Secure Coding Standard » History » Version 12
Version 11 (Andreas Steffen, 28.05.2013 05:59) → Version 12/20 (Andreas Steffen, 28.05.2013 13:21)
h1. Secure Coding Standard
The strongSwan project adheres to the following recommendations and rules proposed by the "CERT C Secure Coding Standard":https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard:
{{>toc}}
h2. Preprocessor (PRE)
*Full Adherence* h3. Full Adherence
* "PRE03-C. Prefer typedefs to defines for encoding types":https://www.securecoding.cert.org/confluence/display/seccode/PRE03-C.+Prefer+typedefs+to+defines+for+encoding+types
* "PRE04-C. Do not reuse a standard header file name":https://www.securecoding.cert.org/confluence/display/seccode/PRE04-C.+Do+not+reuse+a+standard+header+file+name
* "PRE06-C. Enclose header files in an inclusion guard":https://www.securecoding.cert.org/confluence/display/seccode/PRE06-C.+Enclose+header+files+in+an+inclusion+guard
* "PRE09-C. Do not replace secure functions with deprecated or obsolescent functions":https://www.securecoding.cert.org/confluence/display/seccode/PRE09-C.+Do+not+replace+secure+functions+with+deprecated+or+obsolescent+functions
*Partial Adherence* h3. Partial Adherence
* "PRE00-C. Prefer inline or static functions to function-like macros ":https://www.securecoding.cert.org/confluence/display/seccode/PRE00-C.+Prefer+inline+or+static+functions+to+function-like+macros
* "PRE01-C. Use parentheses within macros around parameter names":https://www.securecoding.cert.org/confluence/display/seccode/PRE01-C.+Use+parentheses+within+macros+around+parameter+names
* "PRE02-C. Macro replacement lists should be parenthesized":https://www.securecoding.cert.org/confluence/display/seccode/PRE02-C.+Macro+replacement+lists+should+be+parenthesized
*Check Adherence* h3. Check Adherence
* "PRE05-C. Understand macro replacement when concatenating tokens or performing stringification":https://www.securecoding.cert.org/confluence/display/seccode/PRE05-C.+Understand+macro+replacement+when+concatenating+tokens+or+performing+stringification
* "PRE07-C. Avoid using repeated question marks":https://www.securecoding.cert.org/confluence/display/seccode/PRE07-C.+Avoid+using+repeated+question+marks
* "PRE10-C. Wrap multistatement macros in a do-while loop":https://www.securecoding.cert.org/confluence/display/seccode/PRE10-C.+Wrap+multistatement+macros+in+a+do-while+loop
* "PRE11-C. Do not conclude macro definitions with a semicolon ":https://www.securecoding.cert.org/confluence/display/seccode/PRE11-C.+Do+not+conclude+macro+definitions+with+a+semicolon
* "PRE12-C. Do not define unsafe macros":https://www.securecoding.cert.org/confluence/display/seccode/PRE12-C.+Do+not+define+unsafe+macros
* "PRE30-C. Do not create a universal character name through concatenation":https://www.securecoding.cert.org/confluence/display/seccode/PRE30-C.+Do+not+create+a+universal+character+name+through+concatenation
* "PRE31-C. Avoid side-effects in arguments to unsafe macros":https://www.securecoding.cert.org/confluence/display/seccode/PRE31-C.+Avoid+side-effects+in+arguments+to+unsafe+macros
* "PRE32-C. Do not use preprocessor directives inside macro arguments":https://www.securecoding.cert.org/confluence/display/seccode/PRE32-C.+Do+not+use+preprocessor+directives+inside+macro+arguments
*No Adherence* h3. No Adherence
* "PRE08-C. Guarantee that header file names are unique":https://www.securecoding.cert.org/confluence/display/seccode/PRE08-C.+Guarantee+that+header+file+names+are+unique
h2. Declarations and Initialization (DCL)
*Full Adherence* h3. Full Adherence
* "DCL01-C. Do not reuse variable names in subscopes":https://www.securecoding.cert.org/confluence/display/seccode/DCL01-C.+Do+not+reuse+variable+names+in+subscopes
* "DCL02-C. Use visually distinct identifiers":https://www.securecoding.cert.org/confluence/display/seccode/DCL02-C.+Use+visually+distinct+identifiers
