CPP Scan rules
Contrast Scan supports these rules for CPP.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Critical | Avoid Comp Diff Types | OPT.CPP.AvoidCompDiffTypes | AvoidCompDiffTypes: Do not compare variables with different basic types |
Critical | Adding or subtracting an integer to a pointer if resulting value does not refer to a valid array element | OPT.CPP.CERTC.ARR38 | ARR38: Do not add or subtract an integer to a pointer if resulting value does not refer to a valid array element |
Critical | NULL Pointer Dereference | OPT.CPP.CERTC.EXP34 | EXP34: NULL Pointer Dereference |
Critical | Do not access freed memory | OPT.CPP.CERTC.MEM30 | MEM30: Do not access freed memory (Use after free) |
Critical | Freeing Memory not on the Heap | OPT.CPP.CERTC.MEM34 | MEM34: Free of Memory not on the Heap |
Critical | Do not replace secure functions with less secure functions | OPT.CPP.CERTC.PRE09 | PRE09: Do not replace secure functions with less secure functions |
Critical | Signal Handler Use of a Non-reentrant Function | OPT.CPP.CERTC.SIG30 | SIG30: Signal Handler Use of a Non-reentrant Function |
Critical | Signal Handler Use of a Non-reentrant Function | OPT.CPP.CERTC.SIG32 | SIG32: Signal Handler Use of a Non-reentrant Function |
Critical | Guarantee that storage for strings has sufficient space | OPT.CPP.CERTC.STR31 | STR31: Guarantee that storage for strings has sufficient space for character data and the null terminator |
Critical | Size wide character strings correctly | OPT.CPP.CERTC.STR33 | STR33: Size wide character strings correctly |
Critical | Do not copy data from an unbounded source to a fixed-length array | OPT.CPP.CERTC.STR35 | STR35: Do not copy data from an unbounded source to a fixed-length array |
Critical | Destructors Must Be Noexcept | OPT.CPP.COREGL.DestructorsMustBeNoexcept | DestructorsMustBeNoexcept: Destructor must be noexcept. |
Critical | Multiple Mutexes Acquired On Separate Locks | OPT.CPP.COREGL.MultipleMutexesAcquiredOnSeparateLocks | MultipleMutexesAcquiredOnSeparateLocks: Multiple mutexes should be acquired in a single lock. |
Critical | Temporary R A I I Object | OPT.CPP.COREGL.TemporaryRAIIObject | TemporaryRAIIObject: Temporary RAII object. |
Critical | Wait Without Condition | OPT.CPP.COREGL.WaitWithoutCondition | WaitWithoutCondition: Call to "std::condition_variable::wait() without a condition. |
Critical | Check Return In Public Functions | OPT.CPP.CheckReturnInPublicFunctions | CheckReturnInPublicFunctions: Functions shall not return a pointer or reference to local variables |
Critical | Number Args In Calls Must Match Formal Params | OPT.CPP.MISRAC.NumberArgsInCallsMustMatchFormalParams | NumberArgsInCallsMustMatchFormalParams: MISRA 16.6: The number of arguments passed to a function shall match the number of parameters |
Critical | Avoid Throw Exception In Destructor | OPT.CPP.AvoidThrowExceptionInDestructor | AvoidThrowExceptionInDestructor: Never throw an exception from a destructor |
Critical | Braces In Array Delete | OPT.CPP.BracesInArrayDelete | BracesInArrayDelete: Arrays allocated with new[] must be deallocated with delete[] |
Critical | Class With New Must Define Copy Cons And Assignment Op | OPT.CPP.ClassWithNewMustDefineCopyConsAndAssignmentOp | ClassWithNewMustDefineCopyConsAndAssignmentOp: Classes that allocate memory in data members should define copy constructor and allocation operator |
Critical | No Base Class Without Virtual Destructor | OPT.CPP.NoBaseClassWithoutVirtualDestructor | NoBaseClassWithoutVirtualDestructor: Define virtual destructor in every base class. |
Critical | No Global Objects In Const And Destr | OPT.CPP.NoGlobalObjectsInConstAndDestr | NoGlobalObjectsInConstAndDestr: Avoid using global objects in constructors and destructors |
Critical | No Member In Class Definition | OPT.CPP.NoMemberInClassDefinition | NoMemberInClassDefinition: No member functions should be defined within the class definition |
Critical | No Virtual Method Calls In Const Or Destr | OPT.CPP.NoVirtualMethodCallsInConstOrDestr | NoVirtualMethodCallsInConstOrDestr: Avoid calling virtual functions from constructors or destructors |
Critical | Virtual Destructor If Virtual Method | OPT.CPP.VirtualDestructorIfVirtualMethod | VirtualDestructorIfVirtualMethod: Avoid Classes with at least one virtual Method and without a virtual Destructor |
Critical | Write Operator Delete With Operator New | OPT.CPP.WriteOperatorDeleteWithOperatorNew | WriteOperatorDeleteWithOperatorNew: Implement 'delete' if there is 'new' implemented |
Critical | Anonymous Ldap Bind | OPT.CPP.SEC.AnonymousLdapBind | AnonymousLdapBind: Access Control - Anonymous LDAP Bind |
Critical | Path Traversal | OPT.CPP.SEC.PathTraversal | PathTraversal: Avoid non-neutralized user-controlled input composed in a pathname to a resource |
Critical | Static Database Connection | OPT.CPP.SEC.StaticDatabaseConnection | StaticDatabaseConnection: Static database connection / session |
Critical | Unsafe Chroot | OPT.CPP.SEC.UnsafeChroot | UnsafeChroot: Unsafe chroot call. |
Critical | Exclude unsanitized input | OPT.CPP.CERTC.FIO30 | FIO30: Exclude unsanitized user input from format strings |
Critical | Sanitize data passed to sensitive subsystems | OPT.CPP.CERTC.STR02 | STR02: Sanitize data passed to sensitive subsystems |
Critical | Connection String Parameter Pollution | OPT.CPP.SEC.ConnectionStringParameterPollution | ConnectionStringParameterPollution: Connection string polluted with untrusted input |
