Contenu principal

Règles et recommandations CERT C

Liste et description des règles et recommandations de la norme CERT C supportées par Polyspace®

CERT C est un ensemble de directives de codage destinées aux développeurs de logiciels. Il se concentre sur le codage sécurisé en langage C. Les directives permettent d'éliminer les constructions dont le comportement n'est pas défini, ce qui peut entraîner des résultats inattendus au moment de l'exécution et mettre en évidence des faiblesses en matière de sécurité. Le site web CERT C, en constante évolution, répertorie diverses règles et recommandations. Pour vérifier la couverture Polyspace des règles et recommandations CERT C, consultez Polyspace Support for Coding Standards. Utilisez l'option d’analyse Check SEI CERT-C (-cert-c) pour activer des sous-ensembles de règles et de recommandations.

Résultats Polyspace

développer tout

Règle 01. Préprocesseur (PRE)

CERT C: Rule PRE30-CDo not create a universal character name through concatenation
CERT C: Rule PRE31-CAvoid side effects in arguments to unsafe macros
CERT C: Rule PRE32-CDo not use preprocessor directives in invocations of function-like macros

Règle 02. Déclarations et initialisation (DCL)

CERT C: Rule DCL30-CDeclare objects with appropriate storage durations
CERT C: Rule DCL31-CDeclare identifiers before using them
CERT C: Rule DCL36-CDo not declare an identifier with conflicting linkage classifications
CERT C: Rule DCL37-CDo not declare or define a reserved identifier
CERT C: Rule DCL38-CUse the correct syntax when declaring a flexible array member
CERT C: Rule DCL39-CAvoid information leakage in structure padding
CERT C: Rule DCL40-CDo not create incompatible declarations of the same function or object
CERT C: Rule DCL41-CDo not declare variables inside a switch statement before the first case label

Règle 03. Expressions (EXP)

CERT C: Rule EXP30-CDo not depend on the order of evaluation for side effects
CERT C: Rule EXP32-CDo not access a volatile object through a nonvolatile reference
CERT C: Rule EXP33-CDo not read uninitialized memory
CERT C: Rule EXP34-CDo not dereference null pointers
CERT C: Rule EXP35-CDo not modify objects with temporary lifetime
CERT C: Rule EXP36-CDo not cast pointers into more strictly aligned pointer types
CERT C: Rule EXP37-CCall functions with the correct number and type of arguments
CERT C: Rule EXP39-CDo not access a variable through a pointer of an incompatible type
CERT C: Rule EXP40-CDo not modify constant objects
CERT C: Rule EXP42-CDo not compare padding data
CERT C: Rule EXP43-CAvoid undefined behavior when using restrict-qualified pointers
CERT C: Rule EXP44-CDo not rely on side effects in operands to sizeof, _Alignof, or _Generic
CERT C: Rule EXP45-CDo not perform assignments in selection statements
CERT C: Rule EXP46-CDo not use a bitwise operator with a Boolean-like operand
CERT C: Rule EXP47-CDo not call va_arg with an argument of the incorrect type

Règle 04. Nombres entiers (INT)

CERT C: Rule INT30-CEnsure that unsigned integer operations do not wrap
CERT C: Rule INT31-CEnsure that integer conversions do not result in lost or misinterpreted data
CERT C: Rule INT32-CEnsure that operations on signed integers do not result in overflow
CERT C: Rule INT33-CEnsure that division and remainder operations do not result in divide-by-zero errors
CERT C: Rule INT34-CDo not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand
CERT C: Rule INT35-CUse correct integer precisions
CERT C: Rule INT36-CConverting a pointer to integer or integer to pointer

Règle 05. Virgule flottante (FLP)

CERT C: Rule FLP30-CDo not use floating-point variables as loop counters
CERT C: Rule FLP32-CPrevent or detect domain and range errors in math functions
CERT C: Rule FLP34-CEnsure that floating-point conversions are within range of the new type
CERT C: Rule FLP36-CPreserve precision when converting integral values to floating-point type
CERT C: Rule FLP37-CDo not use object representations to compare floating-point values

