Coverity Support for SEI CERT C, C++, and Java Coding Standards - Synopsys
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Coverity Support for SEI CERT C, C++, and Java
Coding Standards
Ensure the safety, The SEI CERT C, C++, and Oracle Java Coding Standards are lists of rules and
recommendations for writing secure code in the C, C++, and Java programming
reliability, and security
languages They represent an important milestone in introducing best practices for
of software written in C, ensuring the safety, reliability, security, and integrity of software written in C/C++ and
C++, and Java Java Notably, the standards are designed to be enforceable by software code analyzers
using static analysis techniques This greatly reduces the cost of compliance by way of
automation
Adhering to coding standards is a crucial step in establishing best coding practices
Standards adherence is particularly important in safety-critical, high-impact industries,
such as automotive, medical, and networking Software defects in products coming
from these industries manifest themselves physically and tangibly—often with life-
threatening consequences
Synopsys provides a comprehensive solution for the SEI CERT C/C++ Coding
Standards rules, along with high-impact SEI CERT Oracle Java Coding Standards
(online version) rules and SEI CERT C Coding Standard recommendations (online
version) Coverity static analysis implements the Rules category within the CERT C/
C++ standards, high-impact CERT Java L1 rules, and methods for managing violations
and reporting on them Coverity also supports some of the best practices from the
Recommendations category for the CERT C standard
Acknowledgement
• This Publication incorporates portions of the rule identifiers, the rule descriptive
names (clauses) which follow the identifier, and rule level (from the risk assessment)
for each rule in the CERT C, CERT CPP, CERT C Recommendations and CERT
JAVA standards available at wikiseicmuedu/confluence/display/seccode/
SEI+CERT+Coding+Standards © 2020 Carnegie Mellon University, with special
permission from its Software Engineering Institute
• ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE
ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN “AS-IS” BASIS
CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO,
WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY,
OR RESULTS OBTAINED FROM USE OF THE MATERIAL CARNEGIE MELLON
UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO
FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT
• This publication has not been reviewed nor is it endorsed by Carnegie Mellon
University or its Software Engineering Institute
• Carnegie Mellon and CERT are registered trademarks of Carnegie Mellon University
| synopsys.com | 1The “Level” column in the “supported rules” and “supported recommendations” tables below indicates the severity, remediation cost, and
likelihood of each vulnerability Level 1 vulnerabilities are the most severe, the least expensive to repair, and/or the most likely to be found
in code Meanwhile, Level 3 vulnerabilities are the least severe, the most expensive to repair, and/or the least likely to be found in code
SEI CERT C Coding Standard (2016 Edition)
The SEI CERT C Coding Standard was developed specifically for the following versions of the C language:
• ISO/IEC 9899:2011: Information Technology—Programming Languages—C, 3rd ed
• ISO/IEC 9899:2011/Cor 1:2012: Information Technology—Programming Languages—C Technical Corrigendum 1
These versions are commonly referred to as the C11 standard The CERT C rules may also be applied to earlier versions of the C language,
such as C99
The 2016 edition of the CERT C standard contains 99 coding rules There are additional CERT C rules available on the CERT Secure Coding
wiki, bringing the total number of rules to 120 as of July 10, 2020 The CERT Secure Coding wiki for C is here:
https://wwwsecurecodingcertorg/confluence/display/c/
The SEI CERT C Coding Standard (2016 Edition) is here:
https://wwwcertorg/secure-coding/products-services/secure-coding-downloadcfm
The CERT C wiki also documents 185 recommendations and two platform-specific annexes (POSIX and Windows) The recommendations