* "DCL05-C. Use typedefs to improve code readability":https://www.securecoding.cert.org/confluence/display/seccode/DCL05-C.+Use+typedefs+to+improve+code+readability
* "DCL07-C. Include the appropriate type information in function declarators":https://www.securecoding.cert.org/confluence/display/seccode/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators
* "DCL12-C. Implement abstract data types using opaque types":https://www.securecoding.cert.org/confluence/display/seccode/DCL12-C.+Implement+abstract+data+types+using+opaque+types
* "DCL15-C. Declare file-scope objects or functions that do not need external linkage as static":https://www.securecoding.cert.org/confluence/display/seccode/DCL15-C.+Declare+file-scope+objects+or+functions+that+do+not+need+external+linkage+as+static
* "DCL18-C. Do not begin integer constants with 0 when specifying a decimal value":https://www.securecoding.cert.org/confluence/display/seccode/DCL18-C.+Do+not+begin+integer+constants+with+0+when+specifying+a+decimal+value
* "DCL31-C. Declare identifiers before using them":https://www.securecoding.cert.org/confluence/display/seccode/DCL31-C.+Declare+identifiers+before+using+them
* "DCL35-C. Call functions with the correct number and type of arguments":https://www.securecoding.cert.org/confluence/display/seccode/DCL35-C.+Call+functions+with+the+correct+number+and+type+of+arguments
* "DCL36-C. Do not declare an identifier with conflicting linkage classifications":https://www.securecoding.cert.org/confluence/display/seccode/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications
* "DCL38-C. Use the correct syntax when declaring flexible array members":https://www.securecoding.cert.org/confluence/display/seccode/DCL38-C.+Use+the+correct+syntax+when+declaring+flexible+array+members h3. Partial Adherence
* "DCL40-C. Incompatible declarations of the same function or object":https://www.securecoding.cert.org/confluence/display/seccode/DCL40-C.+Incompatible+declarations+of+the+same+function+or+object
*Partial Adherence*
* "DCL06-C. Use meaningful symbolic constants to represent literal values":https://www.securecoding.cert.org/confluence/display/seccode/DCL06-C.+Use+meaningful+symbolic+constants+to+represent+literal+values
* "DCL19-C. Minimize the scope of variables and functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL19-C.+Minimize+the+scope+of+variables+and+functions
* "DCL20-C. Always specify void even if a function accepts no arguments":https://www.securecoding.cert.org/confluence/display/seccode/DCL20-C.+Always+specify+void+even+if+a+function+accepts+no+arguments
*Check Adherence* h3. Check Adherence
* "DCL08-C. Properly encode relationships in constant definitions":https://www.securecoding.cert.org/confluence/display/seccode/DCL08-C.+Properly+encode+relationships+in+constant+definitions
* "DCL09-C. Declare functions that return errno with a return type of errno_t":https://www.securecoding.cert.org/confluence/display/seccode/DCL09-C.+Declare+functions+that+return+errno+with+a+return+type+of+errno_t
* "DCL10-C. Maintain the contract between the writer and caller of variadic functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL10-C.+Maintain+the+contract+between+the+writer+and+caller+of+variadic+functions
* "DCL11-C. Understand the type issues associated with variadic functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL11-C.+Understand+the+type+issues+associated+with+variadic+functions
* "DCL16-C. Use 'L,' not 'l,' to indicate a long value":https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=19759250
* "DCL17-C. Beware of miscompiled volatile-qualified variables":https://www.securecoding.cert.org/confluence/display/seccode/DCL17-C.+Beware+of+miscompiled+volatile-qualified+variables
* "DCL21-C. Understand the storage of compound literals":https://www.securecoding.cert.org/confluence/display/seccode/DCL21-C.+Understand+the+storage+of+compound+literals
