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inappropriate Exception Handler (Java)" # CERT-C:FLP34-C: Ensure that floating-point conversions are within range of the new type # CERT-C:FLP36-C: Preserve precision when converting integral values to floating-point type # CERT-C:STR04-C: Use plain char for characters in the basic character set WARNING_FILTER += allow class="Inappropriate Numeric Assignment" # CERT-C:EXP46-C: Do not use a bitwise operator with a Boolean-like operand # CERT-C:INT07-C: Use only explicitly signed or unsigned char type for numeric values # CERT-C:INT13-C: Use bitwise operators only on unsigned operands # CERT-C:STR04-C: Use plain char for characters in the basic character set WARNING_FILTER += allow class="Inappropriate Operand Type" # CERT-C:CON34-C: Declare objects shared between threads with appropriate storage durations WARNING_FILTER += allow class="Inappropriate Storage Duration" # CERT-C:CON02-C: Do not use volatile as a synchronization primitive WARNING_FILTER += allow class="Inappropriate Volatile Declaration" # CERT-CPP:MEM55-CPP: Honor replacement dynamic storage management requirements WARNING_FILTER += allow class="Inappropriate throw in noexcept Function" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # CERT-C:DCL20-C: Explicitly specify void when a function accepts no arguments # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Incomplete Function Prototype" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Inconsistent Alignment Specifications" # CERT-C:INT09-C: Ensure enumeration constants map to unique values WARNING_FILTER += allow class="Inconsistent Enumerator Initialization" # CERT-C:DCL40-C: Do not create incompatible declarations of the same function or object WARNING_FILTER += allow class="Inconsistent Function Declarations" # CERT-C:DCL40-C: Do not create incompatible declarations of the same function or object WARNING_FILTER += allow class="Inconsistent Object Declarations" # CERT-C:POS36-C: Observe correct revocation order while relinquishing privileges # CERT-C:POS37-C: Ensure that privilege relinquishment is successful WARNING_FILTER += allow class="Incorrect Privilege Assignment" # CERT-C:EXP10-C: Do not depend on the order of evaluation of subexpressions or the order in which side effects take place WARNING_FILTER += allow class="Indeterminate Order of Evaluation" # CERT-Java:MSC05-J: Do not exhaust heap space # CERT-Java:SER10-J: Avoid memory and resource leaks during serialization # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inefficient Instantiation (Java)" # CERT-CPP:DCL56-CPP: Avoid cycles during initialization of static objects WARNING_FILTER += allow class="Initialization Cycle" # CERT-Java:OBJ08-J: Do not expose private members of an outer class from within a nested class # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Inner Class Should be Static (Java)" # CERT-C:FIO39-C: Do not alternately input and output from a stream without an intervening flush or positioning call # CERT-CPP:FIO50-CPP: Do not alternately input and output from a file stream without an intervening positioning call # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Input After Output Without Positioning" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Key Derivation (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Insecure Random Number Generator (Java)" # CERT-C:ARR32-C: Ensure size arguments for variable length arrays are in a valid range # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow # CERT-C:MEM35-C: Allocate sufficient memory for an object # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Integer Overflow of Allocation Size" # CERT-Java:ENV01-J: Place all security-sensitive code in a single JAR and sign and seal it # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LDAP Authentication Disabled (Java)" # CERT-C:STR02-C: Sanitize data passed to complex subsystems # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LDAP Injection" # CERT-C:CON30-C: Clean up thread-specific storage # CERT-C:FIO42-C: Close files when they are no longer needed # CERT-C:MEM00-C: Allocate and free memory in the same module, at the same level of abstraction # CERT-C:MEM11-C: Do not assume infinite heap space # CERT-C:MEM31-C: Free dynamically allocated memory when no longer needed # CERT-CPP:ERR57-CPP: Do not leak resources when handling exceptions # CERT-CPP:FIO51-CPP: Close files when they are no longer needed # CERT-CPP:MEM51-CPP: Properly deallocate dynamically allocated resources # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Leak" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Legacy Random Generator (Java)" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Library Function Override" # CERT-C:STR02-C: Sanitize data passed to complex subsystems # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Library Injection" # CERT-C:CON31-C: Do not destroy a mutex while it is locked # CERT-C:CON34-C: Declare objects shared between threads with appropriate storage durations # CERT-CPP:CON50-CPP: Do not destroy a mutex while it is locked # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Local Variable Passed to Thread" # CERT-C:API07-C: Enforce type safety # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LocalHandle on LMEM_FIXED Memory" # CERT-C:API07-C: Enforce type safety # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LocalLock on LMEM_FIXED Memory" # CERT-C:API07-C: Enforce type safety # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="LocalUnlock on LMEM_FIXED Memory" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Logarithm on Negative Value" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Logarithm on Zero" # CERT-C:PRE05-C: Understand macro replacement when concatenating tokens or performing stringification WARNING_FILTER += allow class="Macro Argument is both Mixed and Expanded" # CERT-C:PRE02-C: Macro replacement lists should be parenthesized # CERT-C:PRE11-C: Do not conclude macro definitions with a semicolon WARNING_FILTER += allow class="Macro Does Not End With } or )" # CERT-C:PRE02-C: Macro replacement lists should be parenthesized WARNING_FILTER += allow class="Macro Does Not Start With { or (" # CERT-CPP:DCL51-CPP: Do not declare or define a reserved identifier WARNING_FILTER += allow class="Macro Name is C Keyword" # CERT-C:PRE05-C: Understand macro replacement when concatenating tokens or