and annexes are not part of the core secure coding standard and may be useful for projects with stricter requirements
CERT C rule coverage
Rules
Section % Coverage
Supported All
All 115 121* 95.8
PRE 3 3 100.0
DCL 8 8 100.0
EXP 15 15 100.0
INT 7 7 100.0
FLP 5 5 100.0
ARR 6 6 100.0
STR 6 6 100.0
MEM 6 6 100.0
FIO 13 13 100.0
ENV 5 5 100.0
SIG 4 4 100.0
ERR 4 4 100.0
CON 12 13 92.3
MSC 7 8 87.5
POS* 14 17* 82.4
WIN 0 1 0.0
*
As of July 10, 2020, POS33-C is moved to The Void: void POS33-C Do not use vfork(), reducing the total number of POS rules to 16 and
the number of CERT C rules to 120 Thus, percentage coverage is calculated as 115/120 = 95.8%
| synopsys.com | 2CERT C supported rules
Rule Description Level
PRE30-C Do not create a universal character name through concatenation L3
PRE31-C Avoid side effects in arguments to unsafe macros L3
PRE32-C Do not use preprocessor directives in invocations of function-like macros L3
DCL30-C Declare objects with appropriate storage durations L2
DCL31-C Declare identifiers before using them L3
DCL36-C Do not declare an identifier with conflicting linkage classifications L2
DCL37-C Do not declare or define a reserved identifier L3
DCL38-C Use the correct syntax when declaring a flexible array member L3
DCL39-C Avoid information leakage when passing a structure across a trust boundary L3
DCL40-C Do not create incompatible declarations of the same function or object L3
DCL41-C Do not declare variables inside a switch statement before the first case label L3
EXP30-C Do not depend on order of evaluation for side effects L2
EXP32-C Do not access a volatile object through a nonvolatile reference L2
EXP33-C Do not read uninitialized memory L1
EXP34-C Do not dereference null pointers L1
EXP35-C Do not modify objects with temporary lifetime L3
EXP36-C Do not cast pointers into more strictly aligned pointer types L3
EXP37-C Call functions with the correct number and type of arguments L3
EXP39-C Do not access a variable through a pointer of an incompatible type L3
EXP40-C Do not modify constant objects L3
EXP42-C Do not compare padding data L2
EXP43-C Avoid undefined behavior when using restrict-qualified pointers L3
EXP44-C Do not rely on side effects in operands to sizeof, _Alignof, or _Generic L3
EXP45-C Do not perform assignments in selection statements L2
EXP46-C Do not use a bitwise operator with a Boolean-like operand L2
EXP47-C Do not call va_arg with an argument of incorrect type L2
INT30-C Ensure that unsigned integer operations do not wrap L2
INT31-C Ensure that integer conversions do not result in lost or misinterpreted data L2
INT32-C Ensure that operations on signed integers do not result in overflow L2
INT33-C Ensure that division and modulo operations do not result in divide-by-zero errors L2
INT34-C Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits L3
that exist in the operand
INT35-C Use correct integer precisions L3
INT36-C Converting a pointer to integer or integer to pointer L3
FLP30-C Do not use floating-point variables as loop counters L2
FLP32-C Prevent or detect domain and range errors in math functions L2
FLP34-C Ensure that floating-point conversions are within range of the new type L3
FLP36-C Preserve precision when converting integral values to floating-point type L3
FLP37-C Do not use object representations to compare floating-point values L3
ARR30-C Do not form or use out of bounds pointers or array subscripts L2
ARR32-C Ensure size arguments for variable length arrays are in a valid range L2
ARR36-C Do not subtract or compare two pointers that do not refer to the same array L2
| synopsys.com | 3Rule Description Level
ARR37-C Do not add or subtract an integer to a pointer to a non-array object L2
ARR38-C Guarantee that library functions do not form invalid pointers L1
ARR39-C Do not add or subtract a scaled integer to a pointer L2
STR30-C Do not attempt to modify string literals L2
STR31-C Guarantee that storage for strings has sufficient space for character data and the null terminator L1
STR32-C Do not pass a non-null-terminated character sequence to a library function that expects a string L1
STR34-C Cast characters to unsigned char before converting to larger integer sizes L2
