Version 19 - History - Secure Coding Standard - strongSwan

Secure Coding Standard » History » Version 19

Andreas Steffen, 02.06.2013 17:46
Started with INT rules

-Andreas Steffen
+h1. Secure Coding Standard
 Andreas Steffen
-Andreas Steffen
+The strongSwan project adheres to the following recommendations and rules proposed by the "CERT C Secure Coding Standard":https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard:
 Andreas Steffen
-Andreas Steffen
+{{>toc}}
 Andreas Steffen
-Andreas Steffen
+(This is work under progress. Through inspection of our code the _Check Adherence_ items must be assigned to one of the other three categories first. Then we intend to move recommendations and rules of the _Partial Adherence_ category to _Full Adherence_ by fixing our code in those places where we don't adhere yet)
 Andreas Steffen
-Andreas Steffen
+h2. Preprocessor (PRE)
 Andreas Steffen
-Andreas Steffen
+_Full Adherence_
 Andreas Steffen
-Andreas Steffen
+* "PRE03-C. Prefer typedefs to defines for encoding types":https://www.securecoding.cert.org/confluence/display/seccode/PRE03-C.+Prefer+typedefs+to+defines+for+encoding+types
 Andreas Steffen
-Andreas Steffen
+* "PRE04-C. Do not reuse a standard header file name":https://www.securecoding.cert.org/confluence/display/seccode/PRE04-C.+Do+not+reuse+a+standard+header+file+name
 Andreas Steffen
-Andreas Steffen
+* "PRE06-C. Enclose header files in an inclusion guard":https://www.securecoding.cert.org/confluence/display/seccode/PRE06-C.+Enclose+header+files+in+an+inclusion+guard
 Andreas Steffen
-Andreas Steffen
+* "PRE09-C. Do not replace secure functions with deprecated or obsolescent functions":https://www.securecoding.cert.org/confluence/display/seccode/PRE09-C.+Do+not+replace+secure+functions+with+deprecated+or+obsolescent+functions
 Andreas Steffen
-Andreas Steffen
+_Partial Adherence_
 Andreas Steffen
-Andreas Steffen
+* "PRE00-C. Prefer inline or static functions to function-like macros ":https://www.securecoding.cert.org/confluence/display/seccode/PRE00-C.+Prefer+inline+or+static+functions+to+function-like+macros
 Andreas Steffen
-Andreas Steffen
+* "PRE01-C. Use parentheses within macros around parameter names":https://www.securecoding.cert.org/confluence/display/seccode/PRE01-C.+Use+parentheses+within+macros+around+parameter+names
 Andreas Steffen
-Andreas Steffen
+* "PRE02-C. Macro replacement lists should be parenthesized":https://www.securecoding.cert.org/confluence/display/seccode/PRE02-C.+Macro+replacement+lists+should+be+parenthesized
 Andreas Steffen
-Andreas Steffen
+_Check Adherence_
 Andreas Steffen
-Andreas Steffen
+* "PRE05-C. Understand macro replacement when concatenating tokens or performing stringification":https://www.securecoding.cert.org/confluence/display/seccode/PRE05-C.+Understand+macro+replacement+when+concatenating+tokens+or+performing+stringification
 Andreas Steffen
-Andreas Steffen
+* "PRE07-C. Avoid using repeated question marks":https://www.securecoding.cert.org/confluence/display/seccode/PRE07-C.+Avoid+using+repeated+question+marks
 Andreas Steffen
-Andreas Steffen
+* "PRE10-C. Wrap multistatement macros in a do-while loop":https://www.securecoding.cert.org/confluence/display/seccode/PRE10-C.+Wrap+multistatement+macros+in+a+do-while+loop
 Andreas Steffen
-Andreas Steffen
+* "PRE11-C. Do not conclude macro definitions with a semicolon ":https://www.securecoding.cert.org/confluence/display/seccode/PRE11-C.+Do+not+conclude+macro+definitions+with+a+semicolon
 Andreas Steffen
-Andreas Steffen
+* "PRE12-C. Do not define unsafe macros":https://www.securecoding.cert.org/confluence/display/seccode/PRE12-C.+Do+not+define+unsafe+macros