Critical | DoS Regexp | OPT.CPP.SEC.DoSRegexp | DoSRegexp: Prevent denial of service attack through malicious regular expression ('Regex Injection') |
Critical | Ldap Injection | OPT.CPP.SEC.LdapInjection | LdapInjection: Avoid non-neutralized user-controlled input in LDAP search filters |
Critical | No SQL Injection | OPT.CPP.SEC.NoSQLInjection | NoSQLInjection: Improper neutralization of special elements in data query logic (NoSQL injection) |
Critical | Process Control | OPT.CPP.SEC.ProcessControl | ProcessControl: Do not load executables or libraries from untrusted sources |
Critical | SQL Injection | OPT.CPP.SEC.SqlInjection | SqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Critical | Xml Entity Injection | OPT.CPP.SEC.XmlEntityInjection | XmlEntityInjection: XML entity injection |
Critical | Hardcoded Crypto Key | OPT.CPP.SEC.HardcodedCryptoKey | HardcodedCryptoKey: Hardcoded cryptographic keys |
High | Avoid Auto Ptr | OPT.CPP.AvoidAutoPtr | AvoidAutoPtr: Avoid auto_ptr. |
High | Avoid Calling Too Many Other Components | OPT.CPP.AvoidCallingTooManyOtherComponents | AvoidCallingTooManyOtherComponents: Avoid using components calling too many other components |
High | Avoid Excessive Nested Statements | OPT.CPP.AvoidExcessiveNestedStatements | AvoidExcessiveNestedStatements: Avoid an excessive control flow statements nesting depth |
High | Avoid Object Instantiation Into Loops | OPT.CPP.AvoidObjectInstantiationIntoLoops | AvoidObjectInstantiationIntoLoops: Avoid object instantiation into loops |
High | Avoid Signal Managment Functions | OPT.CPP.AvoidSignalManagmentFunctions | AvoidSignalManagmentFunctions: Avoid using signal management functions |
High | Avoid Structures | OPT.CPP.AvoidStructures | AvoidStructures: Avoid using certain kinds of aggregate objects (struct, union, VARIANT) |
High | Avoid Too Complex Functions | OPT.CPP.AvoidTooComplexFunctions | AvoidTooComplexFunctions: Avoid using functions with high cyclomatic complexity values |
High | Avoid Too Complex Programs | OPT.CPP.AvoidTooComplexPrograms | AvoidTooComplexPrograms: Avoid using programs with high cyclomatic complexity values |
High | Do not apply the sizeof operator to a pointer when taking the size of an array | OPT.CPP.CERTC.ARR01 | ARR01: Do not apply the sizeof operator to a pointer when taking the size of an array |
High | Guarantee that copies are made into storage of sufficient size | OPT.CPP.CERTC.ARR33 | ARR33: Guarantee that copies are made into storage of sufficient size |
High | Assumptions about the size of an environment variable | OPT.CPP.CERTC.ENV01 | ENV01: Do not make assumptions about the size of an environment variable |
High | Terminating Atexit handler by returning | OPT.CPP.CERTC.ENV32 | ENV32: No atexit handler should terminate in any way other than by returning |
High | Use of sizeof() on a Pointer Type | OPT.CPP.CERTC.EXP01 | EXP01: Use of sizeof() on a Pointer Type |
High | Use of Uninitialized Variable | OPT.CPP.CERTC.EXP33 | EXP33: Use of Uninitialized Variable |
High | Functions using file names for identification | OPT.CPP.CERTC.FIO01 | FIO01: Be careful using functions that use file names for identification |
High | Do not assume a new-line character is read when using fgets() | OPT.CPP.CERTC.FIO36 | FIO36: Do not assume a new-line character is read when using fgets() |
High | Do not assume character data has been read | OPT.CPP.CERTC.FIO37 | FIO37: Do not assume character data has been read |
High | Check number of bits in shift operations | OPT.CPP.CERTC.INT34 | INT34: In shift operations, do not shift a negative number of bits or more bits than exist in the left operand |
High | Allocate and free memory in the same module | OPT.CPP.CERTC.MEM00 | MEM00: Allocate and free memory in the same module at the same level of abstraction |
High | Only Free allocated memory once | OPT.CPP.CERTC.MEM31 | MEM31: Free dynamically allocated memory exactly once (Double Free) |
High | Detect and handle memory allocation errors | OPT.CPP.CERTC.MEM32 | MEM32: Detect and handle memory allocation errors |
High | Race condition with link following | OPT.CPP.CERTC.POS35 | POS35: Race Condition Enabling Link Following |
High | Observe correct revocation order while relinquishing privileges | OPT.CPP.CERTC.POS36 | POS36: Observe correct revocation order while relinquishing privileges |
High | Improper Check for Dropped Privileges | OPT.CPP.CERTC.POS37 | POS37: Improper Check for Dropped Privileges |
High | Macro replacement lists should be parenthesized | OPT.CPP.CERTC.PRE02 | PRE02: Macro replacement lists should be parenthesized |
High | Avoid using signals to implement normal functionality | OPT.CPP.CERTC.SIG02 | SIG02: Avoid using signals to implement normal functionality |
High | Ensure strtok() leaves the parse string unchanged | OPT.CPP.CERTC.STR06 | STR06: Do not assume that strtok() leaves the parse string unchanged |
High | Use TR 24731 for remediation of existing string manipulation | OPT.CPP.CERTC.STR07 | STR07: Use TR 24731 for remediation of existing string manipulation code |
High | Null-terminate byte strings as required | OPT.CPP.CERTC.STR32 | STR32: Null-terminate byte strings as required |
High | Do not specify the bound of a character array initialized with a string literal | OPT.CPP.CERTC.STR36 | STR36: Do not specify the bound of a character array initialized with a string literal |