* "DCL30-C. Declare objects with appropriate storage durations":https://www.securecoding.cert.org/confluence/display/seccode/DCL30-C.+Declare+objects+with+appropriate+storage+durations
* "DCL34-C. Use volatile for data that cannot be cached":https://www.securecoding.cert.org/confluence/display/seccode/DCL34-C.+Use+volatile+for+data+that+cannot+be+cached
* "DCL37-C. Do not declare or define a reserved identifier":https://www.securecoding.cert.org/confluence/display/seccode/DCL37-C.+Do+not+declare+or+define+a+reserved+identifier
* "DCL39-C. Avoid information leak in structure padding":https://www.securecoding.cert.org/confluence/display/seccode/DCL39-C.+Avoid+information+leak+in+structure+padding
*No Adherence* h3. No Adherence
* "DCL00-C. Const-qualify immutable objects":https://www.securecoding.cert.org/confluence/display/seccode/DCL00-C.+Const-qualify+immutable+objects
* "DCL03-C. Use a static assertion to test the value of a constant expression":https://www.securecoding.cert.org/confluence/display/seccode/DCL03-C.+Use+a+static+assertion+to+test+the+value+of+a+constant+expression
* "DCL04-C. Do not declare more than one variable per declaration":https://www.securecoding.cert.org/confluence/display/seccode/DCL04-C.+Do+not+declare+more+than+one+variable+per+declaration
* "DCL13-C. Declare function parameters that are pointers to values not changed by the function as const ":https://www.securecoding.cert.org/confluence/display/seccode/DCL13-C.+Declare+function+parameters+that+are+pointers+to+values+not+changed+by+the+function+as+const
* "DCL32-C. Guarantee that mutually visible identifiers are unique":https://www.securecoding.cert.org/confluence/display/seccode/DCL32-C.+Guarantee+that+mutually+visible+identifiers+are+unique
h2. Expressions (EXP)
h2. Integers (INT)
h2. Floating Point (FLP)
h2. Arrays (ARR)
h2. Characters and Strings (STR)
h2. Memory Management (MEM)
h2. Input Output (FIO)
h2. Environment (ENV)
h2. Signals (SIG)
h2. Error Handling (ERR)
h2. Application Programming Interfaces (API)
h2. Concurrency (CON)
h2. Miscellaneous (MSC)
h2. POSIX (POS)
The strongSwan project adheres to the following recommendations and rules proposed by the "CERT C Secure Coding Standard":https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard:
{{>toc}}
h2. Preprocessor (PRE)
*Full Adherence* h3. Full Adherence
* "PRE03-C. Prefer typedefs to defines for encoding types":https://www.securecoding.cert.org/confluence/display/seccode/PRE03-C.+Prefer+typedefs+to+defines+for+encoding+types
* "PRE04-C. Do not reuse a standard header file name":https://www.securecoding.cert.org/confluence/display/seccode/PRE04-C.+Do+not+reuse+a+standard+header+file+name
* "PRE06-C. Enclose header files in an inclusion guard":https://www.securecoding.cert.org/confluence/display/seccode/PRE06-C.+Enclose+header+files+in+an+inclusion+guard
* "PRE09-C. Do not replace secure functions with deprecated or obsolescent functions":https://www.securecoding.cert.org/confluence/display/seccode/PRE09-C.+Do+not+replace+secure+functions+with+deprecated+or+obsolescent+functions
*Partial Adherence* h3. Partial Adherence
* "PRE00-C. Prefer inline or static functions to function-like macros ":https://www.securecoding.cert.org/confluence/display/seccode/PRE00-C.+Prefer+inline+or+static+functions+to+function-like+macros
* "PRE01-C. Use parentheses within macros around parameter names":https://www.securecoding.cert.org/confluence/display/seccode/PRE01-C.+Use+parentheses+within+macros+around+parameter+names
* "PRE02-C. Macro replacement lists should be parenthesized":https://www.securecoding.cert.org/confluence/display/seccode/PRE02-C.+Macro+replacement+lists+should+be+parenthesized
*Check Adherence* h3. Check Adherence
* "PRE05-C. Understand macro replacement when concatenating tokens or performing stringification":https://www.securecoding.cert.org/confluence/display/seccode/PRE05-C.+Understand+macro+replacement+when+concatenating+tokens+or+performing+stringification