performing stringification WARNING_FILTER += allow class="Macro Uses # Operator" # CERT-C:PRE05-C: Understand macro replacement when concatenating tokens or performing stringification # CERT-C:PRE30-C: Do not create a universal character name through concatenation WARNING_FILTER += allow class="Macro Uses ## Operator" # CERT-C:DCL41-C: Do not declare variables inside a switch statement before the first case label WARNING_FILTER += allow class="Malformed switch Statement" # CERT-CPP:ERR51-CPP: Handle all exceptions # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Masked by Default Handler" # CERT-CPP:ERR51-CPP: Handle all exceptions # CERT-CPP:ERR54-CPP: Catch handlers should order their parameter types from most derived to least derived # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Masked by Handler" # CERT-Java:ENV06-J: Production code must not contain debugging entry points # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Method Enables Debug Features (Java)" # CERT-C:FLP06-C: Convert integers to floating point for floating-point operations # CERT-C:STR04-C: Use plain char for characters in the basic character set WARNING_FILTER += allow class="Mismatched Operand Types" # CERT-C:MSC20-C: Do not use a switch statement to transfer control into a complex block WARNING_FILTER += allow class="Misplaced case" # CERT-Java:MET53-J: Ensure that the clone() method calls super.clone() # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Call to super (Java)" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Declaration Specifiers" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Equals Override (Java)" # CERT-C:DCL36-C: Do not declare an identifier with conflicting linkage classifications WARNING_FILTER += allow class="Missing External Declaration" # CERT-C:CON01-C: Acquire and release synchronization primitives in the same module, at the same level of abstraction WARNING_FILTER += allow class="Missing Lock Acquisition" # CERT-C:CON01-C: Acquire and release synchronization primitives in the same module, at the same level of abstraction # CERT-CPP:CON51-CPP: Ensure actively held locks are released on exceptional conditions WARNING_FILTER += allow class="Missing Lock Release" # CERT-C:EXP00-C: Use parentheses for precedence of operation WARNING_FILTER += allow class="Missing Parentheses" # CERT-C:MSC37-C: Ensure that control never reaches the end of a non-void function # CERT-CPP:MSC52-CPP: Value-returning functions must return a value from all exit paths # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Return Statement" # CERT-Java:SER00-J: Enable serialization compatibility during class evolution # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Serial Version Field (Java)" # CERT-C:ERR33-C: Detect and handle standard library errors # CERT-C:POS54-C: Detect and handle POSIX library errors WARNING_FILTER += allow class="Missing Test of Error Code" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Missing Type Specifier" # CERT-C:MSC17-C: Finish every set of statements associated with a case label with a break statement WARNING_FILTER += allow class="Missing break" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables WARNING_FILTER += allow class="Missing synchronized Statement (Java)" # CERT-CPP:MEM55-CPP: Honor replacement dynamic storage management requirements WARNING_FILTER += allow class="Missing throw in operator new" # CERT-C:STR10-C: Do not concatenate different type of string literals # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Mixed Encodings in String Concatenation" # CERT-CPP:DCL58-CPP: Do not modify the standard namespaces WARNING_FILTER += allow class="Modification of Standard Namespaces" # CERT-C:CON32-C: Prevent data races when accessing bit-fields from multiple threads # CERT-C:CON40-C: Do not refer to an atomic variable twice in an expression # CERT-C:CON43-C: Do not allow data races in multithreaded code # CERT-C:POS49-C: When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed WARNING_FILTER += allow class="Multiple Accesses of Atomic" # CERT-C:DCL04-C: Do not declare more than one variable per declaration WARNING_FILTER += allow class="Multiple Declarations On Line" # CERT-C:ARR32-C: Ensure size arguments for variable length arrays are in a valid range # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow # CERT-C:MEM07-C: Ensure that the arguments to calloc(), when multiplied, do not wrap # CERT-C:MEM35-C: Allocate sufficient memory for an object WARNING_FILTER += allow class="Multiplication Overflow of Allocation Size" # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow WARNING_FILTER += allow class="Multiplication Overflow of Size" # CERT-C:INT05-C: Do not use input functions to convert character data if they cannot handle all possible inputs # CERT-C:STR00-C: Represent characters using an appropriate type # CERT-C:STR34-C: Cast characters to unsigned char before converting to larger integer sizes # CERT-C:STR37-C: Arguments to character-handling functions must be representable as an unsigned char # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Negative Character Value" # CERT-C:INT34-C: Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Negative Shift Amount" # CERT-CPP:DCL53-CPP: Do not write syntactically ambiguous declarations WARNING_FILTER += allow class="Nested Function Declaration" # CERT-C:STR03-C: Do not inadvertently truncate a string # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:STR50-CPP: Guarantee that storage for strings has sufficient space for character data and the null terminator # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="No Space For Null Terminator" # CERT-CPP:CTR58-CPP: Predicate function objects should not be mutable WARNING_FILTER += allow class="Non-const Predicate Function Object" # CERT-C:STR05-C: Use pointers to const when referring to string literals WARNING_FILTER += allow class="Non-const String Literal" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-distinct Identifiers: External Names" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-distinct Identifiers: Macro/Macro" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-distinct Identifiers: Macro/Other" # CERT-C:DCL01-C: Do not reuse variable names in subscopes # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-distinct Identifiers: Nested Scope" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-distinct Identifiers: Same Scope" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-unique Identifiers: External Name" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-unique Identifiers: Internal Name" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-unique Identifiers: Tag" # CERT-C:DCL23-C: Guarantee that mutually visible identifiers are unique WARNING_FILTER += allow class="Non-unique Identifiers: Typedef" # CERT-C:ERR33-C: Detect and handle standard library errors # CERT-C:POS54-C: Detect and handle POSIX library errors WARNING_FILTER += allow class="Non-zero Error Code" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Nonstandard Implicit Integer" # CERT-C:MSC00-C: Compile cleanly at high warning levels WARNING_FILTER += allow class="Not All Warnings Are Enabled" # CERT-C:MSC11-C: Incorporate diagnostic tests using assertions WARNING_FILTER += allow class="Not Enough Assertions" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Parameter Dereference (Java)" # CERT-C:EXP34-C: Do not dereference null pointers # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # CERT-CPP:STR51-CPP: Do not attempt to create a std::string from a null pointer # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Pointer Dereference (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Null Pointer Dereference (deep) (Java)" # CERT-C:EXP34-C: Do not dereference null pointers # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Null Test After Dereference" # CERT-CPP:DCL60-CPP: Obey the one-definition rule WARNING_FILTER += allow class="Object Defined in Header File" # CERT-CPP:OOP51-CPP: Do not slice derived objects # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Object Slicing" # CERT-C:DCL18-C: Do not begin integer constants with 0 when specifying a decimal value WARNING_FILTER += allow class="Octal Constant" # CERT-CPP:OOP53-CPP: Write constructor member initializers in the canonical order # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Out of Order Member Initializers" # CERT-C:FIO39-C: Do not alternately input and output from a stream without an intervening flush or positioning call # CERT-CPP:FIO50-CPP: Do not alternately input and output from a file stream without an intervening positioning call # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Output After Input Without Positioning" # CERT-C:DCL39-C: Avoid information leakage when passing a structure across a trust boundary # CERT-CPP:DCL55-CPP: Avoid information leakage when passing a class object across a trust boundary # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Padding Passed Across a Trust Boundary" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Parameter Identifier List Needs Function Definition" # CERT-Java:ENV03-J: Do not grant dangerous combinations of permissions # CERT-Java:FIO01-J: Create files with appropriate access permissions # CERT-Java:SEC01-J: Do not allow tainted variables in privileged blocks # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Permissive File Mode (Java)" # CERT-C:MSC18-C: Be careful while handling sensitive data, such as passwords, in program code # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Plaintext Storage of Password" # CERT-C:MSC18-C: Be careful while handling sensitive data, such as passwords, in program code # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Plaintext Transmission of Password" # CERT-C:DCL13-C: Declare function parameters that are pointers to values not changed by the function as const WARNING_FILTER += allow class="Pointed-to Type Could Be const" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range # CERT-CPP:CTR56-CPP: Do not use pointer arithmetic on polymorphic objects WARNING_FILTER += allow class="Pointer Arithmetic" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range WARNING_FILTER += allow class="Pointer Before Beginning of Object" # CERT-C:INT36-C: Converting a pointer to integer or integer to pointer # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Pointer Conversion Loses Bits" # CERT-C:INT36-C: Converting a pointer to integer or integer to pointer WARNING_FILTER += allow class="Pointer Conversion to Same Size Integer" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range WARNING_FILTER += allow class="Pointer Past End of Object" # CERT-C:DCL05-C: Use typedefs of non-pointer types only WARNING_FILTER += allow class="Pointer Type Inside Typedef" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Pointer to Variably-modified Array Type" # CERT-C:API07-C: Enforce type safety # CERT-C:WIN30-C: Properly pair allocation and deallocation functions # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Pool Mismatch" # CERT-C:MSC21-C: Use robust loop termination conditions WARNING_FILTER += allow class="Potential Unbounded Loop" # CERT-C:MSC32-C: Properly seed pseudorandom number generators # CERT-CPP:MSC51-CPP: Ensure your random number generator is properly seeded # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Predictable Seed in PRNG" # CERT-C:PRE32-C: Do not use preprocessor directives in invocations of function-like macros WARNING_FILTER += allow class="Preprocessing Directives in Macro Argument" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Raises FE_INVALID" # CERT-C:ERR30-C: Take care when reading errno # CERT-C:MSC07-C: Detect and remove dead code # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Redundant Condition" # CERT-Java:SEC05-J: Do not use reflection to increase accessibility of classes, methods, or fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Bypasses Member Accessibility (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Injection (Java)" # CERT-Java:SEC05-J: Do not use reflection to increase accessibility of classes, methods, or fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Reflection Modifies Member Accessibility (Java)" # CERT-C:EXP43-C: Avoid undefined behavior when using restrict-qualified pointers WARNING_FILTER += allow class="Restrict Qualifier Used" # CERT-C:DCL30-C: Declare objects with appropriate storage durations # CERT-CPP:EXP53-CPP: Do not read uninitialized memory # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return Pointer to Local" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Return Value may Contain null Element (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Return Value may be null (Java)" # CERT-C:SIG35-C: Do not return from a computational exception signal