High | Avoid Lock Unlock On Mutex | OPT.CPP.COREGL.AvoidLockUnlockOnMutex | AvoidLockUnlockOnMutex: Avoid manually locking / unlocking on mutexes, instead of using RAII wrappers. |
High | Call Depends On Arguments Eval Order | OPT.CPP.COREGL.CallDependsOnArgumentsEvalOrder | CallDependsOnArgumentsEvalOrder: Call depends on the evaluation order of the arguments. |
High | Detached Thread | OPT.CPP.COREGL.DetachedThread | DetachedThread: Detached thread found. |
High | Dont Heap Allocate Movable Result | OPT.CPP.COREGL.DontHeapAllocateMovableResult | DontHeapAllocateMovableResult: Return a scoped object instead of a heap-allocated one, if its type has a move constructor. |
High | Generic Exception Throw | OPT.CPP.COREGL.GenericExceptionThrow | GenericExceptionThrow: Do not throw generic exceptions. |
High | Move Swap Should Be No Except | OPT.CPP.COREGL.MoveSwapShouldBeNoExcept | MoveSwapShouldBeNoExcept: Move constructor, move assignment operator and swap functions should be noexcept. |
High | Suspicious Rvalue Forward Reference | OPT.CPP.COREGL.SuspiciousRvalueForwardReference | SuspiciousRvalueForwardReference: Suspicious forwarding / rvalue reference. |
High | Correct Use Memory Leaks | OPT.CPP.CorrectUseMemoryLeaks | CorrectUseMemoryLeaks: Allocated memory must be released in same scope |
High | Dont Use Memory Function | OPT.CPP.DontUseMemoryFunction | DontUseMemoryFunction: Do not use malloc, calloc, realloc or free |
High | Global Var Not Used Locally | OPT.CPP.GlobalVarNotUsedLocally | GlobalVarNotUsedLocally: Global variables not locally used |
High | Implicit Type Conversion | OPT.CPP.ImplicitTypeConversion | ImplicitTypeConversion: Avoid function calls that cause implicit type conversions |
High | Local Vars With Global Names | OPT.CPP.LocalVarsWithGlobalNames | LocalVarsWithGlobalNames: Avoid using the same name with global and local variables |
High | Avoid File Scope When Accessed From Single Function | OPT.CPP.MISRAC.AvoidFileScopeWhenAccessedFromSingleFunction | AvoidFileScopeWhenAccessedFromSingleFunction: MISRA 8.7: Objects shall be defined at block scope if they are only accessed from within a single function |
High | Avoid Recursive Functions | OPT.CPP.MISRAC.AvoidRecursiveFunctions | AvoidRecursiveFunctions: MISRA 16.2: Functions shall not call themselves, either directly or indirectly |
High | Do Not Check Float Equal Not Equal | OPT.CPP.MISRAC.DoNotCheckFloatEqualNotEqual | DoNotCheckFloatEqualNotEqual: MISRA 13.3: Floating-point expressions shall not be tested for equality or inequality |
High | Do Not Use Dynamic Heap Allocation | OPT.CPP.MISRAC.DoNotUseDynamicHeapAllocation | DoNotUseDynamicHeapAllocation: MISRA 20.4: Dynamic heap allocation shall not be used |
High | Do Not Use Reserved Name As Identifier | OPT.CPP.MISRAC.DoNotUseReservedNameAsIdentifier | DoNotUseReservedNameAsIdentifier: MISRA 20.2: The names of standard library macros, objects and functions shall not be reused |
High | Do Not Use Reserved Name As Macro Name | OPT.CPP.MISRAC.DoNotUseReservedNameAsMacroName | DoNotUseReservedNameAsMacroName: MISRA 20.1: Reserved identifiers, macros and functions in standard library shall not be defined, redefined or undefined |
High | Do Not Use Setjmp Longjmp | OPT.CPP.MISRAC.DoNotUseSetjmpLongjmp | DoNotUseSetjmpLongjmp: MISRA 20.7: The setjmp macro and the longjmp function shall not be used |
High | Do Not Use Signal Handling Functions | OPT.CPP.MISRAC.DoNotUseSignalHandlingFunctions | DoNotUseSignalHandlingFunctions: MISRA 20.8: The signal handling facilities of signal.h shall not be used |
High | Do Not Use Stdio Functions | OPT.CPP.MISRAC.DoNotUseStdioFunctions | DoNotUseStdioFunctions: MISRA 20.9: The input/output library stdio.h shall not be used in production code |
High | Do Not Use Time Functions | OPT.CPP.MISRAC.DoNotUseTimeFunctions | DoNotUseTimeFunctions: MISRA 20.12: The time handling functions of library time.h shall not be used |
High | Enclose In Parantheses Macro Args | OPT.CPP.MISRAC.EncloseInParanthesesMacroArgs | EncloseInParanthesesMacroArgs: MISRA 19.10: In the definition of a function-like macro each parameter shall be enclosed in parentheses |
High | Explicit Type For Vars Functions | OPT.CPP.MISRAC.ExplicitTypeForVarsFunctions | ExplicitTypeForVarsFunctions: MISRA 8.2: Whenever an object or function is declared or defined, its type shall be explicitly stated |
High | Function Macro Invoked With All Arguments | OPT.CPP.MISRAC.FunctionMacroInvokedWithAllArguments | FunctionMacroInvokedWithAllArguments: MISRA 19.8: A function-like macro shall not be invoked without all of its arguments |
High | Identifiers Must Not Exceed31 Chars | OPT.CPP.MISRAC.IdentifiersMustNotExceed31Chars | IdentifiersMustNotExceed31Chars: MISRA 5.1: Identifiers (internal and external) shall not rely on the significance of more than 31 characters |
High | Initialise Auto Variables Before Use | OPT.CPP.MISRAC.InitialiseAutoVariablesBeforeUse | InitialiseAutoVariablesBeforeUse: MISRA 9.1: All automatic variables shall have been assigned a value before being used |
High | Initialization For Array Structs Must Match Layout | OPT.CPP.MISRAC.InitializationForArrayStructsMustMatchLayout | InitializationForArrayStructsMustMatchLayout: MISRA 9.2: Braces shall be used to indicate and match the structure of the non-zero initialisation of arrays and structures |
