JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.0p0 Hot Tips | CONFIDENTIAL | CodeSecure Inc |
The categories list for each CodeSonar warning includes any relevant BSI:* designations: these correspond to C/C++ rules previously published by the U.S. Department of Homeland Security "Build Security In" (BSI) initiative.
A number of CodeSonar warning classes have been implemented specifically to support these rules.
CSV tables of warning classes by BSI rule are provided in BSI-mapping.csv.
Build Security In (BSI) is a software assurance initiative of the U.S. Department of Homeland Security. At one point, they provided a set of C/C++ coding rules with a security focus. CodeSonar provides checks in support of most of these rules, and continues to provide those checks although the rules are no longer among the resources provided on the BSI website.
Only the BSI-specific BADFUNC checks (those labeled B in the table below) need to be explicitly enabled: the other checks are enabled by default.
Follow the instructions in BSI-Specific BADFUNC Classes: Enabling Checks to copy the additional configuration settings into a configuration file.
The following table shows the CodeSonar warning classes that are associated with individual BSI rules.
| B | BSI-specific BADFUNC class, disabled by default. |
|---|---|
| G | Function-specific checks for this standard warning class are defined in the general template configuration file. Editing the general template may disable the checks. |
| S | Standard CodeSonar warning class and checking, enabled by default. |
| BSI Rule | Handling in CodeSonar | ||
|---|---|---|---|
| Warning Class | Notes | ||
| A2W-Macro | none | . | Not checked in CodeSonar |
| access() | File System Race Condition | S | Takes into account calls to access(), _access(), _waccess(). |
| acct() | File System Race Condition | S | Takes into account calls to acct(). |
| AddAccess-ACE | Use of AddAccessAllowedAce | B | Triggered by all uses of AddAccessAllowedAce(). |
| Use of AddAccessDeniedAce | B | Triggered by all uses of AddAccessDeniedAce(). | |
| AfxLoadLibrary | Use of AfxLoadLibrary | B | Triggered by all uses of AfxLoadLibrary(). |
| Use of CoLoadLibrary | B | Triggered by all uses of CoLoadLibrary(). | |
| AfxParseURL | Use of AfxParseURL | B | Triggered by all uses of AfxParseURL(). |
| au_to_path() | File System Race Condition | S | Takes into account calls to au_to_path(). |
| basename() | File System Race Condition | S | Takes into account calls to basename(). |
| bcopy() | Buffer Overrun | S | see Buffer Overrun Note |
| bind() | Ignored Return Value | G | Checks enforced on bind(). |
| BytesToUnicode | Buffer Overrun | S | see Buffer Overrun Note |
| CanShareFolderW | File System Race Condition | S | Takes into account calls to CanShareFolderW(). |
| Catgets | Buffer Overrun | S | see Buffer Overrun Note |
| Format String | S | CodeSonar will treat the return value as an untrusted string. | |
| Catopen | Use of catopen | B | Triggered by all uses of catopen(). |
| File System Race Condition | S | Takes into account calls to catopen(). | |
| CHMOD | File System Race Condition | S | Takes into account calls to chmod() and the related functions listed in the rule. |
| CHOWN | File System Race Condition | S | Takes into account calls to chown(), lchown(). |
| CHROOT-01 | Use of chroot | B | Triggered by all uses of chroot(). |
| CHROOT-02 | |||
| CHROOT-03 | |||
| CHString(Format) | Format String | G | Check enforced on CHString::Format(), CHString::FormatMessageW(), CHString::FormatV(). |
| CIN | none | . | Not checked in CodeSonar |
| Copylist() | File System Race Condition | S | Takes into account calls to copylist(). |
| CREAT | File System Race Condition | S | Takes into account calls to _creat(), _wcreat(), creat(). |
| CreateFile-01 | Use of CreateFile | B | Triggered by all uses of CreateFile{A,W}(). |