handler WARNING_FILTER += allow class="Return from Computational Exception Signal Handler" # CERT-CPP:MSC53-CPP: Do not return from a function declared [[noreturn]] # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return from noreturn" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Array (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Boolean (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Return null Optional (Java)" # CERT-C:DCL00-C: Const-qualify immutable objects # CERT-C:ENV30-C: Do not modify the object referenced by the return value of certain functions WARNING_FILTER += allow class="Returned Pointer Not Treated as const" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Algorithm (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cipher Field (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Algorithm (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky Cryptographic Field (Java)" # CERT-C:EXP14-C: Beware of integer promotion when performing bitwise operations on integer types smaller than int WARNING_FILTER += allow class="Risky Integer Promotion" # CERT-Java:DRD13: Do not provide addJavascriptInterface method access in a WebView which could contain untrusted content. (API level JELLY_BEAN or below) # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Risky JavaScript Interface (Java)" # CERT-C:STR02-C: Sanitize data passed to complex subsystems # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection" # CERT-Java:IDS00-J: Prevent SQL injection # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="SQL Injection (Java)" # CERT-C:DCL15-C: Declare file-scope objects or functions that do not need external linkage as static # CERT-C:DCL19-C: Minimize the scope of variables and functions WARNING_FILTER += allow class="Scope Could Be File Static" # CERT-C:DCL19-C: Minimize the scope of variables and functions WARNING_FILTER += allow class="Scope Could Be Local Static" # CERT-Java:DRD22: Do not cache sensitive information WARNING_FILTER += allow class="Sensitive Data Cached (Java)" # CERT-Java:DRD00: Do not store sensitive information on external storage (SD card) unless encrypted first # CERT-Java:DRD22: Do not cache sensitive information # CERT-Java:MSC03-J: Never hard code sensitive information WARNING_FILTER += allow class="Sensitive Data Written to External Storage (Java)" # CERT-Java:DRD22: Do not cache sensitive information WARNING_FILTER += allow class="Sensitive Data Written to Local File (Java)" # CERT-Java:SER01-J: Do not deviate from the proper signatures of serialization methods # CERT-Java:SER03-J: Do not serialize unencrypted sensitive data # CERT-Java:SER06-J: Make defensive copies of private mutable components during deserialization # CERT-Java:SER07-J: Do not use the default serialized form for classes with implementation-defined invariants # CERT-Java:SER12-J: Prevent deserialization of untrusted data WARNING_FILTER += allow class="Serialization Not Disabled (Java)" # CERT-C:INT34-C: Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand # CERT-C:INT35-C: Use correct integer precisions # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Shift Amount Exceeds Bit Width" # CERT-Java:EXP02-J: Do not use the Object.equals() method to compare two arrays # CERT-Java:EXP03-J: Do not use the equality operators when comparing values of boxed primitives # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Should Use equals() Instead of == (Java)" # CERT-C:EXP44-C: Do not rely on side effects in operands to sizeof, _Alignof, or _Generic WARNING_FILTER += allow class="Side Effects in C Generic Selection" # CERT-C:EXP30-C: Do not depend on the order of evaluation for side effects # CERT-C:PRE31-C: Avoid side effects in arguments to unsafe macros # CERT-CPP:EXP50-CPP: Do not depend on the order of evaluation for side effects WARNING_FILTER += allow class="Side Effects in Expression with Decrement" # CERT-C:EXP30-C: Do not depend on the order of evaluation for side effects # CERT-C:PRE31-C: Avoid side effects in arguments to unsafe macros # CERT-CPP:EXP50-CPP: Do not depend on the order of evaluation for side effects WARNING_FILTER += allow class="Side Effects in Expression with Increment" # CERT-C:EXP30-C: Do not depend on the order of evaluation for side effects WARNING_FILTER += allow class="Side Effects in Initializer List" # CERT-C:EXP44-C: Do not rely on side effects in operands to sizeof, _Alignof, or _Generic # CERT-CPP:EXP52-CPP: Do not rely on side effects in unevaluated operands WARNING_FILTER += allow class="Side Effects in sizeof" # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow # CERT-C:MEM35-C: Allocate sufficient memory for an object WARNING_FILTER += allow class="Subtraction Underflow of Allocation Size" # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow WARNING_FILTER += allow class="Subtraction Underflow of Size" # CERT-C:ARR36-C: Do not subtract or compare two pointers that do not refer to the same array # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-CPP:CTR54-CPP: Do not subtract iterators that do not refer to the same container # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Subtraction of Unrelated Pointers" # CERT-Java:LCK00-J: Use private final lock objects to synchronize classes that may interact with untrusted code # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Synchronization on Interned String (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Synchronization on static (Java)" # CERT-Java:THI00-J: Do not invoke Thread.run() # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Synchronous Call to Thread Body (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted @Trusted Value (Java)" # CERT-C:INT04-C: Enforce limits on integer values originating from tainted sources # CERT-C:MEM05-C: Avoid large stack allocations # CERT-C:MEM11-C: Do not assume infinite heap space # CERT-C:MEM35-C: Allocate sufficient memory for an object WARNING_FILTER += allow class="Tainted Allocation Size" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:INT04-C: Enforce limits on integer values originating from tainted sources # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-C:POS30-C: Use the readlink() function properly # CERT-C:STR38-C: Do not confuse narrow and wide character strings and functions # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Buffer Access" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Bundle (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Control (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Expression Evaluation (Java)" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO02-C: Canonicalize path names originating from tainted sources WARNING_FILTER += allow class="Tainted Filename" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted HTTP Response (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Hardware Device Property (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Attribute (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted LDAP Filter (Java)" # CERT-Java:IDS03-J: Do not log unsanitized user input # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Log (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # CERT-Java:SEC06-J: Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar # CERT-Java:SER02-J: Sign then seal objects before sending them outside a trust boundary # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Message (Java)" # CERT-C:INT04-C: Enforce limits on integer values originating from tainted sources WARNING_FILTER += allow class="Tainted Network Address" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Network Address (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Path (Java)" # CERT-Java:IDS08-J: Sanitize untrusted data included in a regular expression # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Regular Expression (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Resource (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Session (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted URL (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XAML (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted XML (Java)" # CERT-Java:IDS14-J: Do not trust the contents of hidden form fields # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Tainted Xpath (Java)" # CERT-C:CON39-C: Do not join or detach a thread that was previously joined or detached # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Thread is not Joinable" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Too Many Alignment Specifiers" # CERT-C:INT02-C: Understand integer conversion rules # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data # CERT-C:MEM35-C: Allocate sufficient memory for an object WARNING_FILTER += allow class="Truncation of Allocation Size" # CERT-C:INT02-C: Understand integer conversion rules # CERT-C:INT18-C: Evaluate integer expressions in a larger size before comparing or assigning to that size # CERT-C:INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data WARNING_FILTER += allow class="Truncation of Size" # CERT-CPP:CON56-CPP: Do not speculatively lock a non-recursive mutex that is already owned by the calling thread # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Try-lock that will never succeed" # CERT-C:API07-C: Enforce type safety # CERT-C:MEM34-C: Only free memory allocated dynamically # CERT-C:WIN30-C: Properly pair allocation and deallocation functions # CERT-CPP:EXP51-CPP: Do not delete an array through a pointer of the incorrect type # CERT-CPP:MEM51-CPP: Properly deallocate dynamically allocated resources # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Mismatch" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:ENV01-C: Do not make assumptions about the size of an environment variable # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range # CERT-CPP:STR50-CPP: Guarantee that storage for strings has sufficient space for character data and the null terminator # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Overrun" # CERT-C:ARR30-C: Do not form or use out-of-bounds pointers or array subscripts # CERT-C:ARR37-C: Do not add or subtract an integer to a pointer to a non-array object # CERT-C:ARR39-C: Do not add or subtract a scaled integer to a pointer # CERT-C:EXP08-C: Ensure pointer arithmetic is used correctly # CERT-C:MEM35-C: Allocate sufficient memory for an object # CERT-CPP:CTR50-CPP: Guarantee that container indices and iterators are within the valid range # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Type Underrun" # CERT-C:DCL02-C: Use visually distinct identifiers WARNING_FILTER += allow class="Typographically Ambiguous Identifiers" # CERT-C:API00-C: Functions should validate their parameters # CERT-C:EXP34-C: Do not dereference null pointers WARNING_FILTER += allow class="Unchecked Parameter Dereference" language=c # CERT-Java:EXP01-J: Do not use a null in a case where an object is required # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unchecked Parameter Dereference (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Unchecked Parameter Dereference (deep) (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="Unchecked Parameter Element Dereference (deep) (Java)" # CERT-C:DCL07-C: Include the appropriate type information in function declarators # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Undeclared Parameter" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Undefined Power of Zero" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables WARNING_FILTER += allow class="Unguarded Field (Java)" # CERT-Java:LCK05-J: Synchronize access to static fields that can be modified by untrusted code WARNING_FILTER += allow class="Unguarded Method (Java)" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables WARNING_FILTER += allow class="Unguarded Parameter (Java)" # CERT-C:EXP33-C: Do not read uninitialized memory # CERT-C:FIO40-C: Reset strings on fgets() or fgetws() failure # CERT-CPP:EXP53-CPP: Do not read uninitialized memory # CERT-CPP:EXP63-CPP: Do not rely on the value of a moved-from object # CERT-CPP:OOP55-CPP: Do not use pointer-to-member operators to access nonexistent members # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Uninitialized Variable" # CERT-CPP:DCL56-CPP: Avoid cycles during initialization of static objects WARNING_FILTER += allow class="Unordered Initialization" # CERT-C:MSC07-C: Detect and remove dead code # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Call" # CERT-C:MSC07-C: Detect and remove dead code # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Computation" # CERT-C:MSC07-C: Detect and remove dead code # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Conditional" # CERT-C:MSC07-C: Detect and remove dead code # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unreachable Control