High | Proper Bit Field Struct | OPT.CPP.MISRAC.ProperBitFieldStruct | ProperBitFieldStruct: MISRA 3.5: Bit-fields in structs should use int type and not be mixed with non bit-fields |
High | Single Definition For External Linkage Identifiers | OPT.CPP.MISRAC.SingleDefinitionForExternalLinkageIdentifiers | SingleDefinitionForExternalLinkageIdentifiers: MISRA 8.9: An identifier with external linkage shall have exactly one definition |
High | Multiple Inclusion Prevention Guard | OPT.CPP.MultipleInclusionPreventionGuard | MultipleInclusionPreventionGuard: Multiple inclusion guard for headers |
High | No Specify Unix Names In Include | OPT.CPP.NoSpecifyUnixNamesInInclude | NoSpecifyUnixNamesInInclude: Do not use absolute path names in #include directives |
High | Non Goto Statement | OPT.CPP.NonGotoStatement | NonGotoStatement: Do not use goto statement |
High | Remove Unused Methods | OPT.CPP.RemoveUnusedMethods | RemoveUnusedMethods: Remove unused functions |
High | Unspecified Parameters | OPT.CPP.UnspecifiedParameters | UnspecifiedParameters: Avoid definition of variadic functions (variable number of parameters) |
High | Avoid Multiple Inheritance | OPT.CPP.AvoidMultipleInheritance | AvoidMultipleInheritance: Avoid Classes with multiple inheritance |
High | Avoid Public Data Member | OPT.CPP.AvoidPublicDataMember | AvoidPublicDataMember: Avoid public data members |
High | Dont Use Stdio Lib | OPT.CPP.DontUseStdioLib | DontUseStdioLib: Do not use the stdio.h library, use iostream.h instead |
High | Law Of Big Three | OPT.CPP.LawOfBigThree | LawOfBigThree: If one of (destructor, copy constructor, copy assignment operator) is defined, the rest of the three should be defined. |
High | Remove Unused Members | OPT.CPP.RemoveUnusedMembers | RemoveUnusedMembers: Remove private data members not used |
High | Hardcoded Absolute Path | OPT.CPP.PORT.HardcodedAbsolutePath | HardcodedAbsolutePath: Do not hardcode absolute paths |
High | Calling system() if you do not need a command processor | OPT.CPP.CERTC.ENV04 | ENV04: Do not call system() if you do not need a command processor |
High | Use int to capture the return value of character I/O functions | OPT.CPP.CERTC.FIO34 | FIO34: Use int to capture the return value of character I/O functions |
High | Temporary File created with Incorrect Permissions | OPT.CPP.CERTC.FIO43 | FIO43: Creation of Temporary File in Directory with Incorrect Permissions |
High | Avoid Vararg Functions | OPT.CPP.MISRAC.AvoidVarargFunctions | AvoidVarargFunctions: MISRA 16.1: Functions shall not be defined with a variable number of arguments |
High | Resource Injection | OPT.CPP.SEC.ResourceInjection | ResourceInjection: Improper control of resource identifiers ("Resource Injection") |
High | Hardcoded Salt | OPT.CPP.SEC.HardcodedSalt | HardcodedSalt: Use of hardcoded salt |
High | Insufficient Key Size | OPT.CPP.SEC.InsufficientKeySize | InsufficientKeySize: Weak cryptography, insufficient key length |
High | Weak Cryptographic Hash | OPT.CPP.SEC.WeakCryptographicHash | WeakCryptographicHash: Weak cryptographic hash |
High | Weak Encryption | OPT.CPP.SEC.WeakEncryption | WeakEncryption: Weak symmetric encryption algorithm |
Info | Avoid Braces Same Line | OPT.CPP.AvoidBracesSameLine | AvoidBracesSameLine: Write curly brackets {} on a separate line |
Info | Avoid Numeric Values | OPT.CPP.AvoidNumericValues | AvoidNumericValues: Avoid numeric constants in code |
Info | Avoid Question Mark | OPT.CPP.AvoidQuestionMark | AvoidQuestionMark: Avoid ?: ternary operator |
Info | Break In Loops | OPT.CPP.BreakInLoops | BreakInLoops: Do not use break statement in loops |
Info | Avoid Explicit New Delete | OPT.CPP.COREGL.AvoidExplicitNewDelete | AvoidExplicitNewDelete: Avoid new and delete operators. |
Info | Class Naming Convention | OPT.CPP.ClassNamingConvention | ClassNamingConvention: Names for struct / union / class / namespace items must follow a naming convention |
Info | Constant Naming Convention | OPT.CPP.ConstantNamingConvention | ConstantNamingConvention: Global constant naming convention |
Info | Data Member Naming Convention | OPT.CPP.DataMemberNamingConvention | DataMemberNamingConvention: Data member naming convention |
Info | Forbidden Functions | OPT.CPP.ForbiddenFunctions | ForbiddenFunctions: Avoid use of discouraged functions |
Info | At Most One Break In Loop | OPT.CPP.MISRAC.AtMostOneBreakInLoop | AtMostOneBreakInLoop: MISRA 14.6: For any iteration statement there shall be at most one break statement used for loop termination |
Info | Avoid Trigraphs | OPT.CPP.MISRAC.AvoidTrigraphs | AvoidTrigraphs: MISRA 4.2: Trigraphs shall not be used |
Info | Do Not Comment Out Source Code | OPT.CPP.MISRAC.DoNotCommentOutSourceCode | DoNotCommentOutSourceCode: MISRA 2.4: Sections of code should not be commented out |
Info | Explicit Check Against Zero | OPT.CPP.MISRAC.ExplicitCheckAgainstZero | ExplicitCheckAgainstZero: MISRA 13.2: Tests of a value against zero should be made explicit, unless the operand is effectively Boolean |
Info | Include Not After Statements | OPT.CPP.MISRAC.IncludeNotAfterStatements | IncludeNotAfterStatements: MISRA 19.1: #include directives should only be preceeded in a file by other preprocessor directives or comments |
Info | Macros Naming Convention | OPT.CPP.MacrosNamingConvention | MacrosNamingConvention: Macros naming convention |