STR37-C Arguments to character-handling functions must be representable as an unsigned char L3
STR38-C Do not confuse narrow and wide character strings and functions L1
MEM30-C Do not access freed memory L1
MEM31-C Free dynamically allocated memory when no longer needed L2
MEM33-C Allocate and copy structures containing a flexible array member dynamically L3
MEM34-C Only free memory allocated dynamically L1
MEM35-C Allocate sufficient memory for an object L2
MEM36-C Do not modify the alignment of objects by calling realloc() L3
FIO30-C Exclude user input from format strings L1
FIO32-C Do not perform operations on devices that are only appropriate for files L3
FIO34-C Distinguish between characters read from a file and EOF or WEOF L1
FIO37-C Do not assume that fgets() or fgetws() returns a nonempty string when successful L1
FIO38-C Do not copy a FILE object L3
FIO39-C Do not alternately input and output from a stream without an intervening flush or positioning call L2
FIO40-C Reset strings on fgets() or fgetws() failure L3
FIO41-C Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects L3
FIO42-C Close files when they are no longer needed L3
FIO44-C Only use values for fsetpos() that are returned from fgetpos() L3
FIO45-C Avoid TOCTOU race conditions while accessing files L2
FIO46-C Do not access a closed file L3
FIO47-C Use valid format strings L2
ENV30-C Do not modify the object referenced by the return value of certain functions L3
ENV31-C Do not rely on an environment pointer following an operation that may invalidate it L3
ENV32-C All exit handlers must return normally L1
ENV33-C Do not call system() L1
ENV34-C Do not store pointers returned by certain functions L3
SIG30-C Call only asynchronous-safe functions within signal handlers L1
SIG31-C Do not access shared objects in signal handlers L2
SIG34-C Do not call signal() from within interruptible signal handlers L3
SIG35-C Do not return from a computational exception signal handler L3
ERR30-C Set errno to zero before calling a library function known to set errno, and check errno only after the L2
function returns a value indicating failure
ERR32-C Do not rely on indeterminate values of errno L3
ERR33-C Detect and handle standard library errors L1
ERR34-C Detect errors when converting a string to a number L3
| synopsys.com | 4Rule Description Level
CON30-C Clean up thread-specific storage L3
CON31-C Do not destroy a mutex while it is locked L3
CON32-C Prevent data races when accessing bit-fields from multiple threads L2
CON33-C Avoid race conditions when using library functions L3
CON34-C Declare objects shared between threads with appropriate storage durations L3
CON35-C Avoid deadlock by locking in predefined order L3
CON36-C Wrap functions that can spuriously wake up in a loop L3
CON37-C Do not call signal() in a multithreaded program L2
CON38-C Preserve thread safety and liveness when using condition variables L3
CON39-C Do not join or detach a thread that was previously joined or detached L2
CON40-C Do not refer to an atomic variable twice in an expression L2
CON41-C Wrap functions that can fail spuriously in a loop L3
MSC30-C Do not use the rand() function for generating pseudorandom numbers L2
MSC32-C Properly seed pseudorandom number generators L1
MSC33-C Do not pass invalid data to the asctime() function L1
MSC37-C Ensure that control never reaches the end of a non-void function L2
MSC38-C Do not treat a predefined identifier as an object if it might only be implemented as a macro L3
MSC39-C Do not call va_arg() on a va_list that has an indeterminate value L3
MSC40-C Do not violate constraints L3
POS30-C Use the readlink() function properly L1
POS33-C$ Do not use vfork() L2
POS34-C Do not call putenv() with a pointer to an automatic variable as the argument L2
POS35-C Avoid race conditions while checking for the existence of a symbolic link L1
POS36-C Observe correct revocation order while relinquishing privileges L1
POS37-C Ensure that privilege relinquishment is successful L1
POS38-C Beware of race conditions when using fork and file descriptors L3
POS39-C Use the correct byte ordering when transferring data between systems L1
POS44-C Do not use signals to terminate threads L2