Règle 06. Tableaux (ARR)

CERT C: Rule ARR30-CDo not form or use out-of-bounds pointers or array subscripts
CERT C: Rule ARR32-CEnsure size arguments for variable length arrays are in a valid range
CERT C: Rule ARR36-CDo not subtract or compare two pointers that do not refer to the same array
CERT C: Rule ARR37-CDo not add or subtract an integer to a pointer to a non-array object
CERT C: Rule ARR38-CGuarantee that library functions do not form invalid pointers
CERT C: Rule ARR39-CDo not add or subtract a scaled integer to a pointer

Règle 07. Caractères et chaînes de caractères (STR)

CERT C: Rule STR30-CDo not attempt to modify string literals
CERT C: Rule STR31-CGuarantee that storage for strings has sufficient space for character data and the null terminator
CERT C: Rule STR32-CDo not pass a non-null-terminated character sequence to a library function that expects a string
CERT C: Rule STR34-CCast characters to unsigned char before converting to larger integer sizes
CERT C: Rule STR37-CArguments to character-handling functions must be representable as an unsigned char
CERT C: Rule STR38-CDo not confuse narrow and wide character strings and functions

Règle 08. Gestion de la mémoire (MEM)

CERT C: Rule MEM30-CDo not access freed memory
CERT C: Rule MEM31-CFree dynamically allocated memory when no longer needed
CERT C: Rule MEM33-CAllocate and copy structures containing a flexible array member dynamically
CERT C: Rule MEM34-COnly free memory allocated dynamically
CERT C: Rule MEM35-CAllocate sufficient memory for an object
CERT C: Rule MEM36-CDo not modify the alignment of objects by calling realloc()

Règle 09. Entrée/sortie (FIO)

CERT C: Rule FIO30-CExclude user input from format strings
CERT C: Rule FIO32-CDo not perform operations on devices that are only appropriate for files
CERT C: Rule FIO34-CDistinguish between characters read from a file and EOF or WEOF
CERT C: Rule FIO37-CDo not assume that fgets() or fgetws() returns a nonempty string when successful
CERT C: Rule FIO38-CDo not copy a FILE object
CERT C: Rule FIO39-CDo not alternately input and output from a stream without an intervening flush or positioning call
CERT C: Rule FIO40-CReset strings on fgets() or fgetws() failure
CERT C: Rule FIO41-CDo not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
CERT C: Rule FIO42-CClose files when they are no longer needed
CERT C: Rule FIO44-COnly use values for fsetpos() that are returned from fgetpos()
CERT C: Rule FIO45-CAvoid TOCTOU race conditions while accessing files
CERT C: Rule FIO46-CDo not access a closed file
CERT C: Rule FIO47-CUse valid format strings

Règle 10. Environnement (ENV)

CERT C: Rule ENV30-CDo not modify the object referenced by the return value of certain functions
CERT C: Rule ENV31-CDo not rely on an environment pointer following an operation that may invalidate it
CERT C: Rule ENV32-CAll exit handlers must return normally
CERT C: Rule ENV33-CDo not call system()
CERT C: Rule ENV34-CDo not store pointers returned by certain functions

Règle 11. Signaux (SIG)

CERT C: Rule SIG30-CCall only asynchronous-safe functions within signal handlers
CERT C: Rule SIG31-CDo not access shared objects in signal handlers
CERT C: Rule SIG34-CDo not call signal() from within interruptible signal handlers
CERT C: Rule SIG35-CDo not return from a computational exception signal handler

Règle 12. Traitement des erreurs (ERR)

CERT C: Rule ERR30-CSet errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure
CERT C: Rule ERR32-CDo not rely on indeterminate values of errno
CERT C: Rule ERR33-CDetect and handle standard library errors
CERT C: Rule ERR34-CDetect errors when converting a string to a number

Règle 14. Accès concurrent (CON)