Info | Maximun Line Size | OPT.CPP.MaximunLineSize | MaximunLineSize: MaxLineSize: Do not use too long code lines |
Info | Method Naming Convention | OPT.CPP.MethodNamingConvention | MethodNamingConvention: Functions / class methods naming convention |
Info | Methods Comment Code Ratio | OPT.CPP.MethodsCommentCodeRatio | MethodsCommentCodeRatio: Avoid functions with a low comment code ratio |
Info | Parenthesized Functions | OPT.CPP.ParenthesizedFunctions | ParenthesizedFunctions: Write sizeof and return with parenthesis |
Info | Space Indentation | OPT.CPP.SpaceIndentation | SpaceIndentation: Allow spaces before and after operators |
Info | Typedef Naming Convention | OPT.CPP.TypedefNamingConvention | TypedefNamingConvention: Names for typedef-declared types must follow a naming convention |
Info | Use Blocks | OPT.CPP.UseBlocks | UseBlocks: Use blocks in conditional and iterative statements |
Info | Use Setters | OPT.CPP.UseSetters | UseSetters: Do not perform direct instance variable assignments in constructors |
Low | Avoid Dependency Cycles Between Namespaces | OPT.CPP.AvoidDependencyCyclesBetweenNamespaces | AvoidDependencyCyclesBetweenNamespaces: Avoid cyclic dependencies between namespaces |
Low | Avoid Many Parameters Function | OPT.CPP.AvoidManyParametersFunction | AvoidManyParametersFunction: Avoid functions with too many parameters |
Low | Avoid One Case Switch | OPT.CPP.AvoidOneCaseSwitch | AvoidOneCaseSwitch: Avoid switch statements with a low number of case conditions |
Low | Use consistent array notation across all source files | OPT.CPP.CERTC.ARR31 | ARR31: Use consistent array notation across all source files |
Low | Use bitwise operators only on unsigned operands | OPT.CPP.CERTC.INT13 | INT13: Use bitwise operators only on unsigned operands |
Low | Do not use vfork() | OPT.CPP.CERTC.POS33 | POS33: Do not use vfork() |
Low | Prefer inline or static functions to function-like macros | OPT.CPP.CERTC.PRE00 | PRE00: Prefer inline or static functions to function-like macros |
Low | Check Names Definition And Declaration | OPT.CPP.CheckNamesDefinitionAndDeclaration | CheckNamesDefinitionAndDeclaration: Formal parameters names in function definition and declaration |
Low | Class Comment Code Ratio | OPT.CPP.ClassCommentCodeRatio | ClassCommentCodeRatio: Avoid classes, structs or unions with low comment/code ratio |
Low | Dont Compare Pointer To Null | OPT.CPP.DontComparePointerToNull | DontComparePointerToNull: Do not compare a pointer to NULL, use 0 instead |
Low | Dont Compare Pointer To Zero | OPT.CPP.DontComparePointerToZero | DontComparePointerToZero: Do not compare a pointer to zero, use NULL instead |
Low | Including Header File | OPT.CPP.IncludingHeaderFile | IncludingHeaderFile: Avoid implementation files that do not include a header file with the same name |
Low | Initialization Instead Assignment | OPT.CPP.InitializationInsteadAssignment | InitializationInsteadAssignment: Always use initialization instead of assignment |
Low | Avoid Single Line Comments | OPT.CPP.MISRAC.AvoidSingleLineComments | AvoidSingleLineComments: MISRA 2.2: C99/C++ single line comments (//...) shall not be used |
Low | Avoid Unreachable Code | OPT.CPP.MISRAC.AvoidUnreachableCode | AvoidUnreachableCode: MISRA 14.1: There shall be no unreachable code |
Low | Case With Break | OPT.CPP.MISRAC.CaseWithBreak | CaseWithBreak: MISRA 15.2: An unconditional break statement shall terminate every non-empty case clause of a switch |
Low | Comment Should Not Contain Open Comment Chars | OPT.CPP.MISRAC.CommentShouldNotContainOpenCommentChars | CommentShouldNotContainOpenCommentChars: MISRA 2.3: A comment shall not contain the string /* |
Low | Declare Const Pointer Param If Unchanged Value | OPT.CPP.MISRAC.DeclareConstPointerParamIfUnchangedValue | DeclareConstPointerParamIfUnchangedValue: MISRA 16.7: A pointer parameter in a function should be declared as pointer to const if the pointer is not used to modify the addressed object |
Low | Do Not Def Undef Macros In Blocks | OPT.CPP.MISRAC.DoNotDefUndefMacrosInBlocks | DoNotDefUndefMacrosInBlocks: MISRA 19.5: Macros shall not be defined or undefined within a block |
Low | Do Not Use Atof Atoi Atol | OPT.CPP.MISRAC.DoNotUseAtofAtoiAtol | DoNotUseAtofAtoiAtol: MISRA 20.10: The library functions atof, atoi and atol from library stdlib.h shall not be used |
Low | Explicit Size In Extern Arrays | OPT.CPP.MISRAC.ExplicitSizeInExternArrays | ExplicitSizeInExternArrays: MISRA 8.12: When an array is declared with external linkage, its size shall be stated explicitly or defined implicitly by initialization |
Low | Function Pointer Casts | OPT.CPP.MISRAC.FunctionPointerCasts | FunctionPointerCasts: MISRA 11.1: Conversions shall not be performed between a pointer to a function and any type other than an integral type |
Low | If Else If Must End With Else | OPT.CPP.MISRAC.IfElseIfMustEndWithElse | IfElseIfMustEndWithElse: MISRA 14.10: All if...else if constructs shall be terminated with an else clause |
Low | If Else Statements Must Use Braces | OPT.CPP.MISRAC.IfElseStatementsMustUseBraces | IfElseStatementsMustUseBraces: MISRA 14.9: If-else statements must use braces |
Low | Logical Expression With Primary Expression Operands | OPT.CPP.MISRAC.LogicalExpressionWithPrimaryExpressionOperands | LogicalExpressionWithPrimaryExpressionOperands: MISRA 12.5: The operands of a logical && or || shall be primary-expressions |
