JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.0p0 Hot Tips | CONFIDENTIAL | CodeSecure Inc |
A function that should have a cryptographic salt passed in a particular argument position has been passed a hardcoded value.
| Class Name | Hardcoded Crypto Salt | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Significance | security | ||||||||||||||||||||||||||||||
| Mnemonic | HARDCODED.SALT | ||||||||||||||||||||||||||||||
| Categories |
|
||||||||||||||||||||||||||||||
| Availability | Available for C and C++. |
||||||||||||||||||||||||||||||
| Enabling | Checks for this warning class are enabled by
default. To disable them, add the following WARNING_FILTER rule to the
project configuration file.
WARNING_FILTER += discard class="Hardcoded Crypto Salt" |
Japanese (ja)
#include <crypt.h>
void hardcoded_salt(const char *p, const char *q){
crypt(p, "salt"); /* 'Hardcoded Crypto Salt' warning issued here
* ('Use of crypt' warning also issued)
*/
crypt(p, q); /* ok: not hardcoded */
/* ('Use of crypt' warning issued here)*/
}
This class is defined using HARDCODED_ARGS_* rules in the general template configuration file, and covers many common procedures that take cryptographic salt parameters. For a full list, see the "Factory Settings" in the documentation for HARDCODED_ARGS_*.
This class is implemented using a HARDCODED_ARGS_* rule set in the general template configuration file.
The following configuration file parameters affect checks for this warning class.