* "PRE07-C. Avoid using repeated question marks":https://www.securecoding.cert.org/confluence/display/seccode/PRE07-C.+Avoid+using+repeated+question+marks
* "PRE10-C. Wrap multistatement macros in a do-while loop":https://www.securecoding.cert.org/confluence/display/seccode/PRE10-C.+Wrap+multistatement+macros+in+a+do-while+loop
* "PRE11-C. Do not conclude macro definitions with a semicolon ":https://www.securecoding.cert.org/confluence/display/seccode/PRE11-C.+Do+not+conclude+macro+definitions+with+a+semicolon
* "PRE12-C. Do not define unsafe macros":https://www.securecoding.cert.org/confluence/display/seccode/PRE12-C.+Do+not+define+unsafe+macros
* "PRE30-C. Do not create a universal character name through concatenation":https://www.securecoding.cert.org/confluence/display/seccode/PRE30-C.+Do+not+create+a+universal+character+name+through+concatenation
* "PRE31-C. Avoid side-effects in arguments to unsafe macros":https://www.securecoding.cert.org/confluence/display/seccode/PRE31-C.+Avoid+side-effects+in+arguments+to+unsafe+macros
* "PRE32-C. Do not use preprocessor directives inside macro arguments":https://www.securecoding.cert.org/confluence/display/seccode/PRE32-C.+Do+not+use+preprocessor+directives+inside+macro+arguments
*No Adherence* h3. No Adherence
* "PRE08-C. Guarantee that header file names are unique":https://www.securecoding.cert.org/confluence/display/seccode/PRE08-C.+Guarantee+that+header+file+names+are+unique
h2. Declarations and Initialization (DCL)
*Full Adherence* h3. Full Adherence
* "DCL01-C. Do not reuse variable names in subscopes":https://www.securecoding.cert.org/confluence/display/seccode/DCL01-C.+Do+not+reuse+variable+names+in+subscopes
* "DCL02-C. Use visually distinct identifiers":https://www.securecoding.cert.org/confluence/display/seccode/DCL02-C.+Use+visually+distinct+identifiers
* "DCL05-C. Use typedefs to improve code readability":https://www.securecoding.cert.org/confluence/display/seccode/DCL05-C.+Use+typedefs+to+improve+code+readability
* "DCL07-C. Include the appropriate type information in function declarators":https://www.securecoding.cert.org/confluence/display/seccode/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators
* "DCL12-C. Implement abstract data types using opaque types":https://www.securecoding.cert.org/confluence/display/seccode/DCL12-C.+Implement+abstract+data+types+using+opaque+types
* "DCL15-C. Declare file-scope objects or functions that do not need external linkage as static":https://www.securecoding.cert.org/confluence/display/seccode/DCL15-C.+Declare+file-scope+objects+or+functions+that+do+not+need+external+linkage+as+static
* "DCL18-C. Do not begin integer constants with 0 when specifying a decimal value":https://www.securecoding.cert.org/confluence/display/seccode/DCL18-C.+Do+not+begin+integer+constants+with+0+when+specifying+a+decimal+value
* "DCL31-C. Declare identifiers before using them":https://www.securecoding.cert.org/confluence/display/seccode/DCL31-C.+Declare+identifiers+before+using+them
* "DCL35-C. Call functions with the correct number and type of arguments":https://www.securecoding.cert.org/confluence/display/seccode/DCL35-C.+Call+functions+with+the+correct+number+and+type+of+arguments
* "DCL36-C. Do not declare an identifier with conflicting linkage classifications":https://www.securecoding.cert.org/confluence/display/seccode/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications
* "DCL38-C. Use the correct syntax when declaring flexible array members":https://www.securecoding.cert.org/confluence/display/seccode/DCL38-C.+Use+the+correct+syntax+when+declaring+flexible+array+members h3. Partial Adherence
* "DCL40-C. Incompatible declarations of the same function or object":https://www.securecoding.cert.org/confluence/display/seccode/DCL40-C.+Incompatible+declarations+of+the+same+function+or+object
*Partial Adherence*