| CreateFile-02 | |||
| CreateProcess-01 | Leak | S | Will be triggered if the created thread and process handles are not closed before they go out of scope. |
| CreateProcess-02 | Use of CreateProcess | B | Triggered by all uses of CreateProcess{A,W}() and the related functions listed in the rule. |
| CreateProcess-03 | |||
| CreateProcess-04 | |||
| CreateThread | Use of CreateThread | B | Triggered by all uses of CreateThread(). |
| CreateUrlCacheEntry | Buffer Overrun | S | see Buffer Overrun Note |
| CRYPT-01 | Use of crypt | G | Triggered by all uses of crypt(). |
| CRYPT-02 | |||
| CString(Format) | Format String | G | Checks enforced on CString::Format() and the related functions listed in the rule. |
| CUSERID | Use of cuserid | B | Triggered by all uses of cuserid(). |
| Database Functions | File System Race Condition | S | Takes into account calls to db_initialize(), dbm_open(), dbminit(). |
| DIRNAME | File System Race Condition | S | Takes into account calls to dirname(). |
| Dlopen() | File System Race Condition | S | Takes into account calls to dlopen(). |
| EnterCriticalSection | none | . | Not checked in CodeSonar |
| Exec | File System Race Condition | S | Takes into account calls to the exec() family of functions. |
| Exec-SearchPath-01 | Use of
_exec Use of _spawn Use of execlp Use of execvp Use of popen |
B | Variously triggered by the functions listed in the rule. |
| Use of system | G | ||
| Exec-SearchPath-02 | Use of
_exec Use of _spawn Use of execlp Use of execvp Use of popen |
B | Variously triggered by the functions listed in the rule. |
| Use of system | G | ||
| Executable-Icon-Location | Buffer Overrun | S | see Buffer Overrun Note |
| File Streams | File System Race Condition | S | Takes into account calls to fattach(), fdetach(), fopen(). |
| FindExecutableImage | Buffer Overrun | S | see Buffer Overrun Note |
| FormatMessage | Use of FormatMessage | B | Triggered by all uses of FormatMessage{A,W}(). BSI-Specific. |
| FREOPEN | File System Race Condition | S | Takes into account calls to freopen() and the related functions listed in the rule. |
| Ftw and Nftw | File System Race Condition | S | Takes into account calls to ftw(), nftw(). |
| GetAttr | File System Race Condition | S | Takes into account calls to getattr(). |
| GETC | Buffer Overrun | S | see Buffer Overrun Note |
| GetEnv | Buffer Overrun | S | see Buffer Overrun Note |
| GetExtensionVersion | none | . | Not checked in CodeSonar |
| GetFileNameFromBrowse | Buffer Overrun | S | see Buffer Overrun Note |
| GetFullPathName | Buffer Overrun | S | see Buffer Overrun Note |
| GETHOST | Use After Free | S | Triggered if the value returned by a call to gethostbyaddr() or gethostbyname() is accessed after a subsequent call to either of these functions. |
| GETLOGIN | Use of getlogin | B | Triggered by all calls to getlogin(). |
| GetLongPathName | Buffer Overrun | S | see Buffer Overrun Note |
| GETOPT | Use of getopt | B | Triggered by all calls to getopt(), and the related functions listed in the rule. |
| GETPASS | Use of getpass | B | Triggered by all calls to getpass(). |
| GETS | Use of gets | G | Triggered by all calls to gets(), _getts(), _getws(). |
| GetTempFileName | Use of GetTempFileName | G | Triggered by all calls to GetTempFileName{A,W}(). |
| Buffer Overrun | S | see Buffer Overrun Note | |
| GETTEMPPATH | Buffer Overrun | S | see Buffer Overrun Note |
| GETTEXT | Buffer Overrun | S | see Buffer Overrun Note |
| GETWD | Use of getwd | B | Triggered by all calls to getwd(). |
| Ignored Return Value | G | Checks enforced on getcwd(). | |
| InitializeCriticalSection | Leak | S | Will be triggered if the initialized critical section is not deleted with DeleteCriticalSection() before it goes out of scope. |