Low | Loops Should Use Braces | OPT.CPP.MISRAC.LoopsShouldUseBraces | LoopsShouldUseBraces: MISRA 14.8: Loops must use braces to delimit loop body |
Low | Max Two Pointer Indirections | OPT.CPP.MISRAC.MaxTwoPointerIndirections | MaxTwoPointerIndirections: MISRA 17.5: Declaration of objects should contain no more than 2 levels of pointer indirection |
Low | No Pointer Arithmetic Except Array Index | OPT.CPP.MISRAC.NoPointerArithmeticExceptArrayIndex | NoPointerArithmeticExceptArrayIndex: MISRA 17.4: Array indexing shall be the only allowed form of pointer arithmetic |
Low | No Side Effects In Right Operand Of Logical Op | OPT.CPP.MISRAC.NoSideEffectsInRightOperandOfLogicalOp | NoSideEffectsInRightOperandOfLogicalOp: MISRA 12.4: Right-hand operands of a logical && or || operator shall not contain side effects |
Low | Switch Must Have Braces | OPT.CPP.MISRAC.SwitchMustHaveBraces | SwitchMustHaveBraces: MISRA 14.8: Switch statements must use braces |
Low | Use Static For Internal Linkage Identifiers | OPT.CPP.MISRAC.UseStaticForInternalLinkageIdentifiers | UseStaticForInternalLinkageIdentifiers: MISRA 8.11: Use static storage specifier for definitions / declarations of objects and functions with internal linkage |
Low | One Statement Per Line | OPT.CPP.OneStatementPerLine | OneStatementPerLine: Only one statement per line |
Low | Only One Return | OPT.CPP.OnlyOneReturn | OnlyOneReturn: Only one 'return' statement per function |
Low | Parent Class Doesnot Reference Child Classes | OPT.CPP.ParentClassDoesnotReferenceChildClasses | ParentClassDoesnotReferenceChildClasses: Parent class does not reference any of its child classes |
Low | Specify Return Type | OPT.CPP.SpecifyReturnType | SpecifyReturnType: Explicit specification of the return type of a function |
Low | Variables Never Used | OPT.CPP.VariablesNeverUsed | VariablesNeverUsed: Local variables never used |
Low | Private Data Members | OPT.CPP.PrivateDataMembers | PrivateDataMembers: Max number of private data members |
Low | Private Methods | OPT.CPP.PrivateMethods | PrivateMethods: Max number of private methods |
Low | Protected Data Members | OPT.CPP.ProtectedDataMembers | ProtectedDataMembers: Max number of protected data members |
Low | Protected Methods | OPT.CPP.ProtectedMethods | ProtectedMethods: Max number of protected methods |
Low | Specify Section Order | OPT.CPP.SpecifySectionOrder | SpecifySectionOrder: In containers (class, struct or union) declare members in a certain access visibility order |
Medium | Avoid Global Vars | OPT.CPP.AvoidGlobalVars | AvoidGlobalVars: Avoid using global variables |
Medium | Avoid Large Methods | OPT.CPP.AvoidLargeMethods | AvoidLargeMethods: Avoid functions and methods with too many lines of code |
Medium | Avoid Volatile Vars | OPT.CPP.AvoidVolatileVars | AvoidVolatileVars: Do not use volatile variables |
Medium | Do not form or use out-of-bounds pointers or array subscripts on arrays | OPT.CPP.CERTC.ARR30 | ARR30: Do not form or use out-of-bounds pointers or array subscripts on arrays. |
Medium | Allowing loops to iterate beyond the end of an array | OPT.CPP.CERTC.ARR35 | ARR35: Do not allow loops to iterate beyond the end of an array |
Medium | Allowing loops to iterate beyond the end of an array | OPT.CPP.CERTC.ARR35_bis | ARR35: Do not allow loops to iterate beyond the end of an array |
Medium | Detect and handle input/output errors | OPT.CPP.CERTC.FIO33 | FIO33: Detect and handle input/output errors resulting in undefined behavior |
Medium | Evaluate integer expressions | OPT.CPP.CERTC.INT35 | INT35: Evaluate integer expressions in a larger size before comparing or assigning to that size |
Medium | Use realloc() to resize dynamically allocated arrays | OPT.CPP.CERTC.MEM08 | MEM08: Use realloc() only to resize dynamically allocated arrays |
Medium | Incorrect Calculation of Buffer Size | OPT.CPP.CERTC.MEM35 | MEM35: Incorrect Calculation of Buffer Size. |
Medium | Use the readlink() function properly | OPT.CPP.CERTC.POS30 | POS30: Use the readlink() function properly |
Medium | Use parentheses within macros around parameter names | OPT.CPP.CERTC.PRE01 | PRE01: Use parentheses within macros around parameter names |
Medium | Wrap multistatement macros in a do-while loop | OPT.CPP.CERTC.PRE10 | PRE10: Wrap multistatement macros in a do-while loop |
Medium | Catch Exceptions By Reference | OPT.CPP.COREGL.CatchExceptionsByReference | CatchExceptionsByReference: Exceptions should always be caught by reference. |
Medium | Generic Exception Catch | OPT.CPP.COREGL.GenericExceptionCatch | GenericExceptionCatch: Do not catch generic exceptions. |
Medium | Polimorphic Class Should Suppress Copying | OPT.CPP.COREGL.PolimorphicClassShouldSuppressCopying | PolimorphicClassShouldSuppressCopying: A polymorphic class should suppress copying. |
Medium | Use Make Factories For Creating Smart Pointers | OPT.CPP.COREGL.UseMakeFactoriesForCreatingSmartPointers | UseMakeFactoriesForCreatingSmartPointers: Use factory functions for creating smart pointers. |
Medium | Dont Convert Const To Non Const | OPT.CPP.DontConvertConstToNonConst | DontConvertConstToNonConst: Never convert a const to a non-const |
Medium | Include Headers Only | OPT.CPP.IncludeHeadersOnly | IncludeHeadersOnly: Avoid using #include with files which are not header files |