CERT C: Rule CON30-CClean up thread-specific storage
CERT C: Rule CON31-CDo not destroy a mutex while it is locked
CERT C: Rule CON32-CPrevent data races when accessing bit fields from multiple threads
CERT C: Rule CON33-CAvoid race conditions when using library functions
CERT C: Rule CON34-CDeclare objects shared between threads with appropriate storage durations
CERT C: Rule CON35-CAvoid deadlock by locking in a predefined order
CERT C: Rule CON36-CWrap functions that can spuriously wake up in a loop
CERT C: Rule CON37-CDo not call signal() in a multithreaded program
CERT C: Rule CON38-CPreserve thread safety and liveness when using condition variables
CERT C: Rule CON39-CDo not join or detach a thread that was previously joined or detached
CERT C: Rule CON40-CDo not refer to an atomic variable twice in an expression
CERT C: Rule CON41-CWrap functions that can fail spuriously in a loop
CERT C: Rule CON43-CDo not allow data races in multithreaded code

Règle 48. Divers (MSC)

CERT C: Rule MSC30-CDo not use the rand() function for generating pseudorandom numbers
CERT C: Rule MSC32-CProperly seed pseudorandom number generators
CERT C: Rule MSC33-CDo not pass invalid data to the asctime() function
CERT C: Rule MSC37-CEnsure that control never reaches the end of a non-void function
CERT C: Rule MSC38-CDo not treat a predefined identifier as an object if it might only be implemented as a macro
CERT C: Rule MSC39-CDo not call va_arg() on a va_list that has an indeterminate value
CERT C: Rule MSC40-CDo not violate constraints
CERT C: Rule MSC41-CNever hard code sensitive information

Règle 50. POSIX (POS)

CERT C: Rule POS30-CUse the readlink() function properly
CERT C: Rule POS34-CDo not call putenv() with a pointer to an automatic variable as the argument
CERT C: Rule POS35-CAvoid race conditions while checking for the existence of a symbolic link
CERT C: Rule POS36-CObserve correct revocation order while relinquishing privileges
CERT C: Rule POS37-CEnsure that privilege relinquishment is successful
CERT C: Rule POS38-CBeware of race conditions when using fork and file descriptors
CERT C: Rule POS39-CUse the correct byte ordering when transferring data between systems
CERT C: Rule POS44-CDo not use signals to terminate threads
CERT C: Rule POS47-CDo not use threads that can be canceled asynchronously
CERT C: Rule POS48-CDo not unlock or destroy another POSIX thread's mutex
CERT C: Rule POS49-CWhen data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is also accessed
CERT C: Rule POS50-CDeclare objects shared between POSIX threads with appropriate storage durations
CERT C: Rule POS51-CAvoid deadlock with POSIX threads by locking in predefined order
CERT C: Rule POS52-CDo not perform operations that can block while holding a POSIX lock
CERT C: Rule POS53-CDo not use more than one mutex for concurrent waiting operations on a condition variable
CERT C: Rule POS54-CDetect and handle POSIX library errors

Règle 51. Microsoft Windows (WIN)

CERT C: Rule WIN30-CProperly pair allocation and deallocation functions

Rec. 01. Préprocesseur (PRE)

CERT C: Rec. PRE00-CPrefer inline or static functions to function-like macros
CERT C: Rec. PRE01-CUse parentheses within macros around parameter names
CERT C: Rec. PRE03-CPrefer typedefs to defines for encoding non-pointer type (depuis R2024a)
CERT C: Rec. PRE04-CDo not reuse a standard header file name (depuis R2025a)
CERT C: Rec. PRE05-CUnderstand macro replacement when concatenating tokens or performing stringification (depuis R2024b)
CERT C: Rec. PRE06-CEnclose header files in an inclusion guard
CERT C: Rec. PRE07-CAvoid using repeated question marks
CERT C: Rec. PRE08-CGuarantee that header file names are unique (depuis R2024a)
CERT C: Rec. PRE09-CDo not replace secure functions with deprecated or obsolescent functions
CERT C: Rec. PRE10-CWrap multistatement macros in a do-while loop
CERT C: Rec. PRE11-CDo not conclude macro definitions with a semicolon
CERT C: Rec. PRE12-CDo not define unsafe macros (depuis R2024a)