 Andreas Steffen
-Andreas Steffen
+* "PRE30-C. Do not create a universal character name through concatenation":https://www.securecoding.cert.org/confluence/display/seccode/PRE30-C.+Do+not+create+a+universal+character+name+through+concatenation
 Andreas Steffen
-Andreas Steffen
+* "PRE31-C. Avoid side-effects in arguments to unsafe macros":https://www.securecoding.cert.org/confluence/display/seccode/PRE31-C.+Avoid+side-effects+in+arguments+to+unsafe+macros
 Andreas Steffen
-Andreas Steffen
+* "PRE32-C. Do not use preprocessor directives inside macro arguments":https://www.securecoding.cert.org/confluence/display/seccode/PRE32-C.+Do+not+use+preprocessor+directives+inside+macro+arguments
 Andreas Steffen
-Andreas Steffen
+_No Adherence_
 Andreas Steffen
-Andreas Steffen
+* "PRE08-C. Guarantee that header file names are unique":https://www.securecoding.cert.org/confluence/display/seccode/PRE08-C.+Guarantee+that+header+file+names+are+unique
 Andreas Steffen
-Andreas Steffen
+h2. Declarations and Initialization (DCL)
 Andreas Steffen
-Andreas Steffen
+_Full Adherence_
 Andreas Steffen
-Andreas Steffen
+* "DCL01-C. Do not reuse variable names in subscopes":https://www.securecoding.cert.org/confluence/display/seccode/DCL01-C.+Do+not+reuse+variable+names+in+subscopes
 Andreas Steffen
-Andreas Steffen
+* "DCL02-C. Use visually distinct identifiers":https://www.securecoding.cert.org/confluence/display/seccode/DCL02-C.+Use+visually+distinct+identifiers
 Andreas Steffen
-Andreas Steffen
+* "DCL05-C. Use typedefs to improve code readability":https://www.securecoding.cert.org/confluence/display/seccode/DCL05-C.+Use+typedefs+to+improve+code+readability
 Andreas Steffen
-Andreas Steffen
+* "DCL07-C. Include the appropriate type information in function declarators":https://www.securecoding.cert.org/confluence/display/seccode/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators
 Andreas Steffen
-Andreas Steffen
+* "DCL12-C. Implement abstract data types using opaque types":https://www.securecoding.cert.org/confluence/display/seccode/DCL12-C.+Implement+abstract+data+types+using+opaque+types
 Andreas Steffen
-Andreas Steffen
+* "DCL15-C. Declare file-scope objects or functions that do not need external linkage as static":https://www.securecoding.cert.org/confluence/display/seccode/DCL15-C.+Declare+file-scope+objects+or+functions+that+do+not+need+external+linkage+as+static
 Andreas Steffen
-Andreas Steffen
+* "DCL18-C. Do not begin integer constants with 0 when specifying a decimal value":https://www.securecoding.cert.org/confluence/display/seccode/DCL18-C.+Do+not+begin+integer+constants+with+0+when+specifying+a+decimal+value
 Andreas Steffen
-Andreas Steffen
+* "DCL31-C. Declare identifiers before using them":https://www.securecoding.cert.org/confluence/display/seccode/DCL31-C.+Declare+identifiers+before+using+them
 Andreas Steffen
-Andreas Steffen
+* "DCL35-C. Call functions with the correct number and type of arguments":https://www.securecoding.cert.org/confluence/display/seccode/DCL35-C.+Call+functions+with+the+correct+number+and+type+of+arguments
 Andreas Steffen
-Andreas Steffen
+* "DCL36-C. Do not declare an identifier with conflicting linkage classifications":https://www.securecoding.cert.org/confluence/display/seccode/DCL36-C.+Do+not+declare+an+identifier+with+conflicting+linkage+classifications
 Andreas Steffen
-Andreas Steffen
+* "DCL38-C. Use the correct syntax when declaring flexible array members":https://www.securecoding.cert.org/confluence/display/seccode/DCL38-C.+Use+the+correct+syntax+when+declaring+flexible+array+members
 Andreas Steffen
-Andreas Steffen