POS47-C Do not use threads that can be canceled asynchronously L1
POS49-C When data must be accessed by multiple threads, provide a mutex and guarantee no adjacent data is L2
also accessed
POS50-C Declare objects shared between POSIX threads with appropriate storage durations L3
POS52-C Do not perform operations that can block while holding a POSIX lock L3
POS54-C Detect and handle POSIX library errors L1
$
As of July 10, 2020, POS33-C is moved to The Void: void POS33-C Do not use vfork()
| synopsys.com | 5CERT C L1 recommendation coverage (online version)
Recommendations
Section % Coverage
Supported All
All 21 25* 84.0
PRE 3 5 60.0
DCL 0 1 0.0
EXP 2 2 100.0
INT 2 2 100.0
ARR 1 1 100.0
STR 4 4 100.0
MEM 1 1 100.0
FIO 2 2 100.0
ENV 1 1 100.0
SIG 1 1 100.0
API 1 1* 100.0
MSC 3 4 75.0
*There are 26 total CERT C L1 recommendations Apart from API10-C, which is incomplete, there are 25 validated recommendations
considered in this calculation
CERT C supported recommendations (online version)
Recommendation Description Level
PRE09-C Do not replace secure functions with deprecated or obsolescent functions L1
PRE10-C Wrap multistatement macros in a do-while loop L1
PRE11-C Do not conclude macro definitions with a semicolon L1
PRE12-C Do not define unsafe macros L2
DCL11-C Understand the type issues associated with variadic functions L2
DCL23-C Guarantee that mutually visible identifiers are unique L2
EXP05-C Do not cast away a const qualification L2
EXP08-C Ensure pointer arithmetic is used correctly L2
EXP10-C Do not depend on the order of evaluation of subexpressions or the order in which side effects L2
take place
EXP15-C Do not place a semicolon on the same line as an if, for, or while statement L1
EXP16-C Do not compare function pointers to constant values L2
EXP19-C Use braces for the body of an if, for, or while statement L2
EXP20-C Perform explicit tests to determine success, true and false, and equality L1
INT02-C Understand integer conversion rules L2
INT04-C Enforce limits on integer values originating from tainted sources L2
INT07-C Use only explicitly signed or unsigned char type for numeric values L2
INT13-C Use bitwise operators only on unsigned operands L2
INT17-C Define integer constants in an implementation-independent manner L1
INT18-C Evaluate integer expressions in a larger size before comparing or assigning to that size L1
ARR00-C Understand how arrays work L2
ARR01-C Do not apply the sizeof operator to a pointer when taking the size of an array L1
ARR02-C Explicitly specify array bounds, even if implicitly defined by an initializer L2
| synopsys.com | 6Recommendation Description Level
STR00-C Represent characters using an appropriate type L1
STR02-C Sanitize data passed to complex subsystems L1
STR03-C Do not inadvertently truncate a string L2
STR06-C Do not assume that strtok() leaves the parse string unchanged L1
STR07-C Use the bounds-checking interfaces for string manipulation L1
STR11-C Do not specify the bound of a character array initialized with a string literal L2
MEM00-C Allocate and free memory in the same module, at the same level of abstraction L1
MEM01-C Store a new value in pointers immediately after free() L2
MEM05-C Avoid large stack allocations L2
FIO01-C Be careful using functions that use file names for identification L1
FIO20-C Avoid unintentional truncation when using fgets() or fgetws() L1
ENV01-C Do not make assumptions about the size of an environment variable L1
SIG02-C Avoid using signals to implement normal functionality L1
API05-C Use conformant array parameters L1
MSC15-C Do not depend on undefined behavior L1
MSC17-C Finish every set of statements associated with a case label with a break statement L1
MSC18-C Be careful while handling sensitive data, such as passwords, in program code L2
MSC24-C Do not use deprecated or obsolescent functions L1
| synopsys.com | 7SEI CERT C++ Coding Standard (2016 Edition)
The SEI CERT C++ Coding Standard was developed specifically for the following version of the C++ language:
• ISO/IEC 14882-2014: Information Technology---Programming Languages—C++, 4th ed
This version is commonly referred to as the C++14 standard
The CERT C++ rules may also be applied to earlier versions of the C++ language, such as C++11