Rec. 02. Déclarations et initialisation (DCL)

CERT C: Rec. DCL00-CConst-qualify immutable objects
CERT C: Rec. DCL01-CDo not reuse variable names in subscopes
CERT C: Rec. DCL02-CUse visually distinct identifiers
CERT C: Rec. DCL06-CUse meaningful symbolic constants to represent literal values
CERT C: Rec. DCL07-CInclude the appropriate type information in function declarators
CERT C: Rec. DCL10-CMaintain the contract between the writer and caller of variadic functions
CERT C: Rec. DCL11-CUnderstand the type issues associated with variadic functions
CERT C: Rec. DCL12-CImplement abstract data types using opaque types
CERT C: Rec. DCL13-CDeclare function parameters that are pointers to values not changed by the function as const
CERT C: Rec. DCL15-CDeclare file-scope objects or functions that do not need external linkage as static
CERT C: Rec. DCL16-CUse 'L,' not 'l,' to indicate a long value
CERT C: Rec. DCL18-CDo not begin integer constants with 0 when specifying a decimal value
CERT C: Rec. DCL19-CMinimize the scope of variables and functions
CERT C: Rec. DCL21-CUnderstand the storage of compound literals (depuis R2024b)
CERT C: Rec. DCL22-CUse volatile for data that cannot be cached
CERT C: Rec. DCL23-CGuarantee that mutually visible identifiers are unique

Rec. 03. Expressions (EXP)

CERT C: Rec. EXP00-CUse parentheses for precedence of operation
CERT C: Rec. EXP03-CDo not assume the size of a structure is the sum of the sizes of its members (depuis R2025a)
CERT C: Rec. EXP05-CDo not cast away a const qualification
CERT C: Rec. EXP07-CDo not diminish the benefits of constants by assuming their values in expressions (depuis R2024a)
CERT C: Rec. EXP08-CEnsure pointer arithmetic is used correctly
CERT C: Rec. EXP09-CUse sizeof to determine the size of a type or variable
CERT C: Rec. EXP10-CDo not depend on the order of evaluation of subexpressions or the order in which side effects take place
CERT C: Rec. EXP11-CDo not make assumptions regarding the layout of structures with bit-fields (depuis R2024b)
CERT C: Rec. EXP12-CDo not ignore values returned by functions
CERT C: Rec. EXP13-CTreat relational and equality operators as if they were nonassociative
CERT C: Rec. EXP15-CDo not place a semicolon on the same line as an if, for, or while statement
CERT C: Rec. EXP19-CUse braces for the body of an if, for, or while statement

Rec. 04. Nombres entiers (INT)

CERT C: Rec. INT00-CUnderstand the data model used by your implementation(s)
CERT C: Rec. INT02-CUnderstand integer conversion rules
CERT C: Rec. INT04-CEnforce limits on integer values originating from tainted sources
CERT C: Rec. INT07-CUse only explicitly signed or unsigned char type for numeric values
CERT C: Rec. INT08-CVerify that all integer values are in range
CERT C: Rec. INT09-CEnsure enumeration constants map to unique values
CERT C: Rec. INT10-CDo not assume a positive remainder when using the % operator
CERT C: Rec. INT12-CDo not make assumptions about the type of a plain int bit-field when used in an expression
CERT C: Rec. INT13-CUse bitwise operators only on unsigned operands
CERT C: Rec. INT14-CAvoid performing bitwise and arithmetic operations on the same data
CERT C: Rec. INT18-CEvaluate integer expressions in a larger size before comparing or assigning to that size

Rec. 05. Virgule flottante (FLP)

CERT C: Rec. FLP00-CUnderstand the limitations of floating-point numbers
CERT C: Rec. FLP02-CAvoid using floating-point numbers when precise computation is needed
CERT C: Rec. FLP03-CDetect and handle floating-point errors
CERT C: Rec. FLP06-CConvert integers to floating point for floating-point operations

Rec. 06. Tableaux (ARR)

