C Scan rules
Contrast Scan supports these rules for C.
Severity | Engine rule ID | Contrast rule | Description |
|---|---|---|---|
Critical | OPT.C.AvoidCompDiffTypes | Avoid Comp Diff Types | AvoidCompDiffTypes: Do not compare variables with different basic types |
Critical | OPT.C.CERTC.ARR38 | Adding or subtracting an integer to a pointer if resulting value does not refer to a valid array element | ARR38: Do not add or subtract an integer to a pointer if resulting value does not refer to a valid array element |
Critical | OPT.C.CERTC.EXP34 | NULL Pointer Dereference | EXP34: NULL Pointer Dereference |
Critical | OPT.C.CERTC.MEM30 | Do not access freed memory | MEM30: Do not access freed memory (Use after free) |
Critical | OPT.C.CERTC.MEM34 | Freeing Memory not on the Heap | MEM34: Free of Memory not on the Heap |
Critical | OPT.C.CERTC.PRE09 | Do not replace secure functions with less secure functions | PRE09: Do not replace secure functions with less secure functions |
Critical | OPT.C.CERTC.SIG30 | Signal Handler Use of a Non-reentrant Function | SIG30: Signal Handler Use of a Non-reentrant Function |
Critical | OPT.C.CERTC.SIG32 | Signal Handler Use of a Non-reentrant Function | SIG32: Signal Handler Use of a Non-reentrant Function |
Critical | OPT.C.CERTC.STR31 | Guarantee that storage for strings has sufficient space | STR31: Guarantee that storage for strings has sufficient space for character data and the null terminator |
Critical | OPT.C.CERTC.STR33 | Size wide character strings correctly | STR33: Size wide character strings correctly |
Critical | OPT.C.CERTC.STR35 | Do not copy data from an unbounded source to a fixed-length array | STR35: Do not copy data from an unbounded source to a fixed-length array |
Critical | OPT.C.CheckReturnInPublicFunctions | Check Return In Public Functions | CheckReturnInPublicFunctions: Functions shall not return a pointer or reference to local variables |
Critical | OPT.C.MISRAC.NumberArgsInCallsMustMatchFormalParams | Number Args In Calls Must Match Formal Params | NumberArgsInCallsMustMatchFormalParams: MISRA 16.6: The number of arguments passed to a function shall match the number of parameters |
Critical | OPT.C.SEC.AnonymousLdapBind | Anonymous Ldap Bind | AnonymousLdapBind: Access Control - Anonymous LDAP Bind |
Critical | OPT.C.SEC.PathTraversal | Path Traversal | PathTraversal: Avoid non-neutralized user-controlled input composed in a pathname to a resource |
Critical | OPT.C.SEC.StaticDatabaseConnection | Static Database Connection | StaticDatabaseConnection: Static database connection / session |
Critical | OPT.C.SEC.UnsafeChroot | Unsafe Chroot | UnsafeChroot: Unsafe chroot call. |
Critical | OPT.C.CERTC.FIO30 | Exclude unsanitized input | FIO30: Exclude unsanitized user input from format strings |
Critical | OPT.C.CERTC.STR02 | Sanitize data passed to sensitive subsystems | STR02: Sanitize data passed to sensitive subsystems |
Critical | OPT.C.SEC.ConnectionStringParameterPollution | Connection String Parameter Pollution | ConnectionStringParameterPollution: Connection string polluted with untrusted input |
Critical | OPT.C.SEC.DoSRegexp | DoS Regexp | DoSRegexp: Prevent denial of service attack through malicious regular expression ('Regex Injection') |
Critical | OPT.C.SEC.LdapInjection | Ldap Injection | LdapInjection: Avoid non-neutralized user-controlled input in LDAP search filters |
Critical | OPT.C.SEC.NoSQLInjection | No SQL Injection | NoSQLInjection: Improper neutralization of special elements in data query logic (NoSQL injection) |
Critical | OPT.C.SEC.ProcessControl | Process Control | ProcessControl: Do not load executables or libraries from untrusted sources |
Critical | OPT.C.SEC.SqlInjection | SQL Injection | SqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Critical | OPT.C.SEC.XmlEntityInjection | Xml Entity Injection | XmlEntityInjection: XML entity injection |
Critical | OPT.C.SEC.HardcodedCryptoKey | Hardcoded Crypto Key | HardcodedCryptoKey: Hardcoded cryptographic keys |
High | OPT.C.AvoidSignalManagmentFunctions | Avoid Signal Managment Functions | AvoidSignalManagmentFunctions: Avoid using signal management functions |
High | OPT.C.AvoidStructures | Avoid Structures | AvoidStructures: Avoid using certain kinds of aggregate objects (struct, union, VARIANT) |