Flow" # CERT-C:MSC07-C: Detect and remove dead code # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreachable Data Flow" # CERT-C:ARR32-C: Ensure size arguments for variable length arrays are in a valid range # CERT-C:INT08-C: Verify that all integer values are in range # CERT-C:INT30-C: Ensure that unsigned integer operations do not wrap # CERT-C:INT32-C: Ensure that operations on signed integers do not result in overflow # CERT-C:MEM05-C: Avoid large stack allocations # CERT-C:MEM11-C: Do not assume infinite heap space # CERT-C:MEM35-C: Allocate sufficient memory for an object # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unreasonable Size Argument" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # CERT-Java:MSC02-J: Generate strong random numbers WARNING_FILTER += allow class="Unsafe Base64 Encoding (Java)" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Unspecified Array Size with Designator Initialization" # CERT-C:POS30-C: Use the readlink() function properly # CERT-C:STR32-C: Do not pass a non-null-terminated character sequence to a library function that expects a string # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unterminated C String" # CERT-C:STR02-C: Sanitize data passed to complex subsystems WARNING_FILTER += allow class="Untrusted Library Load" # CERT-C:INT04-C: Enforce limits on integer values originating from tainted sources WARNING_FILTER += allow class="Untrusted Network Host" # CERT-C:INT04-C: Enforce limits on integer values originating from tainted sources WARNING_FILTER += allow class="Untrusted Network Port" # CERT-C:STR02-C: Sanitize data passed to complex subsystems WARNING_FILTER += allow class="Untrusted Process Creation" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unused Label" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unused Macro" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unused Parameter" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unused Tag" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unused Type" # CERT-C:MSC13-C: Detect and remove unused values # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Unused Value" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed WARNING_FILTER += allow class="Unused Variable" # CERT-C:FIO46-C: Do not access a closed file # CERT-CPP:EXP54-CPP: Do not access an object outside of its lifetime # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use After Close" # CERT-C:MEM01-C: Store a new value in pointers immediately after free() # CERT-C:MEM30-C: Do not access freed memory # CERT-CPP:CTR51-CPP: Use valid references, pointers, and iterators to reference elements of a container # CERT-CPP:EXP54-CPP: Do not access an object outside of its lifetime # CERT-CPP:MEM50-CPP: Do not access freed memory # CERT-CPP:OOP54-CPP: Gracefully handle self-copy assignment # CERT-CPP:STR52-CPP: Use valid references, pointers, and iterators to reference elements of a basic_string # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use After Free" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of Exception Handling Function" # CERT-CPP:ERR52-CPP: Do not use setjmp() or longjmp() WARNING_FILTER += allow class="Use of " # CERT-C:EXP47-C: Do not call va_arg with an argument of the incorrect type # CERT-C:MSC38-C: Do not treat a predefined identifier as an object if it might only be implemented as a macro # CERT-C:MSC39-C: Do not call va_arg() on a va_list that has an indeterminate value # CERT-CPP:EXP58-CPP: Pass an object of the correct type to va_start WARNING_FILTER += allow class="Use of Feature" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of " # CERT-C:MSC33-C: Do not pass invalid data to the asctime() function WARNING_FILTER += allow class="Use of Time/Date Function" # CERT-C:WIN00-C: Be specific when dynamically loading libraries WARNING_FILTER += allow class="Use of AfxLoadLibrary" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of Alignas" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of Alignof" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of C Atomic" # CERT-C:WIN00-C: Be specific when dynamically loading libraries WARNING_FILTER += allow class="Use of CoLoadLibrary" # CERT-C:CON38-C: Preserve thread safety and liveness when using condition variables # CERT-CPP:CON55-CPP: Preserve thread safety and liveness when using condition variables WARNING_FILTER += allow class="Use of Condition Variable Signal" # CERT-C:CON36-C: Wrap functions that can spuriously wake up in a loop # CERT-CPP:CON54-CPP: Wrap functions that can spuriously wake up in a loop WARNING_FILTER += allow class="Use of Condition Variable Wait" # CERT-C:FIO06-C: Create files with appropriate access permissions WARNING_FILTER += allow class="Use of CreateFile" # CERT-C:WIN02-C: Restrict privileges when spawning child processes WARNING_FILTER += allow class="Use of CreateProcess" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO21-C: Do not create temporary files in shared directories # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of GetTempFileName" # CERT-C:WIN00-C: Be specific when dynamically loading libraries WARNING_FILTER += allow class="Use of LoadLibrary" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions WARNING_FILTER += allow class="Use of LoadModule" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions WARNING_FILTER += allow class="Use of MoveFile" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of Noreturn" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of OemToAnsi" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of OemToChar" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of StrCatChainW" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of Thread Local" # CERT-C:MSC25-C: Do not use insecure or weak cryptographic algorithms # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of Weak Cryptographic Algorithm" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions WARNING_FILTER += allow class="Use of WinExec" # CERT-C:ENV32-C: All exit handlers must return normally # CERT-CPP:ERR50-CPP: Do not abruptly terminate the program WARNING_FILTER += allow class="Use of abort" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of abort_handler_s" # CERT-C:ERR34-C: Detect errors when converting a string to a number # CERT-CPP:ERR62-CPP: Detect errors when converting a string to a number WARNING_FILTER += allow class="Use of atof" # CERT-C:ERR34-C: Detect