Cert C++

Cert C++ Standards

Introduction

This standard provides rules for secure coding in the C++ programming language. The goal of these rules is to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities. Conformance to the coding rules defined in this standard are necessary (but not sufficient) to ensure the safety, reliability, and security of software systems developed in the C++ programming language.

To learn Cert C++ Standards, you can print this SEI CERT C++ Coding Standard pdf by Aaron Ballman

38 Cert C++ standards

8 Declarations and Initialization, 9 Expressions(Exp), 5 Memory Management (MEM), 7 Exceptions and Error Handling (ERR), 6 Object Oriented Programming (OOP), 2 Miscellaneous (MSC), 1 Containers

Declarations and Initialization

  • DCL50-CPP: Do not define a C-style variadic function: Passing arguments via an ellipsis bypasses the type checking performed by the compiler. Additionally, passing an argument with non-POD class type leads to undefined behaviour.

    This coding standard is computed with the following query:

    warnif count > 0 
    from m in JustMyCode.Methods where m.IsVariadic
    select m

  • DCL51-CPP: Do not declare or define a reserved identifier:

    This coding standard is computed with the following query:

    warnif count > 0         
    from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_pp_macro_is_reserved_id" select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • DCL52-CPP: Never qualify a reference type with const or volatile:

    This coding standard is computed with the following query:

    warnif count > 0         
    from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="err_invalid_reference_qualifier_application" select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • DCL53-CPP: Do not write syntactically ambiguous declarations:

    This coding standard is computed with the following query:

    warnif count > 0         
    from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_empty_parens_are_function_decl" select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • DCL54-CPP: Overload allocation and deallocation functions as a pair in the same scope:

    This coding standard is computed with the following query:

    warnif count > 0 
    from n in JustMyCode.Methods.Where(m=>m.SimpleName=="operatornew")  where  JustMyCode.Methods.Where(m=>m.SimpleName=="operatordelete").Count()==0
    select n

  • DCL57-CPP: Do not let exceptions escape from destructors or deallocation functions:

    This coding standard is computed with the following query:

    warnif count > 0         
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="exceptThrowInDestructor" select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • DCL58-CPP: Do not modify the standard namespaces:

    This coding standard is computed with the following query:

    warnif count > 0 from codeElement  in JustMyCode.CodeElements  where codeElement.Parents.Where(t=>t.IsNamespace && t.Name=="std").Count()>0
    select codeElement

  • DCL59-CPP: Do not define an unnamed namespace in a header file:

    This coding standard is computed with the following query:

    warnif count>0 from n in Namespaces
    where n.Name.StartsWith("anonymous_namespace") && n.Name.Contains(".h")
    select n

Expressions (Exp)

Memory Management (MEM)

  • MEM50-CPP:Do not access freed memory:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="nullPointer" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • MEM51-CPP:Properly deallocate dynamically allocated resources:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_mismatched_delete_new" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • MEM53-CPP. Explicitly construct and destruct objects when manually managing object lifetime:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="uninitdata" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • MEM56-CPP:Do not store an already-owned pointer value in an unrelated smart pointer:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="doubleFree" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • MEM57-CPP: Avoid using default operator new for over-aligned types:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-mem57-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

Exceptions and Error Handling (ERR)

  • ERR51-CPP: Handle all exceptions:

    This coding standard is computed with the following query:

    warnif count > 0 
    from m in JustMyCode.Methods where m.IsEntryPoint
    && m.IsUsing("Keywords.generic_catch".AllowNoMatch()) select m 

  • ERR52-CPP: Do not use setjmp() or longjmp():

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="cert-err52-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • ERR53-CPP: Do not reference base classes or class data members in a constructor or destructor function-try-block handler:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_cdtor_function_try_handler_mem_expr" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • ERR54-CPP: Catch handlers should order their parameter types from most derived to least derived:

    This coding standard is computed with the following query:

    // <Name></Name>
    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_exception_caught_by_earlier_handler" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • ERR58-CPP. Handle all exceptions thrown before main() begins executing:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-err58-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • ERR60-CPP: Exception objects must be nothrow copynconstructible:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-err60-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • ERR61-CPP: Catch exceptions by lvalue reference:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="catchExceptionByValue" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

Object Oriented Programming (OOP)

  • OOP50-CPP: Do not invoke virtual functions from constructors or destructors:

    This coding standard is computed with the following query:

    from m in JustMyCode.Methods.Where(m=>(m.IsConstructor || m.IsDestructor) 
        
    && m.MethodsCalled.Where(s=>s.IsVirtual).Count()>0)
    select m

  • OOP52-CPP: Do not delete a polymorphic object without a virtual destructor:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_delete_non_virtual_dtor" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • OOP53-CPP: Write constructor member initializers in the canonical order:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_initializer_out_of_order" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • OOP54-CPP: Gracefully handle self-copy assignment:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="operatorEqToSelf" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-oop57-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • OOP58-CPP: Copy operations must not mutate the source object:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-oop58-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

Miscellaneous (MSC)

  • MSC50-CPP: Do not use std::rand() for generating pseudorandom numbers:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-msc50-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • MSC51-CPP. Ensure your random number generator is properlyseeded:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang-Tidy" && issue.Type=="cert-msc51-cpp" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

Containers

  • CTR50-CPP: Guarantee that container indices and iterators are within the valid range:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_array_index_exceeds_bounds" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

Go to top


CppDepend offers a wide range of features. It is often described as a Swiss Army Knife for C and C++ developers.

Start Free Trial