High | OPT.C.CERTC.ARR01 | Do not apply the sizeof operator to a pointer when taking the size of an array | ARR01: Do not apply the sizeof operator to a pointer when taking the size of an array |
High | OPT.C.CERTC.ARR33 | Guarantee that copies are made into storage of sufficient size | ARR33: Guarantee that copies are made into storage of sufficient size |
High | OPT.C.CERTC.ENV01 | Assumptions about the size of an environment variable | ENV01: Do not make assumptions about the size of an environment variable |
High | OPT.C.CERTC.ENV32 | Terminating Atexit handler by returning | ENV32: No atexit handler should terminate in any way other than by returning |
High | OPT.C.CERTC.EXP01 | Use of sizeof() on a Pointer Type | EXP01: Use of sizeof() on a Pointer Type |
High | OPT.C.CERTC.EXP33 | Use of Uninitialized Variable | EXP33: Use of Uninitialized Variable |
High | OPT.C.CERTC.FIO01 | Functions using file names for identification | FIO01: Be careful using functions that use file names for identification |
High | OPT.C.CERTC.FIO36 | Do not assume a new-line character is read when using fgets() | FIO36: Do not assume a new-line character is read when using fgets() |
High | OPT.C.CERTC.FIO37 | Do not assume character data has been read | FIO37: Do not assume character data has been read |
High | OPT.C.CERTC.INT34 | Check number of bits in shift operations | INT34: In shift operations, do not shift a negative number of bits or more bits than exist in the left operand |
High | OPT.C.CERTC.MEM00 | Allocate and free memory in the same module | MEM00: Allocate and free memory in the same module at the same level of abstraction |
High | OPT.C.CERTC.MEM31 | Only Free allocated memory once | MEM31: Free dynamically allocated memory exactly once (Double Free) |
High | OPT.C.CERTC.MEM32 | Detect and handle memory allocation errors | MEM32: Detect and handle memory allocation errors |
High | OPT.C.CERTC.POS35 | Race condition with link following | POS35: Race Condition Enabling Link Following |
High | OPT.C.CERTC.POS36 | Observe correct revocation order while relinquishing privileges | POS36: Observe correct revocation order while relinquishing privileges |
High | OPT.C.CERTC.POS37 | Improper Check for Dropped Privileges | POS37: Improper Check for Dropped Privileges |
High | OPT.C.CERTC.PRE02 | Macro replacement lists should be parenthesized | PRE02: Macro replacement lists should be parenthesized |
High | OPT.C.CERTC.SIG02 | Avoid using signals to implement normal functionality | SIG02: Avoid using signals to implement normal functionality |
High | OPT.C.CERTC.STR06 | Ensure strtok() leaves the parse string unchanged | STR06: Do not assume that strtok() leaves the parse string unchanged |
High | OPT.C.CERTC.STR07 | Use TR 24731 for remediation of existing string manipulation | STR07: Use TR 24731 for remediation of existing string manipulation code |
High | OPT.C.CERTC.STR32 | Null-terminate byte strings as required | STR32: Null-terminate byte strings as required |
High | OPT.C.CERTC.STR36 | Do not specify the bound of a character array initialized with a string literal | STR36: Do not specify the bound of a character array initialized with a string literal |
High | OPT.C.CorrectUseMemoryLeaks | Correct Use Memory Leaks | CorrectUseMemoryLeaks: Allocated memory must be released in same scope |
High | OPT.C.DontUseMemoryFunction | Dont Use Memory Function | DontUseMemoryFunction: Do not use malloc, calloc, realloc or free |
High | OPT.C.GlobalVarNotUsedLocally | Global Var Not Used Locally | GlobalVarNotUsedLocally: Global variables not locally used |
High | OPT.C.ImplicitTypeConversion | Implicit Type Conversion | ImplicitTypeConversion: Avoid function calls that cause implicit type conversions |
High | OPT.C.LocalVarsWithGlobalNames | Local Vars With Global Names | LocalVarsWithGlobalNames: Avoid using the same name with global and local variables |
High | OPT.C.MISRAC.AvoidFileScopeWhenAccessedFromSingleFunction | Avoid File Scope When Accessed From Single Function | AvoidFileScopeWhenAccessedFromSingleFunction: MISRA 8.7: Objects shall be defined at block scope if they are only accessed from within a single function |
High | OPT.C.MISRAC.AvoidRecursiveFunctions | Avoid Recursive Functions | AvoidRecursiveFunctions: MISRA 16.2: Functions shall not call themselves, either directly or indirectly |