errors when converting a string to a number # CERT-CPP:ERR62-CPP: Detect errors when converting a string to a number WARNING_FILTER += allow class="Use of atoi" # CERT-C:ERR34-C: Detect errors when converting a string to a number # CERT-CPP:ERR62-CPP: Detect errors when converting a string to a number WARNING_FILTER += allow class="Use of atol" # CERT-C:ERR34-C: Detect errors when converting a string to a number # CERT-C:MSC23-C: Beware of vendor-specific library and language differences # CERT-CPP:ERR62-CPP: Detect errors when converting a string to a number WARNING_FILTER += allow class="Use of atoll" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of bsearch_s" # CERT-CPP:DCL57-CPP: Do not let exceptions escape from destructors or deallocation functions # CERT-CPP:ERR61-CPP: Catch exceptions by lvalue reference WARNING_FILTER += allow class="Use of catch" # CERT-C:POS05-C: Limit access to files by creating a jail WARNING_FILTER += allow class="Use of chroot" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of constraint_handler_t" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions WARNING_FILTER += allow class="Use of cuserid" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of drem" # CERT-C:ENV32-C: All exit handlers must return normally # CERT-CPP:ERR50-CPP: Do not abruptly terminate the program WARNING_FILTER += allow class="Use of exit" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of fopen_s" # CERT-C:POS38-C: Beware of race conditions when using fork and file descriptors WARNING_FILTER += allow class="Use of fork" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of freopen_s" # CERT-C:MSC24-C: Do not use deprecated or obsolescent functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of gamma" # CERT-C:ENV30-C: Do not modify the object referenced by the return value of certain functions WARNING_FILTER += allow class="Use of getenv" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of getopt" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of getpass" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of gets" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of getwd" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of gmtime_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of ignore_handler_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of localtime_s" # CERT-C:ENV32-C: All exit handlers must return normally # CERT-C:MSC22-C: Use the setjmp(), longjmp() facility securely # CERT-CPP:ERR52-CPP: Do not use setjmp() or longjmp() WARNING_FILTER += allow class="Use of longjmp" # CERT-C:EXP42-C: Do not compare padding data # CERT-CPP:EXP62-CPP: Do not access the bits of an object representation that are not part of the object's value representation # CERT-CPP:OOP57-CPP: Prefer special member functions and overloaded operators to C Standard Library functions WARNING_FILTER += allow class="Use of memcmp" # CERT-C:MSC06-C: Beware of compiler optimizations # CERT-CPP:EXP62-CPP: Do not access the bits of an object representation that are not part of the object's value representation # CERT-CPP:OOP57-CPP: Prefer special member functions and overloaded operators to C Standard Library functions WARNING_FILTER += allow class="Use of memset" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of memset_s" # CERT-C:FIO01-C: Be careful using functions that use file names for identification WARNING_FILTER += allow class="Use of mkstemp" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO21-C: Do not create temporary files in shared directories # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of mktemp" # CERT-CPP:EXP59-CPP: Use offsetof() on valid types and members WARNING_FILTER += allow class="Use of offsetof" # CERT-C:POS44-C: Do not use signals to terminate threads WARNING_FILTER += allow class="Use of pthread_kill" # CERT-C:POS34-C: Do not call putenv() with a pointer to an automatic variable as the argument WARNING_FILTER += allow class="Use of putenv" # CERT-C:CON33-C: Avoid race conditions when using library functions # CERT-C:MSC30-C: Do not use the rand() function for generating pseudorandom numbers # CERT-CPP:MSC50-CPP: Do not use std::rand() for generating pseudorandom numbers WARNING_FILTER += allow class="Use of rand" # CERT-C:MEM36-C: Do not modify the alignment of objects by calling realloc() WARNING_FILTER += allow class="Use of realloc" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator WARNING_FILTER += allow class="Use of realpath" # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of recvmsg" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of set_constraint_handler_s" # CERT-C:MSC22-C: Use the setjmp(), longjmp() facility securely # CERT-CPP:ERR52-CPP: Do not use setjmp() or longjmp() WARNING_FILTER += allow class="Use of setjmp" # CERT-C:CON37-C: Do not call signal() in a multithreaded program # CERT-C:SIG00-C: Mask signals handled by noninterruptible signal handlers # CERT-C:SIG01-C: Understand implementation-specific details regarding signal handler persistence # CERT-C:SIG02-C: Avoid using signals to implement normal functionality # CERT-C:SIG30-C: Call only asynchronous-safe functions within signal handlers # CERT-C:SIG34-C: Do not call signal() from within interruptible signal handlers WARNING_FILTER += allow class="Use of signal" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of snwprintf_s" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strcat" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strchr" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strcmp" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strcoll" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strcpy" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strcspn" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of strerrorlen_s" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strlen" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strpbrk" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strrchr" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strspn" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strstr" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strtok" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of strtok_s" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-C:STR07-C: Use the bounds-checking interfaces for string manipulation # CERT-C:STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of