+* "DCL40-C. Incompatible declarations of the same function or object":https://www.securecoding.cert.org/confluence/display/seccode/DCL40-C.+Incompatible+declarations+of+the+same+function+or+object
 Andreas Steffen
-Andreas Steffen
+_Partial Adherence_
 Andreas Steffen
-Andreas Steffen
+* "DCL06-C. Use meaningful symbolic constants to represent literal values":https://www.securecoding.cert.org/confluence/display/seccode/DCL06-C.+Use+meaningful+symbolic+constants+to+represent+literal+values
 Andreas Steffen
-Andreas Steffen
+* "DCL19-C. Minimize the scope of variables and functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL19-C.+Minimize+the+scope+of+variables+and+functions
 Andreas Steffen
-Andreas Steffen
+* "DCL20-C. Always specify void even if a function accepts no arguments":https://www.securecoding.cert.org/confluence/display/seccode/DCL20-C.+Always+specify+void+even+if+a+function+accepts+no+arguments
 Andreas Steffen
-Andreas Steffen
+_Check Adherence_
 Andreas Steffen
-Andreas Steffen
+* "DCL08-C. Properly encode relationships in constant definitions":https://www.securecoding.cert.org/confluence/display/seccode/DCL08-C.+Properly+encode+relationships+in+constant+definitions
 Andreas Steffen
-Andreas Steffen
+* "DCL09-C. Declare functions that return errno with a return type of errno_t":https://www.securecoding.cert.org/confluence/display/seccode/DCL09-C.+Declare+functions+that+return+errno+with+a+return+type+of+errno_t
 Andreas Steffen
-Andreas Steffen
+* "DCL10-C. Maintain the contract between the writer and caller of variadic functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL10-C.+Maintain+the+contract+between+the+writer+and+caller+of+variadic+functions
 Andreas Steffen
-Andreas Steffen
+* "DCL11-C. Understand the type issues associated with variadic functions":https://www.securecoding.cert.org/confluence/display/seccode/DCL11-C.+Understand+the+type+issues+associated+with+variadic+functions
 Andreas Steffen
-Andreas Steffen
+* "DCL16-C. Use 'L,' not 'l,' to indicate a long value":https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=19759250
 Andreas Steffen
-Andreas Steffen
+* "DCL17-C. Beware of miscompiled volatile-qualified variables":https://www.securecoding.cert.org/confluence/display/seccode/DCL17-C.+Beware+of+miscompiled+volatile-qualified+variables
 Andreas Steffen
-Andreas Steffen
+* "DCL21-C. Understand the storage of compound literals":https://www.securecoding.cert.org/confluence/display/seccode/DCL21-C.+Understand+the+storage+of+compound+literals
 Andreas Steffen
-Andreas Steffen
+* "DCL30-C. Declare objects with appropriate storage durations":https://www.securecoding.cert.org/confluence/display/seccode/DCL30-C.+Declare+objects+with+appropriate+storage+durations
 Andreas Steffen
-Andreas Steffen
+* "DCL34-C. Use volatile for data that cannot be cached":https://www.securecoding.cert.org/confluence/display/seccode/DCL34-C.+Use+volatile+for+data+that+cannot+be+cached
 Andreas Steffen
-Andreas Steffen
+* "DCL37-C. Do not declare or define a reserved identifier":https://www.securecoding.cert.org/confluence/display/seccode/DCL37-C.+Do+not+declare+or+define+a+reserved+identifier
 Andreas Steffen
-Andreas Steffen
+* "DCL39-C. Avoid information leak in structure padding":https://www.securecoding.cert.org/confluence/display/seccode/DCL39-C.+Avoid+information+leak+in+structure+padding
 Andreas Steffen
-Andreas Steffen
+_No Adherence_
 Andreas Steffen
-Andreas Steffen
+* "DCL00-C. Const-qualify immutable objects":https://www.securecoding.cert.org/confluence/display/seccode/DCL00-C.+Const-qualify+immutable+objects
 Andreas Steffen
-Andreas Steffen