| Double Initialization | S | Will be triggered if InitializeCriticalSection() is called twice without an intervening call to DeleteCriticalSection(). | |
| Kerberos | File System Race Condition | S | Takes into account calls to krb_set_txt_string(). |
| Kvm_open | File System Race Condition | S | Takes into account calls to kvm_open(), kvm_openfiles(). |
| Link | File System Race Condition | S | Takes into account calls to link(). |
| LoadLibrary | Use of LoadLibrary | B | Triggered by all calls to LoadLibrary() and LoadLibraryEx(). |
| LoadModule | Use of LoadModule | B | Triggered by all calls to LoadModule(). |
| MALLOC-OVERFLOW | Integer Overflow of Allocation Size | S | Takes into account calls to malloc() and the related functions listed in the rule. |
| Mbstowcs | Buffer Overrun | S | see Buffer Overrun Note |
| No Space For Null Terminator | S | Checks carried out on mbstowcs(). | |
| MEMCOPY | Buffer Overrun | S | see Buffer Overrun
Note except for CHtmlStream::Memcpy() and CMemFile::Memcpy(), which are virtual so can't be handled statically. |
| MEMSET | Use of memset | B | Triggered by all uses of memset(). |
| MetaRule (1) | Buffer Overrun | S | see Buffer Overrun Note |
| MetaRule (2) | Ignored Return Value | G | Checks enforced on the functions listed in the rule. |
| MetaRule (3) | Buffer Overrun | S | see Buffer Overrun Note |
| MetaRule (4) | Buffer Overrun | S | see Buffer Overrun Note |
| MetaRule (5) | Use of
rand Use of rand48 Function Use of random |
B | Triggered by the pseudorandom number generating functions listed in the rule. |
| MetaRule (6) | Buffer Overrun | S | see Buffer Overrun Note |
| Format String | G | Check enforced on the printf()-family functions listed in the rule. | |
| MKDIR | File System Race Condition | S | Takes into account calls to mkdir() and the related functions listed in the rule. |
| MKFIFO | File System Race Condition | S | Takes into account calls to mkfifo(). |
| MKNOD | File System Race Condition | S | Takes into account calls to mknod(). |
| Mkstemp | Use of mkstemp | B | Triggered by all calls to mkstemp() |
| MKTEMP | Use of
mktemp |
G | Triggered by all calls to mktemp() and the related functions listed in the rule. |
| Mount() | File System Race Condition | S | Takes into account calls to mount(). |
| MoveFile | Use of MoveFile | B | Triggered by all calls to MoveFile(). |
| Nlist | File System Race Condition | S | Takes into account calls to nlist(). |
| OemToChar | Use of OemToAnsi | B | Triggered by all calls to OemToAnsi{A,W}(). |
| Use of OemToChar | B | Triggered by all calls to OemToChar{A,W}(). | |
| Buffer Overrun | S | Calls to OemToCharBuff(), OemToAnsiBuff() are checked by the standard Buffer Overrun checks: see Buffer Overrun Note. | |
| OPEN | File System Race Condition | S | Takes into account calls to open() and the related functions listed in the rule. |
| OPENDIR | File System Race Condition | S | Takes into account calls to opendir(). |
| PathAddBackslash | Buffer Overrun | S | see Buffer Overrun Note |
| PathAddExtension | Buffer Overrun | S | see Buffer Overrun Note |
| PathAppend | Buffer Overrun | S | see Buffer Overrun Note |
| PathBuildRoot | Buffer Overrun | S | see Buffer Overrun Note |
| PathCanonicalize | Buffer Overrun | S | see Buffer Overrun Note |
| PathCleanupSpec | Buffer Overrun | S | see Buffer Overrun Note |
| PathCombine | Buffer Overrun | S | see Buffer Overrun Note |
| PathCommonPrefix | Buffer Overrun | S | see Buffer Overrun Note |
| PATHCONF | File System Race Condition | S | Takes into account calls to lpathconf() and pathconf(). |
| PathFindOnPath | Buffer Overrun | S | see Buffer Overrun Note |
| PathGetShortPath | Buffer Overrun | S | see Buffer Overrun Note |
| PathMakeUniqueName | File System Race Condition | S | Takes into account calls to PathMakeUniqueName(), PathYetAnotherMakeUniqueName(). |
| MAX_PATH Exceeded | S | Checks carried out on the appropriate parameters. | |