High | OPT.C.MISRAC.DoNotCheckFloatEqualNotEqual | Do Not Check Float Equal Not Equal | DoNotCheckFloatEqualNotEqual: MISRA 13.3: Floating-point expressions shall not be tested for equality or inequality |
High | OPT.C.MISRAC.DoNotUseDynamicHeapAllocation | Do Not Use Dynamic Heap Allocation | DoNotUseDynamicHeapAllocation: MISRA 20.4: Dynamic heap allocation shall not be used |
High | OPT.C.MISRAC.DoNotUseReservedNameAsIdentifier | Do Not Use Reserved Name As Identifier | DoNotUseReservedNameAsIdentifier: MISRA 20.2: The names of standard library macros, objects and functions shall not be reused |
High | OPT.C.MISRAC.DoNotUseReservedNameAsMacroName | Do Not Use Reserved Name As Macro Name | DoNotUseReservedNameAsMacroName: MISRA 20.1: Reserved identifiers, macros and functions in standard library shall not be defined, redefined or undefined |
High | OPT.C.MISRAC.DoNotUseSetjmpLongjmp | Do Not Use Setjmp Longjmp | DoNotUseSetjmpLongjmp: MISRA 20.7: The setjmp macro and the longjmp function shall not be used |
High | OPT.C.MISRAC.DoNotUseSignalHandlingFunctions | Do Not Use Signal Handling Functions | DoNotUseSignalHandlingFunctions: MISRA 20.8: The signal handling facilities of signal.h shall not be used |
High | OPT.C.MISRAC.DoNotUseStdioFunctions | Do Not Use Stdio Functions | DoNotUseStdioFunctions: MISRA 20.9: The input/output library stdio.h shall not be used in production code |
High | OPT.C.MISRAC.DoNotUseTimeFunctions | Do Not Use Time Functions | DoNotUseTimeFunctions: MISRA 20.12: The time handling functions of library time.h shall not be used |
High | OPT.C.MISRAC.EncloseInParanthesesMacroArgs | Enclose In Parantheses Macro Args | EncloseInParanthesesMacroArgs: MISRA 19.10: In the definition of a function-like macro each parameter shall be enclosed in parentheses |
High | OPT.C.MISRAC.ExplicitTypeForVarsFunctions | Explicit Type For Vars Functions | ExplicitTypeForVarsFunctions: MISRA 8.2: Whenever an object or function is declared or defined, its type shall be explicitly stated |
High | OPT.C.MISRAC.FunctionMacroInvokedWithAllArguments | Function Macro Invoked With All Arguments | FunctionMacroInvokedWithAllArguments: MISRA 19.8: A function-like macro shall not be invoked without all of its arguments |
High | OPT.C.MISRAC.IdentifiersMustNotExceed31Chars | Identifiers Must Not Exceed31 Chars | IdentifiersMustNotExceed31Chars: MISRA 5.1: Identifiers (internal and external) shall not rely on the significance of more than 31 characters |
High | OPT.C.MISRAC.InitialiseAutoVariablesBeforeUse | Initialise Auto Variables Before Use | InitialiseAutoVariablesBeforeUse: MISRA 9.1: All automatic variables shall have been assigned a value before being used |
High | OPT.C.MISRAC.InitializationForArrayStructsMustMatchLayout | Initialization For Array Structs Must Match Layout | InitializationForArrayStructsMustMatchLayout: MISRA 9.2: Braces shall be used to indicate and match the structure of the non-zero initialisation of arrays and structures |
High | OPT.C.MISRAC.ProperBitFieldStruct | Proper Bit Field Struct | ProperBitFieldStruct: MISRA 3.5: Bit-fields in structs should use int type and not be mixed with non bit-fields |
High | OPT.C.MISRAC.SingleDefinitionForExternalLinkageIdentifiers | Single Definition For External Linkage Identifiers | SingleDefinitionForExternalLinkageIdentifiers: MISRA 8.9: An identifier with external linkage shall have exactly one definition |
High | OPT.C.MultipleInclusionPreventionGuard | Multiple Inclusion Prevention Guard | MultipleInclusionPreventionGuard: Multiple inclusion guard for headers |
High | OPT.C.NoSpecifyUnixNamesInInclude | No Specify Unix Names In Include | NoSpecifyUnixNamesInInclude: Do not use absolute path names in #include directives |
High | OPT.C.NonGotoStatement | Non Goto Statement | NonGotoStatement: Do not use goto statement |
High | OPT.C.RemoveUnusedMethods | Remove Unused Methods | RemoveUnusedMethods: Remove unused functions |
High | OPT.C.UnspecifiedParameters | Unspecified Parameters | UnspecifiedParameters: Avoid definition of variadic functions (variable number of parameters) |
High | OPT.C.PORT.HardcodedAbsolutePath | Hardcoded Absolute Path | HardcodedAbsolutePath: Do not hardcode absolute paths |