CERT C: Rec. ARR01-CDo not apply the sizeof operator to a pointer when taking the size of an array
CERT C: Rec. ARR02-CExplicitly specify array bounds, even if implicitly defined by an initializer

Rec. 07. Caractères et chaînes de caractères (STR)

CERT C: Rec. STR02-CSanitize data passed to complex subsystems
CERT C: Rec. STR03-CDo not inadvertently truncate a string
CERT C: Rec. STR06-CDo not assume that strtok() leaves the parse string unchanged (depuis R2025a)
CERT C: Rec. STR07-CUse the bounds-checking interfaces for string manipulation
CERT C: Rec. STR11-CDo not specify the bound of a character array initialized with a string literal

Rec. 08. Gestion de la mémoire (MEM)

CERT C: Rec. MEM00-CAllocate and free memory in the same module, at the same level of abstraction
CERT C: Rec. MEM01-CStore a new value in pointers immediately after free()
CERT C: Rec. MEM02-CImmediately cast the result of a memory allocation function call into a pointer to the allocated type
CERT C: Rec. MEM03-CClear sensitive information stored in reusable resources
CERT C: Rec. MEM04-CBeware of zero-length allocations
CERT C: Rec. MEM05-CAvoid large stack allocations
CERT C: Rec. MEM06-CEnsure that sensitive data is not written out to disk
CERT C: Rec. MEM11-CDo not assume infinite heap space
CERT C: Rec. MEM12-CConsider using a goto chain when leaving a function on error when using and releasing resources

Rec. 09. Entrée/sortie (FIO)

CERT C: Rec. FIO02-CCanonicalize path names originating from tainted sources
CERT C: Rec. FIO03-CDo not make assumptions about fopen() and file creation (depuis R2024a)
CERT C: Rec. FIO06-CCreate files with appropriate access permissions (depuis R2024b)
CERT C: Rec. FIO08-CTake care when calling remove() on an open file (depuis R2024b)
CERT C: Rec. FIO10-CTake care when using the rename() function (depuis R2024b)
CERT C: Rec. FIO11-CTake care when specifying the mode parameter of fopen()
CERT C: Rec. FIO21-CDo not create temporary files in shared directories
CERT C: Rec. FIO24-CDo not open a file that is already open

Rec. 10. Environnement (ENV)

CERT C: Rec. ENV01-CDo not make assumptions about the size of an environment variable

Rec. 12. Traitement des erreurs (ERR)

CERT C: Rec. ERR00-CAdopt and implement a consistent and comprehensive error-handling policy

Rec. 13. Interfaces de programmation d'applications (API)

CERT C: Rec. API04-CProvide a consistent and usable error-checking mechanism

Rec. 14. Accès concurrent (CON)

CERT C: Rec. CON01-CAcquire and release synchronization primitives in the same module, at the same level of abstraction
CERT C: Rec. CON05-CDo not perform operations that can block while holding a lock

Rec. 48. Divers (MSC)

CERT C: Rec. MSC01-CStrive for logical completeness
CERT C: Rec. MSC04-CUse comments consistently and in a readable fashion
CERT C: Rec. MSC12-CDetect and remove code that has no effect or is never executed
CERT C: Rec. MSC13-CDetect and remove unused values
CERT C: Rec. MSC15-CDo not depend on undefined behavior
CERT C: Rec. MSC17-CFinish every set of statements associated with a case label with a break statement
CERT C: Rec. MSC18-CBe careful while handling sensitive data, such as passwords, in program code
CERT C: Rec. MSC20-CDo not use a switch statement to transfer control into a complex block
CERT C: Rec. MSC21-CUse robust loop termination conditions
CERT C: Rec. MSC22-CUse the setjmp(), longjmp() facility securely
CERT C: Rec. MSC24-CDo not use deprecated or obsolescent functions

Rec. 50. POSIX (POS)

CERT C: Rec. POS05-CLimit access to files by creating a jail

Rec. 51. Microsoft Windows (WIN)

CERT C: Rec. WIN00-CBe specific when dynamically loading libraries

Rubriques