Skip to content

Commit

Permalink
[cfg] Separate SEI-CERT rules based on C and C++ language
Browse files Browse the repository at this point in the history
  • Loading branch information
bruntib committed Dec 10, 2024
1 parent 890654a commit 6d7ced5
Show file tree
Hide file tree
Showing 9 changed files with 561 additions and 537 deletions.
6 changes: 3 additions & 3 deletions analyzer/tests/functional/cmdline/test_cmdline.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,21 +154,21 @@ def test_checkers_guideline(self):
""" Listing checkers by guideline. """

checkers_cmd = [env.codechecker_cmd(), 'checkers',
'--guideline', 'sei-cert']
'--guideline', 'sei-cert-cpp']
_, out, _ = run_cmd(checkers_cmd)

self.assertIn('cert-dcl58-cpp', out)
self.assertNotIn('android', out)

checkers_cmd = [env.codechecker_cmd(), 'checkers',
'--guideline', 'sei-cert:mem35-c']
'--guideline', 'sei-cert-c:mem35-c']
_, out, _ = run_cmd(checkers_cmd)

self.assertIn('MallocSizeof', out)
self.assertNotIn('CastToStruct', out)

checkers_cmd = [env.codechecker_cmd(), 'checkers',
'--guideline', 'sei-cert:mem35-c', '-o', 'json',
'--guideline', 'sei-cert-c:mem35-c', '-o', 'json',
'--details']
_, out, _ = run_cmd(checkers_cmd)
out = json.loads(out)
Expand Down
170 changes: 2 additions & 168 deletions config/guidelines/sei-cert.yaml → config/guidelines/sei-cert-c.yaml
Original file line number Diff line number Diff line change
@@ -1,172 +1,6 @@
guideline: sei-cert
guideline_title: SEI CERT Coding Standard
guideline: sei-cert-c
guideline_title: SEI CERT Coding Standard (C)
rules:
- rule_id: con50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON50-CPP.+Do+not+destroy+a+mutex+while+it+is+locked
- rule_id: con51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON51-CPP.+Ensure+actively+held+locks+are+released+on+exceptional+conditions
- rule_id: con52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON52-CPP.+Prevent+data+races+when+accessing+bit-fields+from+multiple+threads
- rule_id: con53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON53-CPP.+Avoid+deadlock+by+locking+in+a+predefined+order
- rule_id: con54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON54-CPP.+Wrap+functions+that+can+spuriously+wake+up+in+a+loop
- rule_id: con55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON55-CPP.+Preserve+thread+safety+and+liveness+when+using+condition+variables
- rule_id: con56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CON56-CPP.+Do+not+speculatively+lock+a+non-recursive+mutex+that+is+already+owned+by+the+calling+thread
- rule_id: ctr50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR50-CPP.+Guarantee+that+container+indices+and+iterators+are+within+the+valid+range
- rule_id: ctr51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR51-CPP.+Use+valid+references%2C+pointers%2C+and+iterators+to+reference+elements+of+a+container
- rule_id: ctr52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR52-CPP.+Guarantee+that+library+functions+do+not+overflow
- rule_id: ctr53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR53-CPP.+Use+valid+iterator+ranges
- rule_id: ctr54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR54-CPP.+Do+not+subtract+iterators+that+do+not+refer+to+the+same+container
- rule_id: ctr55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR55-CPP.+Do+not+use+an+additive+operator+on+an+iterator+if+the+result+would+overflow
- rule_id: ctr56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR56-CPP.+Do+not+use+pointer+arithmetic+on+polymorphic+objects
- rule_id: ctr57-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR57-CPP.+Provide+a+valid+ordering+predicate
- rule_id: ctr58-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/CTR58-CPP.+Predicate+function+objects+should+not+be+mutable
- rule_id: dcl50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL50-CPP.+Do+not+define+a+C-style+variadic+function
- rule_id: dcl51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL51-CPP.+Do+not+declare+or+define+a+reserved+identifier
- rule_id: dcl52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL52-CPP.+Never+qualify+a+reference+type+with+const+or+volatile
- rule_id: dcl53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL53-CPP.+Do+not+write+syntactically+ambiguous+declarations
- rule_id: dcl54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL54-CPP.+Overload+allocation+and+deallocation+functions+as+a+pair+in+the+same+scope
- rule_id: dcl55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL55-CPP.+Avoid+information+leakage+when+passing+a+class+object+across+a+trust+boundary
- rule_id: dcl56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL56-CPP.+Avoid+cycles+during+initialization+of+static+objects
- rule_id: dcl57-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL57-CPP.+Do+not+let+exceptions+escape+from+destructors+or+deallocation+functions
- rule_id: dcl58-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL58-CPP.+Do+not+modify+the+standard+namespaces
- rule_id: dcl59-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL59-CPP.+Do+not+define+an+unnamed+namespace+in+a+header+file
- rule_id: dcl60-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL60-CPP.+Obey+the+one-definition+rule
- rule_id: err50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR50-CPP.+Do+not+abruptly+terminate+the+program
- rule_id: err51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR51-CPP.+Handle+all+exceptions
- rule_id: err52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046492
- rule_id: err53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR53-CPP.+Do+not+reference+base+classes+or+class+data+members+in+a+constructor+or+destructor+function-try-block+handler
- rule_id: err54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR54-CPP.+Catch+handlers+should+order+their+parameter+types+from+most+derived+to+least+derived
- rule_id: err55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR55-CPP.+Honor+exception+specifications
- rule_id: err56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR56-CPP.+Guarantee+exception+safety
- rule_id: err57-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR57-CPP.+Do+not+leak+resources+when+handling+exceptions
- rule_id: err58-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR58-CPP.+Handle+all+exceptions+thrown+before+main%28%29+begins+executing
- rule_id: err59-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR59-CPP.+Do+not+throw+an+exception+across+execution+boundaries