High | OPT.C.CERTC.ENV04 | Calling system() if you do not need a command processor | ENV04: Do not call system() if you do not need a command processor |
High | OPT.C.CERTC.FIO34 | Use int to capture the return value of character I/O functions | FIO34: Use int to capture the return value of character I/O functions |
High | OPT.C.CERTC.FIO43 | Temporary File created with Incorrect Permissions | FIO43: Creation of Temporary File in Directory with Incorrect Permissions |
High | OPT.C.MISRAC.AvoidVarargFunctions | Avoid Vararg Functions | AvoidVarargFunctions: MISRA 16.1: Functions shall not be defined with a variable number of arguments |
High | OPT.C.SEC.ResourceInjection | Resource Injection | ResourceInjection: Improper control of resource identifiers ("Resource Injection") |
High | OPT.C.SEC.HardcodedSalt | Hardcoded Salt | HardcodedSalt: Use of hardcoded salt |
High | OPT.C.SEC.InsufficientKeySize | Insufficient Key Size | InsufficientKeySize: Weak cryptography, insufficient key length |
High | OPT.C.SEC.WeakCryptographicHash | Weak Cryptographic Hash | WeakCryptographicHash: Weak cryptographic hash |
High | OPT.C.SEC.WeakEncryption | Weak Encryption | WeakEncryption: Weak symmetric encryption algorithm |
Info | OPT.C.AvoidBracesSameLine | Avoid Braces Same Line | AvoidBracesSameLine: Write curly brackets {} on a separate line |
Info | OPT.C.AvoidNumericValues | Avoid Numeric Values | AvoidNumericValues: Avoid numeric constants in code |
Info | OPT.C.AvoidQuestionMark | Avoid Question Mark | AvoidQuestionMark: Avoid ?: ternary operator |
Info | OPT.C.BreakInLoops | Break In Loops | BreakInLoops: Do not use break statement in loops |
Info | OPT.C.ClassNamingConvention | Class Naming Convention | ClassNamingConvention: Names for struct / union / class / namespace items must follow a naming convention |
Info | OPT.C.ConstantNamingConvention | Constant Naming Convention | ConstantNamingConvention: Global constant naming convention |
Info | OPT.C.DataMemberNamingConvention | Data Member Naming Convention | DataMemberNamingConvention: Data member naming convention |
Info | OPT.C.ForbiddenFunctions | Forbidden Functions | ForbiddenFunctions: Avoid use of discouraged functions |
Info | OPT.C.MISRAC.AtMostOneBreakInLoop | At Most One Break In Loop | AtMostOneBreakInLoop: MISRA 14.6: For any iteration statement there shall be at most one break statement used for loop termination |
Info | OPT.C.MISRAC.AvoidTrigraphs | Avoid Trigraphs | AvoidTrigraphs: MISRA 4.2: Trigraphs shall not be used |
Info | OPT.C.MISRAC.DoNotCommentOutSourceCode | Do Not Comment Out Source Code | DoNotCommentOutSourceCode: MISRA 2.4: Sections of code should not be commented out |
Info | OPT.C.MISRAC.ExplicitCheckAgainstZero | Explicit Check Against Zero | ExplicitCheckAgainstZero: MISRA 13.2: Tests of a value against zero should be made explicit, unless the operand is effectively Boolean |
Info | OPT.C.MISRAC.IncludeNotAfterStatements | Include Not After Statements | IncludeNotAfterStatements: MISRA 19.1: #include directives should only be preceeded in a file by other preprocessor directives or comments |
Info | OPT.C.MacrosNamingConvention | Macros Naming Convention | MacrosNamingConvention: Macros naming convention |
Info | OPT.C.MaximunLineSize | Maximun Line Size | MaximunLineSize: MaxLineSize: Do not use too long code lines |
Info | OPT.C.MethodNamingConvention | Method Naming Convention | MethodNamingConvention: Functions / class methods naming convention |
Info | OPT.C.MethodsCommentCodeRatio | Methods Comment Code Ratio | MethodsCommentCodeRatio: Avoid functions with a low comment code ratio |
Info | OPT.C.ParenthesizedFunctions | Parenthesized Functions | ParenthesizedFunctions: Write sizeof and return with parenthesis |
Info | OPT.C.SpaceIndentation | Space Indentation | SpaceIndentation: Allow spaces before and after operators |
Info | OPT.C.TypedefNamingConvention | Typedef Naming Convention | TypedefNamingConvention: Names for typedef-declared types must follow a naming convention |
Info | OPT.C.UseBlocks | Use Blocks | UseBlocks: Use blocks in conditional and iterative statements |
Low | OPT.C.AvoidManyParametersFunction | Avoid Many Parameters Function | AvoidManyParametersFunction: Avoid functions with too many parameters |