| PathQuoteSpaces | Buffer Overrun | S | see Buffer Overrun Note |
| MAX_PATH Exceeded | S | Checks carried out on the appropriate parameters. | |
| PathRelativePathTo | Buffer Overrun | S | see Buffer Overrun Note |
| PathRenameExtension | Buffer Overrun | S | see Buffer Overrun Note |
| MAX_PATH Exceeded | S | Checks carried out on the appropriate parameters. | |
| PathResolve | Buffer Overrun | S | see Buffer Overrun Note |
| QuerySecurityContextToken | Ignored Return Value | G | Checks enforced on QuerySecurityContextToken(). |
| Readlink (1) | Ignored Return Value | G | Checks enforced on readlink(). |
| Readlink (2) | File System Race Condition | S | Takes into account calls to readlink(). |
| READ-OVERFLOW | Buffer Overrun | S | see Buffer Overrun Note |
| REALLOC | Use After Free | S | See also realloc Note. |
| REALPATH | Use of realpath | B | Triggered by all calls to realpath(). Defined in general template configuration file. |
| RecvMsg | Buffer Overrun | S | see Buffer Overrun Note |
| Use of recvmsg | B | Triggered by all calls to recvmsg(). | |
| REMOVE | File System Race Condition | S | Takes into account calls to remove() and the related functions listed in the rule. |
| RENAME | File System Race Condition | S | Takes into account calls to rename() and the related functions listed in the rule. |
| RMDIR | File System Race Condition | S | Takes into account calls to rmdir() and the related functions listed in the rule. |
| SCANDIR | File System Race Condition | S | Takes into account calls to scandir(). |
| SCANF | Buffer Overrun | S | see Buffer Overrun Note |
| Format String | G | Check carried out on scanf() and the related functions listed in the rule. | |
| Select | none | . | Not checked in CodeSonar |
| SetEntriesInAcl | Ignored Return Value | G | Checks enforced on SetEntriesInAcl{A,W}(). |
| SetSecurityDescriptorDacl | Null Security Descriptor | S | Checks calls to SetSecurityDescriptorDacl(). |
| SetThreadToken | Ignored Return Value | G | Check enforced on SetThreadToken(). |
| SHCreateDirectory | File System Race Condition | S | Takes into account calls to SHCreateDirectory(), SHCreateDirectoryEx(). |
| SHCreateProcessAsUserW | Use of SHCreateProcessAsUserW | B | Triggered by all uses of SHCreateProcessAsUserW(). |
| ShellExecute | Use of ShellExecute | B | Triggered by all uses of ShellExecute() and ShellExecuteEx(). |
| SHFileOperation | File System Race Condition | S | Takes into account calls to SHFileOperation(). |
| SHGetFileInfo | File System Race Condition | S | Takes into account calls to SHGetFileInfo(). |
| SHGetFolderPath | Buffer Overrun | S | see Buffer Overrun Note |
| -SHGetNewLinkInfo | File System Race Condition | S | Takes into account calls to SHGetNewLinkInfo(). |
| Buffer Overrun | S | see Buffer Overrun Note | |
| SHGetPathFromIDList | Buffer Overrun | S | see Buffer Overrun Note |
| SHILCreateFromPath | File System Race Condition | S | Takes into account calls to SHILCreateFromPath(). |
| SHIsFileAvailableOffline | File System Race Condition | S | Takes into account calls to SHIsFileAvailableOffline(). |
| SHPathPrepareForWrite | File System Race Condition | S | Takes into account calls to SHPathPrepareForWrite(). |
| SHRegGetPath | Buffer Overrun | S | see Buffer Overrun Note |
| SHValidateUNC | File System Race Condition | S | Takes into account calls to SHValidateUNC(). |
| SIGNAL-01 | Use of signal | B | Triggered by all uses of signal(). |
| SIGNAL-02 | Use of setuid | B | Triggered by all uses of setuid(). |
| SNPRINTF | Buffer Overrun | S | see Buffer Overrun Note |
| Format String | G | Check carried out on the snprintf() and the related functions listed in the rule. | |
| Socket | none | . | Not checked in CodeSonar |
| SPRINTF | Buffer Overrun | S | see Buffer Overrun
Note except for vsprintf(), which is not covered by this check. |