strtrns" # CERT-C:API02-C: Functions that read or write to or from an array should take an argument to specify the source or target size # CERT-CPP:CTR52-CPP: Guarantee that library functions do not overflow WARNING_FILTER += allow class="Use of syslog" # CERT-C:ENV33-C: Do not call system() WARNING_FILTER += allow class="Use of system" # CERT-CPP:DCL57-CPP: Do not let exceptions escape from destructors or deallocation functions # CERT-CPP:ERR55-CPP: Honor exception specifications # CERT-CPP:ERR58-CPP: Handle all exceptions thrown before main() begins executing # CERT-CPP:ERR61-CPP: Catch exceptions by lvalue reference WARNING_FILTER += allow class="Use of throw" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO21-C: Do not create temporary files in shared directories # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of tmpfile" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO21-C: Do not create temporary files in shared directories WARNING_FILTER += allow class="Use of tmpfile_s" # CERT-C:CON33-C: Avoid race conditions when using library functions # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO21-C: Do not create temporary files in shared directories # This check is enabled by default for the language(s) C, C++, x86, x86_64 # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Use of tmpnam" # CERT-C:FIO01-C: Be careful using functions that use file names for identification # CERT-C:FIO21-C: Do not create temporary files in shared directories WARNING_FILTER += allow class="Use of tmpnam_s" # CERT-C:CON33-C: Avoid race conditions when using library functions WARNING_FILTER += allow class="Use of ttyname" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vfscanf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vfwscanf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vscanf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vsnwprintf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vsscanf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vswscanf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of vwscanf_s" # CERT-C:MSC23-C: Beware of vendor-specific library and language differences WARNING_FILTER += allow class="Use of wcstok_s" # CERT-C:MSC12-C: Detect and remove code that has no effect or is never executed # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Useless Assignment" # CERT-Java:VNA00-J: Ensure visibility when accessing shared primitive variables # CERT-Java:VNA03-J: Do not assume that a group of calls to independently atomic methods is atomic # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Useless volatile Modifier (Java)" # CERT-C:DCL00-C: Const-qualify immutable objects WARNING_FILTER += allow class="Variable Could Be const" # CERT-CPP:OOP50-CPP: Do not invoke virtual functions from constructors or destructors # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Virtual Call in Constructor" # CERT-CPP:OOP50-CPP: Do not invoke virtual functions from constructors or destructors # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Virtual Call in Destructor" # CERT-C:MSC00-C: Compile cleanly at high warning levels WARNING_FILTER += allow class="Warnings Not Treated As Errors" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Cryptographic Value (Java)" # CERT-C:MSC25-C: Do not use insecure or weak cryptographic algorithms WARNING_FILTER += allow class="Weak Cryptography" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm (Java)" # CERT-Java:MSC02-J: Generate strong random numbers # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Hash Algorithm Field (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Field (Java)" # CERT-Java:DRD18: Do not use the default behavior in a cryptographic library if it does not use recommended practices # This check is enabled by default for the language(s) Java, Kotlin # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="Weak Initialization Vector Value (Java)" # CERT-C:POS05-C: Limit access to files by creating a jail WARNING_FILTER += allow class="chroot without chdir" # CERT-Java:OBJ07-J: Sensitive classes must not let themselves be copied # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="clone Non-cloneable (Java)" # CERT-Java:OBJ07-J: Sensitive classes must not let themselves be copied WARNING_FILTER += allow class="clone Subclass of Non-clonable (Java)" # CERT-Java:OBJ07-J: Sensitive classes must not let themselves be copied # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="clone not final (Java)" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="compareTo without equals (Java)" # CERT-Java:MET08-J: Preserve the equality contract when overriding the equals() method # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="compareTo/equals mismatch (Java)" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="cosh on High Number" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="cosh on Low Number" # CERT-CPP:EXP57-CPP: Do not cast or delete pointers to incomplete classes # This check is enabled by default for the language(s) C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="delete of Incomplete Class" # CERT-CPP:OOP52-CPP: Do not delete a polymorphic object without a virtual destructor WARNING_FILTER += allow class="delete with Non-Virtual Destructor" # CERT-Java:EXP02-J: Do not use the Object.equals() method to compare two arrays # CERT-Java:EXP03-J: Do not use the equality operators when comparing values of boxed primitives # This check is enabled by default for the language(s) Java # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="equals on Array (Java)" # CERT-Java:EXP01-J: Do not use a null in a case where an object is required WARNING_FILTER += allow class="null Passed to Method (deep) (Java)" # CERT-C:ARR01-C: Do not apply the sizeof operator to a pointer when taking the size of an array WARNING_FILTER += allow class="sizeof Array Parameter" # CERT-C:FLP32-C: Prevent or detect domain and range errors in math functions # This check is enabled by default for the language(s) C, C++ # It may remain in effect even if the following line is commented out. WARNING_FILTER += allow class="sqrt on Negative Value" # CERT-C:DCL06-C: Use meaningful symbolic constants to represent literal values WARNING_FILTER += allow class="switch With Non-enum Expression" # CERT-CPP:EXP52-CPP: Do not rely on side effects in unevaluated operands WARNING_FILTER += allow class="typeid of Polymorphic Class Type"