Low | OPT.C.AvoidOneCaseSwitch | Avoid One Case Switch | AvoidOneCaseSwitch: Avoid switch statements with a low number of case conditions |
Low | OPT.C.CERTC.ARR31 | Use consistent array notation across all source files | ARR31: Use consistent array notation across all source files |
Low | OPT.C.CERTC.INT13 | Use bitwise operators only on unsigned operands | INT13: Use bitwise operators only on unsigned operands |
Low | OPT.C.CERTC.POS33 | Do not use vfork() | POS33: Do not use vfork() |
Low | OPT.C.CERTC.PRE00 | Prefer inline or static functions to function-like macros | PRE00: Prefer inline or static functions to function-like macros |
Low | OPT.C.CheckNamesDefinitionAndDeclaration | Check Names Definition And Declaration | CheckNamesDefinitionAndDeclaration: Formal parameters names in function definition and declaration |
Low | OPT.C.ClassCommentCodeRatio | Class Comment Code Ratio | ClassCommentCodeRatio: Avoid classes, structs or unions with low comment/code ratio |
Low | OPT.C.DontComparePointerToNull | Dont Compare Pointer To Null | DontComparePointerToNull: Do not compare a pointer to NULL, use 0 instead |
Low | OPT.C.DontComparePointerToZero | Dont Compare Pointer To Zero | DontComparePointerToZero: Do not compare a pointer to zero, use NULL instead |
Low | OPT.C.IncludingHeaderFile | Including Header File | IncludingHeaderFile: Avoid implementation files that do not include a header file with the same name |
Low | OPT.C.InitializationInsteadAssignment | Initialization Instead Assignment | InitializationInsteadAssignment: Always use initialization instead of assignment |
Low | OPT.C.MISRAC.AvoidSingleLineComments | Avoid Single Line Comments | AvoidSingleLineComments: MISRA 2.2: C99/C++ single line comments (//...) shall not be used |
Low | OPT.C.MISRAC.AvoidUnreachableCode | Avoid Unreachable Code | AvoidUnreachableCode: MISRA 14.1: There shall be no unreachable code |
Low | OPT.C.MISRAC.CaseWithBreak | Case With Break | CaseWithBreak: MISRA 15.2: An unconditional break statement shall terminate every non-empty case clause of a switch |
Low | OPT.C.MISRAC.CommentShouldNotContainOpenCommentChars | Comment Should Not Contain Open Comment Chars | CommentShouldNotContainOpenCommentChars: MISRA 2.3: A comment shall not contain the string /* |
Low | OPT.C.MISRAC.DeclareConstPointerParamIfUnchangedValue | Declare Const Pointer Param If Unchanged Value | DeclareConstPointerParamIfUnchangedValue: MISRA 16.7: A pointer parameter in a function should be declared as pointer to const if the pointer is not used to modify the addressed object |
Low | OPT.C.MISRAC.DoNotDefUndefMacrosInBlocks | Do Not Def Undef Macros In Blocks | DoNotDefUndefMacrosInBlocks: MISRA 19.5: Macros shall not be defined or undefined within a block |
Low | OPT.C.MISRAC.DoNotUseAtofAtoiAtol | Do Not Use Atof Atoi Atol | DoNotUseAtofAtoiAtol: MISRA 20.10: The library functions atof, atoi and atol from library stdlib.h shall not be used |
Low | OPT.C.MISRAC.ExplicitSizeInExternArrays | Explicit Size In Extern Arrays | ExplicitSizeInExternArrays: MISRA 8.12: When an array is declared with external linkage, its size shall be stated explicitly or defined implicitly by initialization |
Low | OPT.C.MISRAC.FunctionPointerCasts | Function Pointer Casts | FunctionPointerCasts: MISRA 11.1: Conversions shall not be performed between a pointer to a function and any type other than an integral type |
Low | OPT.C.MISRAC.IfElseIfMustEndWithElse | If Else If Must End With Else | IfElseIfMustEndWithElse: MISRA 14.10: All if...else if constructs shall be terminated with an else clause |
Low | OPT.C.MISRAC.IfElseStatementsMustUseBraces | If Else Statements Must Use Braces | IfElseStatementsMustUseBraces: MISRA 14.9: If-else statements must use braces |
Low | OPT.C.MISRAC.LogicalExpressionWithPrimaryExpressionOperands | Logical Expression With Primary Expression Operands | LogicalExpressionWithPrimaryExpressionOperands: MISRA 12.5: The operands of a logical && or || shall be primary-expressions |
Low | OPT.C.MISRAC.LoopsShouldUseBraces | Loops Should Use Braces | LoopsShouldUseBraces: MISRA 14.8: Loops must use braces to delimit loop body |
Low | OPT.C.MISRAC.MaxTwoPointerIndirections | Max Two Pointer Indirections | MaxTwoPointerIndirections: MISRA 17.5: Declaration of objects should contain no more than 2 levels of pointer indirection |