+* "DCL03-C. Use a static assertion to test the value of a constant expression":https://www.securecoding.cert.org/confluence/display/seccode/DCL03-C.+Use+a+static+assertion+to+test+the+value+of+a+constant+expression
 Andreas Steffen
-Andreas Steffen
+* "DCL04-C. Do not declare more than one variable per declaration":https://www.securecoding.cert.org/confluence/display/seccode/DCL04-C.+Do+not+declare+more+than+one+variable+per+declaration
 Andreas Steffen
-Andreas Steffen
+* "DCL13-C. Declare function parameters that are pointers to values not changed by the function as const ":https://www.securecoding.cert.org/confluence/display/seccode/DCL13-C.+Declare+function+parameters+that+are+pointers+to+values+not+changed+by+the+function+as+const
 Andreas Steffen
-Andreas Steffen
+* "DCL32-C. Guarantee that mutually visible identifiers are unique":https://www.securecoding.cert.org/confluence/display/seccode/DCL32-C.+Guarantee+that+mutually+visible+identifiers+are+unique
 Andreas Steffen
-Andreas Steffen
+h2. Expressions (EXP)
 Andreas Steffen
-Andreas Steffen
+_Full Adherence_
 Andreas Steffen
-Andreas Steffen
+* "EXP00-C. Use parentheses for precedence of operation":https://www.securecoding.cert.org/confluence/display/seccode/EXP00-C.+Use+parentheses+for+precedence+of+operation
 Andreas Steffen
-Andreas Steffen
+* "EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type":https://www.securecoding.cert.org/confluence/display/seccode/EXP01-C.+Do+not+take+the+size+of+a+pointer+to+determine+the+size+of+the+pointed-to+type
 Andreas Steffen
-Andreas Steffen
+* "EXP02-C. Be aware of the short-circuit behavior of the logical AND and OR operators":https://www.securecoding.cert.org/confluence/display/seccode/EXP02-C.+Be+aware+of+the+short-circuit+behavior+of+the+logical+AND+and+OR+operators
 Andreas Steffen
-Andreas Steffen
+* "EXP03-C. Do not assume the size of a structure is the sum of the sizes of its members":https://www.securecoding.cert.org/confluence/display/seccode/EXP03-C.+Do+not+assume+the+size+of+a+structure+is+the+sum+of+the+sizes+of+its+members
 Andreas Steffen
-Andreas Steffen
+* "EXP04-C. Do not perform byte-by-byte comparisons involving a structure":https://www.securecoding.cert.org/confluence/display/seccode/EXP04-C.+Do+not+perform+byte-by-byte+comparisons+involving+a+structure
 Andreas Steffen
-Andreas Steffen
+* "EXP05-C. Do not cast away a const qualification":https://www.securecoding.cert.org/confluence/display/seccode/EXP04-C.+Do+not+perform+byte-by-byte+comparisons+involving+a+structure
 Andreas Steffen
-Andreas Steffen
+* "EXP06-C. Operands to the sizeof operator should not contain side effects":https://www.securecoding.cert.org/confluence/display/seccode/EXP06-C.+Operands+to+the+sizeof+operator+should+not+contain+side+effects
 Andreas Steffen
-Andreas Steffen
+* "EXP07-C. Do not diminish the benefits of constants by assuming their values in expressions":https://www.securecoding.cert.org/confluence/display/seccode/EXP07-C.+Do+not+diminish+the+benefits+of+constants+by+assuming+their+values+in+expressions
 Andreas Steffen
-Andreas Steffen
+* "EXP08-C. Ensure pointer arithmetic is used correctly":https://www.securecoding.cert.org/confluence/display/seccode/EXP08-C.+Ensure+pointer+arithmetic+is+used+correctly
 Andreas Steffen
-Andreas Steffen
+* "EXP09-C. Use sizeof to determine the size of a type or variable":https://www.securecoding.cert.org/confluence/display/seccode/EXP09-C.+Use+sizeof+to+determine+the+size+of+a+type+or+variable
 Andreas Steffen
-Andreas Steffen
+* "EXP10-C. Do not depend on the order of evaluation of subexpressions or the order in which side effects take place":https://www.securecoding.cert.org/confluence/display/seccode/EXP10-C.+Do+not+depend+on+the+order+of+evaluation+of+subexpressions+or+the+order+in+which+side+effects+take+place