* "DCL06-C. Use meaningful symbolic constants to represent literal values":https://www.securecoding.cert.org/confluence/display/seccode/DCL06-C.+Use+meaningful+symbolic+constants+to+represent+literal+values
* "DCL19-C. Minimize the scope of variables and functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL19-C.+Minimize+the+scope+of+variables+and+functions
* "DCL20-C. Always specify void even if a function accepts no arguments":https://www.securecoding.cert.org/confluence/display/seccode/DCL20-C.+Always+specify+void+even+if+a+function+accepts+no+arguments
*Check Adherence* h3. Check Adherence
* "DCL08-C. Properly encode relationships in constant definitions":https://www.securecoding.cert.org/confluence/display/seccode/DCL08-C.+Properly+encode+relationships+in+constant+definitions
* "DCL09-C. Declare functions that return errno with a return type of errno_t":https://www.securecoding.cert.org/confluence/display/seccode/DCL09-C.+Declare+functions+that+return+errno+with+a+return+type+of+errno_t
* "DCL10-C. Maintain the contract between the writer and caller of variadic functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL10-C.+Maintain+the+contract+between+the+writer+and+caller+of+variadic+functions
* "DCL11-C. Understand the type issues associated with variadic functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL11-C.+Understand+the+type+issues+associated+with+variadic+functions
* "DCL16-C. Use 'L,' not 'l,' to indicate a long value":https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=19759250
* "DCL17-C. Beware of miscompiled volatile-qualified variables":https://www.securecoding.cert.org/confluence/display/seccode/DCL17-C.+Beware+of+miscompiled+volatile-qualified+variables
* "DCL21-C. Understand the storage of compound literals":https://www.securecoding.cert.org/confluence/display/seccode/DCL21-C.+Understand+the+storage+of+compound+literals
* "DCL30-C. Declare objects with appropriate storage durations":https://www.securecoding.cert.org/confluence/display/seccode/DCL30-C.+Declare+objects+with+appropriate+storage+durations
* "DCL34-C. Use volatile for data that cannot be cached":https://www.securecoding.cert.org/confluence/display/seccode/DCL34-C.+Use+volatile+for+data+that+cannot+be+cached
* "DCL37-C. Do not declare or define a reserved identifier":https://www.securecoding.cert.org/confluence/display/seccode/DCL37-C.+Do+not+declare+or+define+a+reserved+identifier
* "DCL39-C. Avoid information leak in structure padding":https://www.securecoding.cert.org/confluence/display/seccode/DCL39-C.+Avoid+information+leak+in+structure+padding
*No Adherence* h3. No Adherence
* "DCL00-C. Const-qualify immutable objects":https://www.securecoding.cert.org/confluence/display/seccode/DCL00-C.+Const-qualify+immutable+objects
* "DCL03-C. Use a static assertion to test the value of a constant expression":https://www.securecoding.cert.org/confluence/display/seccode/DCL03-C.+Use+a+static+assertion+to+test+the+value+of+a+constant+expression
* "DCL04-C. Do not declare more than one variable per declaration":https://www.securecoding.cert.org/confluence/display/seccode/DCL04-C.+Do+not+declare+more+than+one+variable+per+declaration
* "DCL13-C. Declare function parameters that are pointers to values not changed by the function as const ":https://www.securecoding.cert.org/confluence/display/seccode/DCL13-C.+Declare+function+parameters+that+are+pointers+to+values+not+changed+by+the+function+as+const
* "DCL32-C. Guarantee that mutually visible identifiers are unique":https://www.securecoding.cert.org/confluence/display/seccode/DCL32-C.+Guarantee+that+mutually+visible+identifiers+are+unique
h2. Expressions (EXP)
h2. Integers (INT)
h2. Floating Point (FLP)
h2. Arrays (ARR)
h2. Characters and Strings (STR)
h2. Memory Management (MEM)
h2. Input Output (FIO)
h2. Environment (ENV)
h2. Signals (SIG)
h2. Error Handling (ERR)
h2. Application Programming Interfaces (API)
h2. Concurrency (CON)
h2. Miscellaneous (MSC)
h2. POSIX (POS)