Low | OPT.C.MISRAC.NoPointerArithmeticExceptArrayIndex | No Pointer Arithmetic Except Array Index | NoPointerArithmeticExceptArrayIndex: MISRA 17.4: Array indexing shall be the only allowed form of pointer arithmetic |
Low | OPT.C.MISRAC.NoSideEffectsInRightOperandOfLogicalOp | No Side Effects In Right Operand Of Logical Op | NoSideEffectsInRightOperandOfLogicalOp: MISRA 12.4: Right-hand operands of a logical && or || operator shall not contain side effects |
Low | OPT.C.MISRAC.SwitchMustHaveBraces | Switch Must Have Braces | SwitchMustHaveBraces: MISRA 14.8: Switch statements must use braces |
Low | OPT.C.MISRAC.UseStaticForInternalLinkageIdentifiers | Use Static For Internal Linkage Identifiers | UseStaticForInternalLinkageIdentifiers: MISRA 8.11: Use static storage specifier for definitions / declarations of objects and functions with internal linkage |
Low | OPT.C.OneStatementPerLine | One Statement Per Line | OneStatementPerLine: Only one statement per line |
Low | OPT.C.OnlyOneReturn | Only One Return | OnlyOneReturn: Only one 'return' statement per function |
Low | OPT.C.SpecifyReturnType | Specify Return Type | SpecifyReturnType: Explicit specification of the return type of a function |
Low | OPT.C.VariablesNeverUsed | Variables Never Used | VariablesNeverUsed: Local variables never used |
Medium | OPT.C.AvoidGlobalVars | Avoid Global Vars | AvoidGlobalVars: Avoid using global variables |
Medium | OPT.C.AvoidLargeMethods | Avoid Large Methods | AvoidLargeMethods: Avoid functions and methods with too many lines of code |
Medium | OPT.C.AvoidVolatileVars | Avoid Volatile Vars | AvoidVolatileVars: Do not use volatile variables |
Medium | OPT.C.CERTC.ARR30 | Do not form or use out-of-bounds pointers or array subscripts on arrays | ARR30: Do not form or use out-of-bounds pointers or array subscripts on arrays. |
Medium | OPT.C.CERTC.ARR35 | Allowing loops to iterate beyond the end of an array | ARR35: Do not allow loops to iterate beyond the end of an array |
Medium | OPT.C.CERTC.ARR35_bis | Allowing loops to iterate beyond the end of an array | ARR35: Do not allow loops to iterate beyond the end of an array |
Medium | OPT.C.CERTC.FIO33 | Detect and handle input/output errors | FIO33: Detect and handle input/output errors resulting in undefined behavior |
Medium | OPT.C.CERTC.INT35 | Evaluate integer expressions | INT35: Evaluate integer expressions in a larger size before comparing or assigning to that size |
Medium | OPT.C.CERTC.MEM08 | Use realloc() to resize dynamically allocated arrays | MEM08: Use realloc() only to resize dynamically allocated arrays |
Medium | OPT.C.CERTC.MEM35 | Incorrect Calculation of Buffer Size | MEM35: Incorrect Calculation of Buffer Size. |
Medium | OPT.C.CERTC.POS30 | Use the readlink() function properly | POS30: Use the readlink() function properly |
Medium | OPT.C.CERTC.PRE01 | Use parentheses within macros around parameter names | PRE01: Use parentheses within macros around parameter names |
Medium | OPT.C.CERTC.PRE10 | Wrap multistatement macros in a do-while loop | PRE10: Wrap multistatement macros in a do-while loop |
Medium | OPT.C.DontConvertConstToNonConst | Dont Convert Const To Non Const | DontConvertConstToNonConst: Never convert a const to a non-const |
Medium | OPT.C.IncludeHeadersOnly | Include Headers Only | IncludeHeadersOnly: Avoid using #include with files which are not header files |
Medium | OPT.C.MISRAC.AllMacroIdentifiersDefinedBeforeUse | All Macro Identifiers Defined Before Use | AllMacroIdentifiersDefinedBeforeUse: MISRA 19.11: All macro identifiers in preprocessor directives shall be defined before use, except in #ifdef and #ifndef directives and defined() operator |
Medium | OPT.C.MISRAC.ArithmeticOnPointersToArray | Arithmetic On Pointers To Array | ArithmeticOnPointersToArray: MISRA 17.1: Pointer arithmetic shall only be applied to pointers that address an array or array element |
Medium | OPT.C.MISRAC.AvoidAssignmentInBooleanExpressions | Avoid Assignment In Boolean Expressions | AvoidAssignmentInBooleanExpressions: MISRA 13.1: Assignment operators shall not be used in expressions that yield a boolean value |
Medium | OPT.C.MISRAC.AvoidCommaOperator | Avoid Comma Operator | AvoidCommaOperator: MISRA 12.10: The comma operator shall not be used |