 Andreas Steffen
-Andreas Steffen
+* "EXP12-C. Do not ignore values returned by functions":https://www.securecoding.cert.org/confluence/display/seccode/EXP12-C.+Do+not+ignore+values+returned+by+functions
 Andreas Steffen
-Andreas Steffen
+* "EXP13-C. Treat relational and equality operators as if they were nonassociative":https://www.securecoding.cert.org/confluence/display/seccode/EXP13-C.+Treat+relational+and+equality+operators+as+if+they+were+nonassociative
 Andreas Steffen
-Andreas Steffen
+* "EXP14-C. Beware of integer promotion when performing bitwise operations on integer types smaller than int":https://www.securecoding.cert.org/confluence/display/seccode/EXP14-C.+Beware+of+integer+promotion+when+performing+bitwise+operations+on+integer+types+smaller+than+int
 Andreas Steffen
-Andreas Steffen
+* "EXP15-C. Do not place a semicolon on the same line as an if, for, or while statement":https://www.securecoding.cert.org/confluence/display/seccode/EXP15-C.+Do+not+place+a+semicolon+on+the+same+line+as+an+if%2C+for%2C+or+while+statement
 Andreas Steffen
-Andreas Steffen
+* "EXP16-C. Do not compare function pointers to constant values":https://www.securecoding.cert.org/confluence/display/seccode/EXP16-C.+Do+not+compare+function+pointers+to+constant+values"
 Andreas Steffen
-Andreas Steffen
+* "EXP18-C. Do not perform assignments in selection statements":https://www.securecoding.cert.org/confluence/display/seccode/EXP18-C.+Do+not+perform+assignments+in+selection+statements
 Andreas Steffen
-Andreas Steffen
+* "EXP19-C. Use braces for the body of an if, for, or while statement":https://www.securecoding.cert.org/confluence/display/seccode/EXP19-C.+Use+braces+for+the+body+of+an+if%2C+for%2C+or+while+statement
 Andreas Steffen
-Andreas Steffen
+* "EXP30-C. Do not depend on order of evaluation between sequence points":https://www.securecoding.cert.org/confluence/display/seccode/EXP30-C.+Do+not+depend+on+order+of+evaluation+between+sequence+points
 Andreas Steffen
-Andreas Steffen
+* "EXP31-C. Avoid side effects in assertions":https://www.securecoding.cert.org/confluence/display/seccode/EXP31-C.+Avoid+side+effects+in+assertions
 Andreas Steffen
-Andreas Steffen
+* "EXP33-C. Do not reference uninitialized memory":https://www.securecoding.cert.org/confluence/display/seccode/EXP33-C.+Do+not+reference+uninitialized+memory
 Andreas Steffen
-Andreas Steffen
+* "EXP34-C. Do not dereference null pointers":https://www.securecoding.cert.org/confluence/display/seccode/EXP34-C.+Do+not+dereference+null+pointers
 Andreas Steffen
-Andreas Steffen
+* "EXP35-C. Do not modify objects with temporary lifetime":https://www.securecoding.cert.org/confluence/display/seccode/EXP35-C.+Do+not+modify+objects+with+temporary+lifetime
 Andreas Steffen
-Andreas Steffen
+* "EXP37-C. Call functions with the correct number and type of arguments":https://www.securecoding.cert.org/confluence/display/seccode/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments
 Andreas Steffen
-Andreas Steffen
+* "EXP38-C. Do not call offsetof() on bit-field members or invalid types":https://www.securecoding.cert.org/confluence/display/seccode/EXP38-C.+Do+not+call+offsetof%28%29+on+bit-field+members+or+invalid+types
 Andreas Steffen
-Andreas Steffen
+* "EXP40-C. Do not modify constant values":https://www.securecoding.cert.org/confluence/display/seccode/EXP40-C.+Do+not+modify+constant+values
 Andreas Steffen
-Andreas Steffen
+_Partial Adherence_
 Andreas Steffen
-Andreas Steffen
+* "EXP20-C. Perform explicit tests to determine success, true and false, and equality":https://www.securecoding.cert.org/confluence/display/seccode/EXP20-C.+Perform+explicit+tests+to+determine+success%2C+true+and+false%2C+and+equality