Medium | All Macro Identifiers Defined Before Use | OPT.CPP.MISRAC.AllMacroIdentifiersDefinedBeforeUse | AllMacroIdentifiersDefinedBeforeUse: MISRA 19.11: All macro identifiers in preprocessor directives shall be defined before use, except in #ifdef and #ifndef directives and defined() operator |
Medium | Arithmetic On Pointers To Array | OPT.CPP.MISRAC.ArithmeticOnPointersToArray | ArithmeticOnPointersToArray: MISRA 17.1: Pointer arithmetic shall only be applied to pointers that address an array or array element |
Medium | Avoid Assignment In Boolean Expressions | OPT.CPP.MISRAC.AvoidAssignmentInBooleanExpressions | AvoidAssignmentInBooleanExpressions: MISRA 13.1: Assignment operators shall not be used in expressions that yield a boolean value |
Medium | Avoid Comma Operator | OPT.CPP.MISRAC.AvoidCommaOperator | AvoidCommaOperator: MISRA 12.10: The comma operator shall not be used |
Medium | Avoid Continue Statement | OPT.CPP.MISRAC.AvoidContinueStatement | AvoidContinueStatement: MISRA 14.5: Continue statement must not be used |
Medium | Avoid Goto Statement | OPT.CPP.MISRAC.AvoidGotoStatement | AvoidGotoStatement: MISRA 14.4: Goto statement must not be used |
Medium | Avoid Non Null Statements Without Effect | OPT.CPP.MISRAC.AvoidNonNullStatementsWithoutEffect | AvoidNonNullStatementsWithoutEffect: MISRA 14.2: All non-null statements shall either have at least one side-effect however executed, or cause control flow to change |
Medium | Avoid Non Standard Chars In Header Filenames | OPT.CPP.MISRAC.AvoidNonStandardCharsInHeaderFilenames | AvoidNonStandardCharsInHeaderFilenames: MISRA 19.2: Non-standard characters should not occur in header file names in #include directives |
Medium | Avoid Non Standard Escape Sequences | OPT.CPP.MISRAC.AvoidNonStandardEscapeSequences | AvoidNonStandardEscapeSequences: MISRA 4.1: For character constants, only those escape sequences defined in ISO C Standard shall be used |
Medium | Avoid Octal Constants | OPT.CPP.MISRAC.AvoidOctalConstants | AvoidOctalConstants: MISRA 7.1: Octal constants (other than zero) and octal escape sequences shall not be used |
Medium | Avoid Undef Directive | OPT.CPP.MISRAC.AvoidUndefDirective | AvoidUndefDirective: MISRA 19.6: #undef shall not be used |
Medium | Avoid Unnecessary External Linkage | OPT.CPP.MISRAC.AvoidUnnecessaryExternalLinkage | AvoidUnnecessaryExternalLinkage: MISRA 8.10: All declarations and definitions of objects or functions at file scope shall have internal linkage unless external linkage is required |
Medium | Compare Pointers When On Same Array | OPT.CPP.MISRAC.ComparePointersWhenOnSameArray | ComparePointersWhenOnSameArray: MISRA 17.3: >, > []{'MISRA-C': ['17.3']} |
Medium | Declare Functions At File Scope | OPT.CPP.MISRAC.DeclareFunctionsAtFileScope | DeclareFunctionsAtFileScope: MISRA 8.6: Functions shall be declared at file scope |
Medium | Declare No Parameters Function As Void | OPT.CPP.MISRAC.DeclareNoParametersFunctionAsVoid | DeclareNoParametersFunctionAsVoid: MISRA 16.5: Functions with no parameters shall be declared with parameter type void |
Medium | Do Not Mix Inc Dec Operators With Other Operators | OPT.CPP.MISRAC.DoNotMixIncDecOperatorsWithOtherOperators | DoNotMixIncDecOperatorsWithOtherOperators: MISRA 12.13: The increment (++) and decrement (--) operators shall not be mixed with other operators in an expression |
Medium | Do Not Modify Loop Variable In Body | OPT.CPP.MISRAC.DoNotModifyLoopVariableInBody | DoNotModifyLoopVariableInBody: MISRA 13.6: Variables being used within a for loop for iteration counting shall not be modified in the loop body |
Medium | Do Not Use Abort Exit Getenv System | OPT.CPP.MISRAC.DoNotUseAbortExitGetenvSystem | DoNotUseAbortExitGetenvSystem: MISRA 20.11: The library functions abort, exit, getenv and system from library stdlib.h shall not be used |
Medium | Do Not Use Errno | OPT.CPP.MISRAC.DoNotUseErrno | DoNotUseErrno: MISRA 20.5: The error indicator variable errno shall not be used |
Medium | Do Not Use Offsetof | OPT.CPP.MISRAC.DoNotUseOffsetof | DoNotUseOffsetof: MISRA 20.6: The macro offsetof, in stddef.h, shall not be used |
Medium | Do Not Use Underlying Bit Rep Of Float | OPT.CPP.MISRAC.DoNotUseUnderlyingBitRepOfFloat | DoNotUseUnderlyingBitRepOfFloat: MISRA 12.12: Underlying bit representations of floating-point values shall not be used |
Medium | Document Pragma Directives | OPT.CPP.MISRAC.DocumentPragmaDirectives | DocumentPragmaDirectives: MISRA 3.4: All uses of the #pragma directive shall be documented and explained |
Medium | Encapsulate Assembly | OPT.CPP.MISRAC.EncapsulateAssembly | EncapsulateAssembly: MISRA 2.1: Assembly language shall be encapsulated and isolated |
Medium | Evaluation Order Independence | OPT.CPP.MISRAC.EvaluationOrderIndependence | EvaluationOrderIndependence: MISRA 12.2: The value of an expression shall be the same under any order of evaluation that the standard permits |
Medium | Float Implicit Conversions | OPT.CPP.MISRAC.FloatImplicitConversions | FloatImplicitConversions: MISRA 10.2: The value of an expression of floating type shall not be implicitly converted to a different underlying type |
Medium | For Control Expression With Float Objects | OPT.CPP.MISRAC.ForControlExpressionWithFloatObjects | ForControlExpressionWithFloatObjects: MISRA 13.4: The controlling expression of a for statement shall not contain any objects of floating type |
Medium | For Loop Expressions For Loop Control | OPT.CPP.MISRAC.ForLoopExpressionsForLoopControl | ForLoopExpressionsForLoopControl: MISRA 13.5: The three expressions of a for statement shall be concerned only with loop control |