Medium | OPT.C.MISRAC.AvoidContinueStatement | Avoid Continue Statement | AvoidContinueStatement: MISRA 14.5: Continue statement must not be used |
Medium | OPT.C.MISRAC.AvoidGotoStatement | Avoid Goto Statement | AvoidGotoStatement: MISRA 14.4: Goto statement must not be used |
Medium | OPT.C.MISRAC.AvoidNonNullStatementsWithoutEffect | Avoid Non Null Statements Without Effect | AvoidNonNullStatementsWithoutEffect: MISRA 14.2: All non-null statements shall either have at least one side-effect however executed, or cause control flow to change |
Medium | OPT.C.MISRAC.AvoidNonStandardCharsInHeaderFilenames | Avoid Non Standard Chars In Header Filenames | AvoidNonStandardCharsInHeaderFilenames: MISRA 19.2: Non-standard characters should not occur in header file names in #include directives |
Medium | OPT.C.MISRAC.AvoidNonStandardEscapeSequences | Avoid Non Standard Escape Sequences | AvoidNonStandardEscapeSequences: MISRA 4.1: For character constants, only those escape sequences defined in ISO C Standard shall be used |
Medium | OPT.C.MISRAC.AvoidOctalConstants | Avoid Octal Constants | AvoidOctalConstants: MISRA 7.1: Octal constants (other than zero) and octal escape sequences shall not be used |
Medium | OPT.C.MISRAC.AvoidUndefDirective | Avoid Undef Directive | AvoidUndefDirective: MISRA 19.6: #undef shall not be used |
Medium | OPT.C.MISRAC.AvoidUnnecessaryExternalLinkage | Avoid Unnecessary External Linkage | AvoidUnnecessaryExternalLinkage: MISRA 8.10: All declarations and definitions of objects or functions at file scope shall have internal linkage unless external linkage is required |
Medium | OPT.C.MISRAC.ComparePointersWhenOnSameArray | Compare Pointers When On Same Array | ComparePointersWhenOnSameArray: MISRA 17.3: >, > []{'MISRA-C': ['17.3']} |
Medium | OPT.C.MISRAC.DeclareFunctionsAtFileScope | Declare Functions At File Scope | DeclareFunctionsAtFileScope: MISRA 8.6: Functions shall be declared at file scope |
Medium | OPT.C.MISRAC.DeclareNoParametersFunctionAsVoid | Declare No Parameters Function As Void | DeclareNoParametersFunctionAsVoid: MISRA 16.5: Functions with no parameters shall be declared with parameter type void |
Medium | OPT.C.MISRAC.DoNotMixIncDecOperatorsWithOtherOperators | Do Not Mix Inc Dec Operators With Other Operators | DoNotMixIncDecOperatorsWithOtherOperators: MISRA 12.13: The increment (++) and decrement (--) operators shall not be mixed with other operators in an expression |
Medium | OPT.C.MISRAC.DoNotModifyLoopVariableInBody | Do Not Modify Loop Variable In Body | DoNotModifyLoopVariableInBody: MISRA 13.6: Variables being used within a for loop for iteration counting shall not be modified in the loop body |
Medium | OPT.C.MISRAC.DoNotUseAbortExitGetenvSystem | Do Not Use Abort Exit Getenv System | DoNotUseAbortExitGetenvSystem: MISRA 20.11: The library functions abort, exit, getenv and system from library stdlib.h shall not be used |
Medium | OPT.C.MISRAC.DoNotUseErrno | Do Not Use Errno | DoNotUseErrno: MISRA 20.5: The error indicator variable errno shall not be used |
Medium | OPT.C.MISRAC.DoNotUseOffsetof | Do Not Use Offsetof | DoNotUseOffsetof: MISRA 20.6: The macro offsetof, in stddef.h, shall not be used |
Medium | OPT.C.MISRAC.DoNotUseUnderlyingBitRepOfFloat | Do Not Use Underlying Bit Rep Of Float | DoNotUseUnderlyingBitRepOfFloat: MISRA 12.12: Underlying bit representations of floating-point values shall not be used |
Medium | OPT.C.MISRAC.DocumentPragmaDirectives | Document Pragma Directives | DocumentPragmaDirectives: MISRA 3.4: All uses of the #pragma directive shall be documented and explained |
Medium | OPT.C.MISRAC.EncapsulateAssembly | Encapsulate Assembly | EncapsulateAssembly: MISRA 2.1: Assembly language shall be encapsulated and isolated |
Medium | OPT.C.MISRAC.EvaluationOrderIndependence | Evaluation Order Independence | EvaluationOrderIndependence: MISRA 12.2: The value of an expression shall be the same under any order of evaluation that the standard permits |
Medium | OPT.C.MISRAC.FloatImplicitConversions | Float Implicit Conversions | FloatImplicitConversions: MISRA 10.2: The value of an expression of floating type shall not be implicitly converted to a different underlying type |