The 2016 edition of the CERT C++ standard contains 83 coding rules
The CERT Secure Coding wiki for C++ is here:
https://wwwsecurecodingcertorg/confluence/display/cplusplus/
The SEI CERT C++ Coding Standard (2016 Edition) is here:
https://certorg/secure-coding/products-services/secure-coding-cpp-download-2016cfm
The CERT C++ wiki also documents some recommendations The recommendations are not part of the core secure coding standard
CERT C++ rule coverage
Rules
Section % Coverage
Supported All
All 83 83 100.0
DCL 11 11 100.0
EXP 14 14 100.0
INT 1 1 100.0
CTR 9 9 100.0
STR 4 4 100.0
MEM 8 8 100.0
FIO 2 2 100.0
ERR 13 13 100.0
OOP 9 9 100.0
CON 7 7 100.0
MSC 5 5 100.0
CERT C++ supported rules
Rule Description Level
DCL50-CPP Do not define a C-style variadic function L1
DCL51-CPP Do not declare or define a reserved identifier L3
DCL52-CPP Never qualify a reference type with const or volatile L3
DCL53-CPP Do not write syntactically ambiguous declarations L3
DCL54-CPP Overload allocation and deallocation functions as a pair in the same scope L2
DCL55-CPP Avoid information leakage when passing a class object across a trust boundary L3
DCL56-CPP Avoid cycles during initialization of static objects L3
DCL57-CPP Do not let exceptions escape from destructors or deallocation functions L3
DCL58-CPP Do not modify the standard namespaces L2
DCL59-CPP Do not define an unnamed namespace in a header file L3
DCL60-CPP Obey the one-definition rule L3
EXP50-CPP Do not depend on the order of evaluation for side effects L2
| synopsys.com | 8Rule Description Level
EXP51-CPP Do not delete an array through a pointer of the incorrect type L3
EXP52-CPP Do not rely on side effects in unevaluated operands L3
EXP53-CPP Do not read uninitialized memory L1
EXP54-CPP Do not access an object outside of its lifetime L2
EXP55-CPP Do not access a cv-qualified object through a cv-unqualified type L2
EXP56-CPP Do not call a function with a mismatched language linkage L3
EXP57-CPP Do not cast or delete pointers to incomplete classes L3
EXP58-CPP Pass an object of the correct type to va_start L3
EXP59-CPP Use offsetof() on valid types and members L3
EXP60-CPP Do not pass a nonstandard-layout type object across execution boundaries L1
EXP61-CPP A lambda object must not outlive any of its reference captured objects L2
EXP62-CPP Do not access the bits of an object representation that are not part of the object's value representation L2
EXP63-CPP Do not rely on the value of a moved-from object L2
INT50-CPP Do not cast to an out-of-range enumeration value L3
CTR50-CPP Guarantee that container indices and iterators are within the valid range L2
CTR51-CPP Use valid references, pointers, and iterators to reference elements of a container L2
CTR52-CPP Guarantee that library functions do not overflow L1
CTR53-CPP Use valid iterator ranges L2
CTR54-CPP Do not subtract iterators that do not refer to the same container L2
CTR55-CPP Do not use an additive operator on an iterator if the result would overflow L1
CTR56-CPP Do not use pointer arithmetic on polymorphic objects L2
CTR57-CPP Provide a valid ordering predicate L3
CTR58-CPP Predicate function objects should not be mutable L3
STR50-CPP Guarantee that storage for strings has sufficient space for character data and the null terminator L1
STR51-CPP Do not attempt to create a std::string from a null pointer L1
STR52-CPP Use valid references, pointers, and iterators to reference elements of a basic_string L2
STR53-CPP Range check element access L2
MEM50-CPP Do not access freed memory L1
MEM51-CPP Properly deallocate dynamically allocated resources L1
MEM52-CPP Detect and handle memory allocation errors L1
MEM53-CPP Explicitly construct and destruct objects when manually managing object lifetime L1
MEM54-CPP Provide placement new with properly aligned pointers to sufficient storage capacity L1
MEM55-CPP Honor replacement dynamic storage management requirements L1
MEM56-CPP Do not store an already-owned pointer value in an unrelated smart pointer L1
MEM57-CPP Avoid using default operator new for over-aligned types L2
FIO50-CPP Do not alternately input and output from a file stream without an intervening positioning call L2