| Format String | G | Checks carried out on sprintf() and the related functions listed in the rule. | |
| STAT | File System Race Condition | S | Takes into account calls to stat() and the related functions listed in the rule. |
| Statvfs() | File System Race Condition | S | Takes into account calls to statvfs(). |
| STLSTRING | none | . | Not checked in CodeSonar |
| STRCAT | Use of strcat | B | Triggered by all uses of strcat() and the related functions listed in the rule. |
| Buffer Overrun | S | see Buffer Overrun Note | |
| StrCatBuff | Buffer Overrun | S | see Buffer Overrun Note |
| No Space For Null Terminator | S | Check carried out on StrCatBuff{A,W}(). | |
| StrCatChainW | Use of StrCatChainW | B | Triggered by all calls to StrCatChainW(). |
| STRCMP | Use of strcmp | B | Triggered by all calls to strcmp() and the related functions listed in the rule. |
| STRCPY | Use of strcpy | B | Triggered by all calls to strcpy() and the related functions listed in the rule. |
| Buffer Overrun | S | see Buffer Overrun Note | |
| STRECPY | Buffer Overrun | S | see Buffer Overrun Note |
| StrFormat_ | Buffer Overrun | S | see Buffer Overrun Note |
| StringCch_W | Buffer Overrun | S | see Buffer Overrun Note |
| STRLEN | Use of strlen | B | Triggered by all calls to strlen() and the related functions listed in the rule. |
| STRNCAT | Unreasonable Size Argument | S | Checks carried out on strncat() and the related functions listed in the rule. |
| STRNCPY | Unreasonable Size
Argument No Space For Null Terminator Function Call Has No Effect Buffer Overrun |
S | All take into account calls to strncpy() and the related functions listed in the rule. |
| STRTRNS | Buffer Overrun | S | see Buffer Overrun Note |
| Use of strtrns | B | Triggered by all calls to strtrns(). | |
| Strxfrm, Wcsxfrm | Buffer Overrun | S | see Buffer Overrun Note |
| Symlink | File System Race Condition | S | Takes into account calls to symlink(). |
| SYSLOG-1 | Use of syslog | B | Triggered by all uses of syslog(). |
| SYSLOG-2 | Format String | G | Check enforced on syslog(), vsyslog(). |
| T_Open | Use of t_open | B | Triggered by all uses of t_open(). |
| TMPNAM-TMPFILE | Use of tmpfile | G | Triggered by all uses of tmpfile() and _tmpfile(). |
| Use of tmpnam | G | Triggered by all uses of tmpnam() and the related functions listed in the rule. | |
| Truncate | Use of tmpfile | G | Triggered by all uses of tmpfile() and _tmpfile(). |
| Use of tmpnam | G | Triggered by all uses of tmpnam() and the related functions listed in the rule. | |
| TTYNAME | Use of ttyname | B | Triggered by all uses of ttyname(). |
| Umask | none | . | Not checked in CodeSonar |
| UnicodeToBytes | Buffer Overrun | S | see Buffer Overrun Note |
| Unlink | File System Race Condition | S | Takes into account calls to unlink() and the related functions listed in the rule. |
| Utime | File System Race Condition | S | Takes into account calls to utime(), utimes(). |
| Utmpname | File System Race Condition | S | Takes into account calls to utmpname(), utmpxname(). |
| VFORK | Use of vfork | B | Triggered by all uses of vfork(). |
| WideCharToMultiByte | Buffer Overrun | S | see Buffer Overrun Note |
| WinExec | Use of WinExec | B | Triggered by all calls to WinExec(). |
| Wsprintf | Format String | G | Checks enforced on wsprintf() and the related functions listed in the rule. |
CodeSonar's standard Buffer Overrun checks cover a range of situations, including:
The BSI REALLOC rule recommends that realloc() not be used with secure memory; note that deallocation functions such as free() do not zero out the deallocated memory either. If you are working with an application where this is a concern, we recommend adding the following rules to the appropriate configuration file:
BAD_FUNCTION_REGEX = ^free$ BAD_FUNCTION_MESSAGE = Use of free