ImplementedChecks - rainrambler/seccheck GitHub Wiki

Table of Contents

ClassSecurity

  • Check for private static members of class. See: MSC22-CPP. Do not define static private members
  • Destructor of base class should be virtual.
  • Avoid use delete this statement. use delete this; statement may cause error if accessing its members after delete.

ComplexCopying

  • Complex objects copying in parameters or equation may slow down the system performance.

FloatArithmetic

  • Find the Comparation of two float variables.

UnsafeFunctions

  • Check unsafe functions.
    • CERT MEM08-CPP: Raw memory
    • CERT FIO06-CPP: Unsafe create file functions
    • CERT FIO07-CPP: Prefer fseek() to rewind() function
    • CERT FIO12-CPP: Unsafe stream functions
    • CERT FIO17-CPP: C-style input and output
    • CERT ERR34-CPP: Do not use setjmp() or longjmp() function
  • Check suspicious variable names like "password", which may mean hard-coded password.

Miscellaneous

    • CERT MSC05-CPP: Do not manipulate time_t typed values directly.
    • CERT MSC22-CPP: Do not define static private members
    • CERT MSC30-CPP: Generating pseudorandom numbers
    • CERT MSC34-CPP: Do not modify the standard namespaces.
    • CERT FLP00-CPP: Understand the limitations of floating-point numbers
    • CERT DCL09-CPP: Functions that return errno should change to a return type of errno_t.
    • CERT FLP30-CPP: Do not use floating-point variables as loop counters.

Environments

    • CERT ENV04-CPP: Unsafe C99 Command interpreter functions

Integers

    • CERT INT06-CPP: string token to integer
    • CERT INT13-CPP: Use bitwise operators only on unsigned operands.

Strings

    • CERT STR37-C: Arguments to character handling functions must be representable as an unsigned char.
⚠️ **GitHub.com Fallback** ⚠️