FIO51-CPP Close files when they are no longer needed L3
ERR50-CPP Do not abruptly terminate the program L3
ERR51-CPP Handle all exceptions L3
ERR52-CPP Do not use setjmp() or longjmp() L3
Do not reference base classes or class data members in a constructor or destructor function-try-block
ERR53-CPP L3
handler
ERR54-CPP Catch handlers should order their parameter types from most derived to least derived L1
ERR55-CPP Honor exception specifications L2
| synopsys.com | 9Rule Description Level
ERR56-CPP Guarantee exception safety L2
ERR57-CPP Do not leak resources when handling exceptions L3
ERR58-CPP Handle all exceptions thrown before main() begins executing L2
ERR59-CPP Do not throw an exception across execution boundaries L1
ERR60-CPP Exception objects must be nothrow copy constructible L3
ERR61-CPP Catch exceptions by lvalue reference L3
ERR62-CPP Detect errors when converting a string to a number L3
OOP50-CPP Do not invoke virtual functions from constructors or destructors L3
OOP51-CPP Do not slice derived objects L3
OOP52-CPP Do not delete a polymorphic object without a virtual destructor L2
OOP53-CPP Write constructor member initializers in the canonical order L3
OOP54-CPP Gracefully handle self-copy assignment L3
OOP55-CPP Do not use pointer-to-member operators to access nonexistent members L2
OOP56-CPP Honor replacement handler requirements L3
OOP57-CPP Prefer special member functions and overloaded operators to C Standard Library functions L2
OOP58-CPP Copy operations must not mutate the source object L2
CON50-CPP Do not destroy a mutex while it is locked L3
CON51-CPP Ensure actively held locks are released on exceptional conditions L2
CON52-CPP Prevent data races when accessing bit-fields from multiple threads L2
CON53-CPP Avoid deadlock by locking in a predefined order L3
CON54-CPP Wrap functions that can spuriously wake up in a loop L3
CON55-CPP Preserve thread safety and liveness when using condition variables L3
CON56-CPP Do no speculatively lock a non-recursive mutex that is already owned by the calling thread L3
MSC50-CPP Do not use std::rand() for generating pseudorandom numbers L2
MSC51-CPP Ensure your random number generator is properly seeded L1
MSC52-CPP Value-returning functions must return a value from all exit paths L2
MSC53-CPP Do not return from a function declared [[noreturn]] L3
MSC54-CPP A signal handler must be a plain old function L2
| synopsys.com | 10SEI CERT Oracle Secure Coding Standard for Java (online version)
The SEI CERT Oracle Secure Coding Standard for Java was developed primarily referring to the following version of the Java language:
• The Java Language Specification (3rd Edition)
The SEI CERT Oracle Secure Coding Standard for Java focuses on the following Java platforms:
• The Java Standard Edition 6 Platform (Java SE 6)
• The Java Standard Edition 7 platform (Java SE 7)
The SEI CERT Oracle Secure Coding Standard for Java wiki contains 182 coding rules, of which 38 are Level L1, 48 are Level L2, and 96
are Level L3.
The CERT Secure Coding wiki for Java is here:
https://wwwsecurecodingcertorg/confluence/display/java/
The SEI CERT Oracle Secure Coding Standard for Java (Standard Edition 6) is here:
https://wwwinformitcom/store/cert-oracle-secure-coding-standard-for-java-9780321803955
The SEI CERT Oracle Secure Coding Standard for Java wiki also documents some recommendations The recommendations are not part
of the core secure coding standard
CERT Java L1 and L2 rule coverage (online version)
Rules
Section % Coverage
Supported All
All 61 74* 82.4
IDS 7 8 87.5
EXP 3 4 75.0
NUM 4 4 100.0
STR 1 1 100.0
OBJ 6 9* 66.7
MET 5 7* 71.4
ERR 3 3 100.0
VNA 0 2 0.0
LCK 5 5 100.0
TSM 0 1 0.0
FIO 5 5 100.0
SER 6 7* 85.7
SEC 8 8 100.0
ENV 3 5* 60.0
JNI 1 1* 100.0
MSC 4 4 100.0
* There are 38 total CERT Java L1 and 48 total CERT Java L2 rules. Apart from five stub L1 rules (SEC08-J, SEC09-J, SEC10-J, JNI03-J,
and MSC10-J), and two nonautomated L1 rules (ENV04-J and ENV05-J), there are 31 validated L1 rules considered in this calculation.
Similarly, apart from two deprecated L2 rules (IDS09-J and SER13-J), three stub L2 rules (IDS15-J, OBJ14-J, and MET13-J), there are 43
validated L2 rules considered in this calculation.