- rule_id: err60-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR60-CPP.+Exception+objects+must+be+nothrow+copy+constructible
- rule_id: err61-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR61-CPP.+Catch+exceptions+by+lvalue+reference
- rule_id: err62-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/ERR62-CPP.+Detect+errors+when+converting+a+string+to+a+number
- rule_id: exp50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP50-CPP.+Do+not+depend+on+the+order+of+evaluation+for+side+effects
- rule_id: exp51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP51-CPP.+Do+not+delete+an+array+through+a+pointer+of+the+incorrect+type
- rule_id: exp52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP52-CPP.+Do+not+rely+on+side+effects+in+unevaluated+operands
- rule_id: exp53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP53-CPP.+Do+not+read+uninitialized+memory
- rule_id: exp54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP54-CPP.+Do+not+access+an+object+outside+of+its+lifetime
- rule_id: exp55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP55-CPP.+Do+not+access+a+cv-qualified+object+through+a+cv-unqualified+type
- rule_id: exp56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP56-CPP.+Do+not+call+a+function+with+a+mismatched+language+linkage
- rule_id: exp57-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP57-CPP.+Do+not+cast+or+delete+pointers+to+incomplete+classes
- rule_id: exp58-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP58-CPP.+Pass+an+object+of+the+correct+type+to+va_start
- rule_id: exp59-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP59-CPP.+Use+offsetof%28%29+on+valid+types+and+members
- rule_id: exp60-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP60-CPP.+Do+not+pass+a+nonstandard-layout+type+object+across+execution+boundaries
- rule_id: exp61-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP61-CPP.+A+lambda+object+must+not+outlive+any+of+its+reference+captured+objects
- rule_id: exp62-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP62-CPP.+Do+not+access+the+bits+of+an+object+representation+that+are+not+part+of+the+object%27s+value+representation
- rule_id: exp63-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/EXP63-CPP.+Do+not+rely+on+the+value+of+a+moved-from+object
- rule_id: fio50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/FIO50-CPP.+Do+not+alternately+input+and+output+from+a+file+stream+without+an+intervening+positioning+call
- rule_id: fio51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/FIO51-CPP.+Close+files+when+they+are+no+longer+needed
- rule_id: int50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/INT50-CPP.+Do+not+cast+to+an+out-of-range+enumeration+value
- rule_id: mem50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM50-CPP.+Do+not+access+freed+memory
- rule_id: mem51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM51-CPP.+Properly+deallocate+dynamically+allocated+resources
- rule_id: mem52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM52-CPP.+Detect+and+handle+memory+allocation+errors
- rule_id: mem53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM53-CPP.+Explicitly+construct+and+destruct+objects+when+manually+managing+object+lifetime
- rule_id: mem54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM54-CPP.+Provide+placement+new+with+properly+aligned+pointers+to+sufficient+storage+capacity
- rule_id: mem55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM55-CPP.+Honor+replacement+dynamic+storage+management+requirements
- rule_id: mem56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM56-CPP.+Do+not+store+an+already-owned+pointer+value+in+an+unrelated+smart+pointer
- rule_id: mem57-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MEM57-CPP.+Avoid+using+default+operator+new+for+over-aligned+types
- rule_id: msc50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC50-CPP.+Do+not+use+std%3A%3Arand%28%29+for+generating+pseudorandom+numbers
- rule_id: msc51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC51-CPP.+Ensure+your+random+number+generator+is+properly+seeded
- rule_id: msc52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC52-CPP.+Value-returning+functions+must+return+a+value+from+all+exit+paths
- rule_id: msc53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046346
- rule_id: msc54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC54-CPP.+A+signal+handler+must+be+a+plain+old+function
- rule_id: oop50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP50-CPP.+Do+not+invoke+virtual+functions+from+constructors+or+destructors
- rule_id: oop51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP51-CPP.+Do+not+slice+derived+objects
- rule_id: oop52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP52-CPP.+Do+not+delete+a+polymorphic+object+without+a+virtual+destructor
- rule_id: oop53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP53-CPP.+Write+constructor+member+initializers+in+the+canonical+order
- rule_id: oop54-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP54-CPP.+Gracefully+handle+self-copy+assignment
- rule_id: oop55-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP55-CPP.+Do+not+use+pointer-to-member+operators+to+access+nonexistent+members
- rule_id: oop56-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP56-CPP.+Honor+replacement+handler+requirements
- rule_id: oop57-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP57-CPP.+Prefer+special+member+functions+and+overloaded+operators+to+C+Standard+Library+functions
- rule_id: oop58-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/OOP58-CPP.+Copy+operations+must+not+mutate+the+source+object
- rule_id: str50-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR50-CPP.+Guarantee+that+storage+for+strings+has+sufficient+space+for+character+data+and+the+null+terminator
- rule_id: str51-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR51-CPP.+Do+not+attempt+to+create+a+std%3A%3Astring+from+a+null+pointer
- rule_id: str52-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR52-CPP.+Use+valid+references%2C+pointers%2C+and+iterators+to+reference+elements+of+a+basic_string
- rule_id: str53-cpp
rule_url: https://wiki.sei.cmu.edu/confluence/display/cplusplus/STR53-CPP.+Range+check+element+access
- rule_id: arr30-c
rule_url: https://wiki.sei.cmu.edu/confluence/display/c/ARR30-C.+Do+not+form+or+use+out-of-bounds+pointers+or+array+subscripts
- rule_id: arr32-c
Expand Down
Loading

0 comments on commit 6d7ced5

Please sign in to comment.