Medium | Functions Should Have Single Return At End | OPT.CPP.MISRAC.FunctionsShouldHaveSingleReturnAtEnd | FunctionsShouldHaveSingleReturnAtEnd: MISRA 14.7: Functions shall have a single point of exit at the end of the function |
Medium | Identifiers Must Not Hide Outer Definitions | OPT.CPP.MISRAC.IdentifiersMustNotHideOuterDefinitions | IdentifiersMustNotHideOuterDefinitions: MISRA 5.2: Identifiers in an inner scope shall not hide outer scope ones by reusing the same name |
Medium | Integer Implicit Conversions | OPT.CPP.MISRAC.IntegerImplicitConversions | IntegerImplicitConversions: MISRA 10.1: The value of an expression of integer type shall not be implicitly converted to a different underlying type |
Medium | Macro Expansion Check | OPT.CPP.MISRAC.MacroExpansionCheck | MacroExpansionCheck: MISRA 19.4: C macros shall only expand to safe constructions |
Medium | Name Parameters In Function Prototypes | OPT.CPP.MISRAC.NameParametersInFunctionPrototypes | NameParametersInFunctionPrototypes: MISRA 16.3: Names shall be given for all parameters in function prototype |
Medium | Object Pointer Casts | OPT.CPP.MISRAC.ObjectPointerCasts | ObjectPointerCasts: MISRA 11.2: Conversions shall not be performed between a pointer to an object and any type other than an integral type, another pointer to object type, or a pointer to void |
Medium | Proper Cast Complex Float Expression | OPT.CPP.MISRAC.ProperCastComplexFloatExpression | ProperCastComplexFloatExpression: MISRA 10.4: The value of a complex expression of floating type shall only be cast to a floating type narrower or of the same size |
Medium | Proper Cast Complex Integer Expression | OPT.CPP.MISRAC.ProperCastComplexIntegerExpression | ProperCastComplexIntegerExpression: MISRA 10.3: The value of a complex expression of integer type shall only be cast to a type of same signedness no wider than the underlying type of the expression |
Medium | Same Function Declaration And Definition | OPT.CPP.MISRAC.SameFunctionDeclarationAndDefinition | SameFunctionDeclarationAndDefinition: MISRA 8.3: For each function parameter the type in the declaration and definition shall be identical, and return types shall also be identical |
Medium | Sizeof Expr With Side Effects | OPT.CPP.MISRAC.SizeofExprWithSideEffects | SizeofExprWithSideEffects: MISRA 12.3: The sizeof operator shall not be used on expressions that contain side effects |
Medium | Switch With Default | OPT.CPP.MISRAC.SwitchWithDefault | SwitchWithDefault: MISRA 15.3: Avoid switch statement without a default clause |
Medium | Switch Without Case Should Be Refactored | OPT.CPP.MISRAC.SwitchWithoutCaseShouldBeRefactored | SwitchWithoutCaseShouldBeRefactored: MISRA 15.5: Switch statements without any case shall be refactored |
Medium | Tag Unique Identifier | OPT.CPP.MISRAC.TagUniqueIdentifier | TagUniqueIdentifier: MISRA 5.4: A tag name shall be a unique identifier |
Medium | Typedef Unique Identifier | OPT.CPP.MISRAC.TypedefUniqueIdentifier | TypedefUniqueIdentifier: MISRA 5.3: A typedef name shall be a unique identifier |
Medium | Unsigned Bitwise Operands | OPT.CPP.MISRAC.UnsignedBitwiseOperands | UnsignedBitwiseOperands: MISRA 12.7: Bitwise operators shall not be applied to operands whose underlying type is signed |
Medium | Num Max Class By Namespace | OPT.CPP.NumMaxClassByNamespace | NumMaxClassByNamespace: Avoid an excessive number of classes per package/namespace |
Medium | Remove Unused Param | OPT.CPP.RemoveUnusedParam | RemoveUnusedParam: Remove unused parameters in functions |
Medium | Avoid Inline Constructor And Destructor | OPT.CPP.AvoidInlineConstructorAndDestructor | AvoidInlineConstructorAndDestructor: Avoid declaring inline constructors and destructors |
Medium | Constant Member Functions | OPT.CPP.ConstantMemberFunctions | ConstantMemberFunctions: Member functions that do not modify state should be declared constant |
Medium | Dont Use Cast | OPT.CPP.DontUseCast | DontUseCast: Do not use explicit type conversions (casts), excluding C++ cast operators |
Medium | No Specify Member Data In Class | OPT.CPP.NoSpecifyMemberDataInClass | NoSpecifyMemberDataInClass: Never specify public or protected member data in a class |
Medium | Non Constant Reference From Function | OPT.CPP.NonConstantReferenceFromFunction | NonConstantReferenceFromFunction: Non-constant references from public functions |
Medium | Potential Infinite Loop | OPT.CPP.PotentialInfiniteLoop | PotentialInfiniteLoop: Loop with Unreachable Exit Condition ('Infinite Loop') |
Medium | Too Many Constructors | OPT.CPP.TooManyConstructors | TooManyConstructors: Avoid classes with too many constructors |
Medium | Too Many Data Members | OPT.CPP.TooManyDataMembers | TooManyDataMembers: Avoid classes with too many data members |
Medium | Too Many Methods | OPT.CPP.TooManyMethods | TooManyMethods: Avoid classes with too many methods |
Medium | Obsolete Function | OPT.CPP.PORT.ObsoleteFunction | ObsoleteFunction: Do not use deprecated or obsolete functions. |
Medium | Hardcoded Username Password | OPT.CPP.SEC.HardcodedUsernamePassword | HardcodedUsernamePassword: Use of Hard-coded Credentials |
Medium | Insecure Randomness | OPT.CPP.SEC.InsecureRandomness | InsecureRandomness: Standard pseudo-random number generators cannot withstand cryptographic attacks |