Medium | OPT.C.MISRAC.ForControlExpressionWithFloatObjects | For Control Expression With Float Objects | ForControlExpressionWithFloatObjects: MISRA 13.4: The controlling expression of a for statement shall not contain any objects of floating type |
Medium | OPT.C.MISRAC.ForLoopExpressionsForLoopControl | For Loop Expressions For Loop Control | ForLoopExpressionsForLoopControl: MISRA 13.5: The three expressions of a for statement shall be concerned only with loop control |
Medium | OPT.C.MISRAC.FunctionsShouldHaveSingleReturnAtEnd | Functions Should Have Single Return At End | FunctionsShouldHaveSingleReturnAtEnd: MISRA 14.7: Functions shall have a single point of exit at the end of the function |
Medium | OPT.C.MISRAC.IdentifiersMustNotHideOuterDefinitions | Identifiers Must Not Hide Outer Definitions | IdentifiersMustNotHideOuterDefinitions: MISRA 5.2: Identifiers in an inner scope shall not hide outer scope ones by reusing the same name |
Medium | OPT.C.MISRAC.IntegerImplicitConversions | Integer Implicit Conversions | IntegerImplicitConversions: MISRA 10.1: The value of an expression of integer type shall not be implicitly converted to a different underlying type |
Medium | OPT.C.MISRAC.MacroExpansionCheck | Macro Expansion Check | MacroExpansionCheck: MISRA 19.4: C macros shall only expand to safe constructions |
Medium | OPT.C.MISRAC.NameParametersInFunctionPrototypes | Name Parameters In Function Prototypes | NameParametersInFunctionPrototypes: MISRA 16.3: Names shall be given for all parameters in function prototype |
Medium | OPT.C.MISRAC.ObjectPointerCasts | Object Pointer Casts | ObjectPointerCasts: MISRA 11.2: Conversions shall not be performed between a pointer to an object and any type other than an integral type, another pointer to object type, or a pointer to void |
Medium | OPT.C.MISRAC.ProperCastComplexFloatExpression | Proper Cast Complex Float Expression | ProperCastComplexFloatExpression: MISRA 10.4: The value of a complex expression of floating type shall only be cast to a floating type narrower or of the same size |
Medium | OPT.C.MISRAC.ProperCastComplexIntegerExpression | Proper Cast Complex Integer Expression | ProperCastComplexIntegerExpression: MISRA 10.3: The value of a complex expression of integer type shall only be cast to a type of same signedness no wider than the underlying type of the expression |
Medium | OPT.C.MISRAC.SameFunctionDeclarationAndDefinition | Same Function Declaration And Definition | SameFunctionDeclarationAndDefinition: MISRA 8.3: For each function parameter the type in the declaration and definition shall be identical, and return types shall also be identical |
Medium | OPT.C.MISRAC.SizeofExprWithSideEffects | Sizeof Expr With Side Effects | SizeofExprWithSideEffects: MISRA 12.3: The sizeof operator shall not be used on expressions that contain side effects |
Medium | OPT.C.MISRAC.SwitchWithDefault | Switch With Default | SwitchWithDefault: MISRA 15.3: Avoid switch statement without a default clause |
Medium | OPT.C.MISRAC.SwitchWithoutCaseShouldBeRefactored | Switch Without Case Should Be Refactored | SwitchWithoutCaseShouldBeRefactored: MISRA 15.5: Switch statements without any case shall be refactored |
Medium | OPT.C.MISRAC.TagUniqueIdentifier | Tag Unique Identifier | TagUniqueIdentifier: MISRA 5.4: A tag name shall be a unique identifier |
Medium | OPT.C.MISRAC.TypedefUniqueIdentifier | Typedef Unique Identifier | TypedefUniqueIdentifier: MISRA 5.3: A typedef name shall be a unique identifier |
Medium | OPT.C.MISRAC.UnsignedBitwiseOperands | Unsigned Bitwise Operands | UnsignedBitwiseOperands: MISRA 12.7: Bitwise operators shall not be applied to operands whose underlying type is signed |
Medium | OPT.C.PotentialInfiniteLoop | Potential Infinite Loop | PotentialInfiniteLoop: Loop with Unreachable Exit Condition ('Infinite Loop') |
Medium | OPT.C.RemoveUnusedParam | Remove Unused Param | RemoveUnusedParam: Remove unused parameters in functions |
Medium | OPT.C.PORT.ObsoleteFunction | Obsolete Function | ObsoleteFunction: Do not use deprecated or obsolete functions. |
Medium | OPT.C.SEC.HardcodedUsernamePassword | Hardcoded Username Password | HardcodedUsernamePassword: Use of Hard-coded Credentials |
Medium | OPT.C.SEC.InsecureRandomness | Insecure Randomness | InsecureRandomness: Standard pseudo-random number generators cannot withstand cryptographic attacks |