| synopsys.com | 11CERT Java supported rules (online version)
Rule Description Level
IDS00-J Prevent SQL injection L1
IDS01-J Normalize strings before validating them L1
IDS03-J Do not log unsanitized user input L2
IDS07-J Sanitize untrusted data passed to the Runtimeexec() method L1
IDS08-J Sanitize untrusted data included in a regular expression L3
IDS11-J Perform any string modifications before validation L1
IDS16-J Prevent XML Injection L1
IDS17-J Prevent XML External Entity Attacks L2
ERR02-J Prevent exceptions while logging data L2
ERR04-J Do not complete abruptly from a finally block L3
ERR07-J Do not throw RuntimeException, Exception, or Throwable L2
ERR08-J Do not catch NullPointerException or any of its ancestors L1
EXP00-J Do not ignore values returned by methods L2
EXP01-J Do not use a null in a case where an object is required L3
EXP02-J Do not use the Object.equals() method to compare two arrays L2
EXP03-J Do not use the equality operators when comparing values of boxed primitives L2
NUM00-J Detect or prevent integer overflow L3
NUM02-J Ensure that division and remainder operations do not result in divide-by-zero errors L2
NUM07-J Do not attempt comparisons with NaN L3
NUM09-J Do not use floating-point variables as loop counters L2
NUM10-J Do not construct BigDecimal objects from floating-point literals L2
NUM11-J Do not compare or inspect the string representation of floating-point values L2
OBJ01-J Limit accessibility of fields L1
OBJ05-J Do not return references to private mutable class members L1
OBJ09-J Compare classes and not class names L2
OBJ10-J Do not use public static nonfinal fields L2
OBJ11-J Be wary of letting constructors throw exceptions L1
OBJ13-J Ensure that references to mutable objects are not exposed L1
MET00-J Validate method arguments L2
MET01-J Never use assertions to validate method arguments L2
MET02-J Do not use deprecated or obsolete classes or methods L3
MET04-J Do not increase the accessibility of overridden or hidden methods L2
MET05-J Ensure that constructors do not call overridable methods L2
MET06-J Do not invoke overridable methods in clone() L1
MET07-J Never declare a class method that hides a method declared in a superclass or superinterface L3
MET09-J Classes that define an equals() method must also define a hashCode() method L3
LCK00-J Use private final lock objects to synchronize classes that may interact with untrusted code L3
LCK01-J Do not synchronize on objects that may be reused L2
LCK02-J Do not synchronize on the class object returned by getClass() L2
LCK03-J Do not synchronize on the intrinsic locks of high-level concurrency objects L2
LCK06-J Do not use an instance lock to protect shared static data L2
LCK08-J Ensure actively held locks are released on exceptional conditions L2
| synopsys.com | 12Rule Description Level
FIO02-J Detect and handle file-related errors L2
FIO03-J Remove temporary files before termination L2
FIO05-J Do not expose buffers or their backing arrays methods to untrusted code L1
FIO08-J Do not expose buffers or their backing arrays methods to untrusted code L1
FIO14-J Perform proper cleanup at program termination L1
SEC00-J Do not allow privileged blocks to leak sensitive information across a trust boundary L2
SEC01-J Do not allow tainted variables in privileged blocks L1
SEC02-J Do not base security checks on untrusted sources L1
SEC03-J Do not load trusted classes after allowing untrusted code to load arbitrary classes L1
SEC04-J Protect sensitive operations with security manager checks L1
SEC05-J Do not use reflection to increase accessibility of classes, methods, or fields L1
SEC06-J Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar L1
SEC07-J Call the superclass’s getPermissions() method when writing a custom class loader L1
SER01-J Do not deviate from the proper signatures of serialization methods L1
SER04-J Do not allow serialization and deserialization to bypass the security manager L2
SER05-J Do not serialize instances of inner classes L1
SER08-J Minimize privileges before deserializing from a privileged context L1
SER09-J Do not invoke overridable methods from the readObject() method L3
SER11-J Prevent overwriting of externalizable objects L2
SER12-J Prevent deserialization of untrusted data L2
STR02-J Specify an appropriate locale when comparing locale-dependent data L2
ENV02-J Do not trust the values of environment variables L2
ENV03-J Do not grant dangerous combinations of permissions L1
ENV06-J Production code must not contain debugging entry points L1
JNI01-J Safely invoke standard APIs that perform tasks using the immediate caller’s class loader instance L1
(loadLibrary)
MSC00-J Use SSLSocket rather than Socket for secure data exchange L2
MSC01-J Do not use an empty infinite loop L3
MSC02-J Generate strong random numbers L1
MSC03-J Never hard code sensitive information L1
MSC07-J Prevent multiple instantiations of singleton objects L3
MSC11-J Do not let session information leak within a servlet L2
This datasheet applies to Coverity 2021.9.0 and later releases.
| synopsys.com | 13The Synopsys difference
Synopsys helps development teams build secure, high-quality software, minimizing risks while
maximizing speed and productivity. Synopsys, a recognized leader in application security,
provides static analysis, software composition analysis, and dynamic analysis solutions that
enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source
components, and application behavior. With a combination of industry-leading tools, services,
and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps
and throughout the software development life cycle.
For more information, go to www.synopsys.com/software.
Synopsys, Inc.
690 E Middlefield Road
Mountain View, CA 94043 USA
Contact us:
U.S. Sales: 800.873.8193
International Sales: +1 415.321.5237
Email: sig-info@synopsys.com
©2021 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks is available at www.
synopsys.com/copyright.html . All other names mentioned herein are trademarks or registered trademarks of their respective owners. September 2021
| synopsys.com | 14You can also read
