CWE Coding Standard

CWE Coding Standard

Introduction

Common Weakness Enumeration (CWE™) is a community-developed list of common software and hardware weakness types that have security ramifications. “Weaknesses” are flaws, faults, bugs, vulnerabilities, or other errors in software or hardware implementation, code, design, or architecture that if left unaddressed could result in systems, networks, or hardware being vulnerable to attack.

  • Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'):

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck"
     && (issue.Type=="bufferAccessOutOfBounds" || issue.Type=="possibleBufferAccessOutOfBounds"
     
    || issue.Type=="insecureCmdLineArgs"|| issue.Type=="invalidscanf") select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Divide By Zero:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="zerodiv"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Unchecked Error Condition:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="zerodiv"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Declaration of Catch for Generic Exception:

    This coding standard is computed with the following query:

    warnif count > 0 
    from m in Methods where !m.IsEntryPoint
    && m.IsUsing("Keywords.generic_catch".AllowNoMatch()) select m

  • Improper Release of Memory Before Removing Last Reference ('Memory Leak'):

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && (issue.Type=="memleak" || issue.Type=="memleakOnRealloc"
     
    || issue.Type=="publicAllocationError"|| issue.Type=="leakNoVarFunctionCall") select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Double Free:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="deallocDealloc"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Use of Uninitialized Variable:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="uninitvar" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 10.ToMinutes().ToDebt(),
         
    Severity =Severity.High
        
    }

  • Incomplete Cleanup:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="resourceLeak"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • NULL Pointer Dereferenced:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="nullPointer"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Use of Obsolete Functions:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CLang" && issue.Type=="warn_deprecated"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Comparing instead of Assigning:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="CLang" && issue.Type=="warn_unused_comparison"  select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Omitted Break Statement in Switch:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_unannotated_fallthrough" select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Dead Code:

    This coding standard is computed with the following query:

    warnif count > 0 
    from issue in ImportedIssues where issue.ToolName=="Clang" && issue.Type=="warn_unreachable" select 
    new { issue,issue.FilePath,Line=issue.BeginLine}

  • Assignment to Variable without Use ('Unused Variable'):

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="unreadVariable" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 2.ToMinutes().ToDebt(),
         
    Severity =Severity.Low
        
    }

  • Expression is Always False:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="knownConditionTrueFalse"
      && issue.Description.Contains("always false")
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 2.ToMinutes().ToDebt(),
         
    Severity =Severity.Low
        
    }

  • Expression is Always True:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="knownConditionTrueFalse"
      && issue.Description.Contains("always true")
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 2.ToMinutes().ToDebt(),
         
    Severity =Severity.Low
        
    }

  • Function Call with Incorrectly Specified Arguments:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="preprocessorErrorDirective"
      && issue.Description.Contains("Wrong number")
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 2.ToMinutes().ToDebt(),
         
    Severity =Severity.Low
        
    }

  • Use of Potentially Dangerous Function:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && issue.Type=="dangerousUsageStrtol" 
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 2.ToMinutes().ToDebt(),
         
    Severity =Severity.Low
        
    }

  • Operator Precedence Logic Error:

    This coding standard is computed with the following query:

    warnif count > 0 from issue in ImportedIssues where issue.ToolName=="CppCheck" && (issue.Type=="clarifyCalculation" || issue.Type=="clarifyCondition")
    select new { issue, issue.FilePath, Line = issue.BeginLine ,
         
    Debt = 2.ToMinutes().ToDebt(),
         
    Severity =Severity.Low
        
    }

Go to top


CppDepend offers a wide range of features. It is often described as a Swiss Army Knife for C and C++ developers.

Start Free Trial