 Andreas Steffen
-Andreas Steffen
+_Check Adherence_
 Andreas Steffen
-Andreas Steffen
+* "EXP11-C. Do not make assumptions regarding the layout of structures with bit-fields":https://www.securecoding.cert.org/confluence/display/seccode/EXP11-C.+Do+not+make+assumptions+regarding+the+layout+of+structures+with+bit-fields
 Andreas Steffen
-Andreas Steffen
+* "EXP17-C. Do not perform bitwise operations in conditional expressions":https://www.securecoding.cert.org/confluence/display/seccode/EXP17-C.+Do+not+perform+bitwise+operations+in+conditional+expressions
 Andreas Steffen
-Andreas Steffen
+* "EXP32-C. Do not access a volatile object through a non-volatile reference":https://www.securecoding.cert.org/confluence/display/seccode/EXP32-C.+Do+not+access+a+volatile+object+through+a+non-volatile+reference
 Andreas Steffen
-Andreas Steffen
+* "EXP36-C. Do not convert pointers into more strictly aligned pointer types":https://www.securecoding.cert.org/confluence/display/seccode/EXP36-C.+Do+not+convert+pointers+into+more+strictly+aligned+pointer+types
 Andreas Steffen
-Andreas Steffen
+* "EXP39-C. Do not access a variable through a pointer of an incompatible type":https://www.securecoding.cert.org/confluence/display/seccode/EXP39-C.+Do+not+access+a+variable+through+a+pointer+of+an+incompatible+type
 Andreas Steffen
-Andreas Steffen
+* "EXP41-C. Do not add or subtract a scaled integer to a pointer":https://www.securecoding.cert.org/confluence/display/seccode/EXP41-C.+Do+not+add+or+subtract+a+scaled+integer+to+a+pointer
 Andreas Steffen
-Andreas Steffen
+_No Adherence_
 Andreas Steffen
-Andreas Steffen
+* "EXP21-C. Place constants on the left of equality comparisons":https://www.securecoding.cert.org/confluence/display/seccode/EXP21-C.+Place+constants+on+the+left+of+equality+comparisons
 Andreas Steffen
-Andreas Steffen
+h2. Integers (INT)
 Andreas Steffen
-Andreas Steffen
+_Full Adherence_
 Andreas Steffen
-Andreas Steffen
+* "INT00-C. Understand the data model used by your implementation(s)":https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=4374
 Andreas Steffen
-Andreas Steffen
+* "INT01-C. Use rsize_t or size_t for all integer values representing the size of an object":https://www.securecoding.cert.org/confluence/display/seccode/INT01-C.+Use+rsize_t+or+size_t+for+all+integer+values+representing+the+size+of+an+object
 Andreas Steffen
-Andreas Steffen
+* "INT02-C. Understand integer conversion rules":https://www.securecoding.cert.org/confluence/display/seccode/INT02-C.+Understand+integer+conversion+rules
 Andreas Steffen
-Andreas Steffen
+* "INT04-C. Enforce limits on integer values originating from untrusted sources":https://www.securecoding.cert.org/confluence/display/seccode/INT04-C.+Enforce+limits+on+integer+values+originating+from+untrusted+sources
 Andreas Steffen
-Andreas Steffen
+h2. Floating Point (FLP)
 Andreas Steffen
-Andreas Steffen
+h2. Arrays (ARR)
 Andreas Steffen
-Andreas Steffen
+h2. Characters and Strings (STR)
 Andreas Steffen
-Andreas Steffen
+h2. Memory Management (MEM)
 Andreas Steffen
-Andreas Steffen
+h2. Input Output (FIO)
 Andreas Steffen
-Andreas Steffen
+h2. Environment (ENV)
 Andreas Steffen
-Andreas Steffen
+h2. Signals (SIG)
 Andreas Steffen
-Andreas Steffen
+h2. Error Handling (ERR)
 Andreas Steffen
-Andreas Steffen
+h2. Application Programming Interfaces (API)
 Andreas Steffen
-Andreas Steffen
+h2. Concurrency (CON)
 Andreas Steffen
-Andreas Steffen
+h2. Miscellaneous (MSC)
 Andreas Steffen
-Andreas Steffen
+h2. POSIX (POS)

Project

General

Profile

strongSwan

Secure Coding Standard » History » Version 19