Page tree

Skip to end of metadata
Go to start of metadata

This release includes the following enhancements:

Release date: June 22, 2022

Enhanced Automotive Compliance Pack

We've extended the Automotive Pack to help you achieve compliance with the automotive standards.

Updates for MISRA C:2012 Technical Corrigendum 2

We've updated the MISRA C 2012 rule set, test configuration and compliance reporting to reflect changes brought in by MISRA’s Technical Corrigendum 2. 

Enhanced Security Compliance Pack

 We've extended the Security Pack to help you achieve compliance with the security standards.

New Rule Set for DISA ASD STIG Compliance

We've added a new DISA ASD STIG rule set for compliance with DISA STIG security standard. Existing DISA-ASD-STIG test configuration has been updated to use the new rule set.  

Enhanced Static Analysis

We’ve enhanced the flow analysis engine to better support modern C++ constructs, including smart pointers such as unique_ptr, shared_ptr, auto_ptr, and weak_ptr. These enhancements in smart pointers semantics understanding enable precise tracking of resource use and improve the quality and accuracy of reported findings. 

C/C++test Container Image at Docker Hub

You can download a ready to use C/C++test container image from Docker Hub: https://hub.docker.com/r/parasoft/cpptest. See also Deploying C/C++test in a Docker Container.

Support for Platforms

Windows 11 is now supported by C/C++test. 

Support for Compilers

We've added support for the following compilers:

Compiler NameCompiler Identifier
GNU GCC 10.x (x86_64)gcc_10-64
GNU GCC 11.x (x86_64)gcc_11-64
Microsoft Visual C++ 14.3vc_14_3
Microsoft Visual C++ 14.3 (x64)vc_14_3-64
Qualcomm Hexagon Clang 8.4hexagon-clang_8_4
Synopsys Metaware ARC 2020.06ccac_2020_06
Tasking TriCore 4.2vxtc_4_2
Tasking TriCore 6.3vxtc_6_3

Support for IDEs

We've added support for the following IDEs:

  • Eclipse 2021-09 (4.21)
  • Eclipse 2021-12 (4.22)
  • Eclipse 2022-03 (4.23)
  • Visual Studio 2022

We’ve enhanced the VSCode Extension for C/C++test to integrate with GitLab pipelines.

New and Updated Code Analysis Rules

We've added new static analysis rules to extend coverage of coding standards. See New Rules and Updated Rules for the lists of new and updated rules.

New and Updated Test Configurations

We’ve updated the following test configurations: 

  • AUTOSAR C++14 Coding Guidelines 
  • CWE Top 25 + On the Cusp 2019 
  • CWE Top 25 2019 
  • DISA-ASD-STIG 
  • Flow Analysis Aggressive 
  • Flow Analysis Fast 
  • Flow Analysis Standard 
  • High Integrity C++ 
  • MISRA C 2004 
  • MISRA C 2012 
  • MISRA C++ 2008 
  • SEI CERT C Guidelines 
  • SEI CERT C Rules 
  • SEI CERT C++ Rules 

Licensing

This release requires updating license keys.

Upgrading to 2022.1 might cause machine ID change on Windows and Linux. Verify your machine ID before requesting a new license from Parasoft. For information about verifying your machine ID, see Obtaining the Machine ID.

For details, please contact your Parasoft representative.

Other Changes

  • OIDC authentication with Azure AD is now supported for IDE-based workflows. See Configuring OpenID Connect in the UI.
  • OIDC authentication with device code is now supported for the command line-based workflows. See Configuring OpenID Connect in the .properties File.
  • IPv6 is now supported.
  • You can now specify a custom name of your C/C++test report. See report.file.name.
  • TFS SDK libraries are now no longer distributed as part of Parasoft. If you want TFS support to work on your machine, you need to install TFS SDK from vendor.

Deprecated and Removed Support

Removed Support for IDEs

Support for the following IDEs is now removed:

  • Eclipse 4.4
  • Eclipse 4.5
  • Visual Studio 2012
  • Visual Studio 2013

Removed Support for Compilers

Support for the following compilers is now removed:

  • Microsoft Visual C++ 9.0
  • Microsoft Visual C++ 9.0 (x64)
  • Microsoft Visual C++ 10.0
  • Microsoft Visual C++ 10.0 (x64)

Resolved Bugs and FRs

Bug/FR IDDescription
CPP-36108 [coverage] Add code coverage for classes and lambdas defined inside template functions
CPP-48321 [engine][EDG] error: pack expansion does not make use of any argument packs
CPP-48585 [engine][EDG] Instrumentation error "std::enable_if<false, void>" has no member "type" for ASIO library
CPP-49194 [static] FORMAT-11 reports false positive on reference declaration
CPP-49198 [static] GLOBAL-ONEUSEVAR (AUTOSAR-M0_1_4-a) reports violations on const variables in header files
CPP-49658 [ide] No validation message when importing an incorrect path in "C/C++ advanced settings"
CPP-49695 [static] CODSTA-119 (MISRA2012-RULE-16_4_b) reports false positive on break after block with comment
CPP-49701 [static] AUTOSAR-A11_3_1-a false positive
CPP-49704 [engine][EDG] Incorrect initializer_range for in-class field initializers (when initializing with constant values?)
CPP-49715 [engine][EDG] error: class "std::__2::enable_if<false, bool>" has no member "type"
CPP-49766 [static] AUTOSAR-A7_1_7-a: false positive
CPP-49767 [static] MISRA2004-16_7 reports false positive when an element of array that is a pointer is passed as non-const pointer
CPP-49768 [engine][EDG] error: a reference of type "std::pair<DataAccess::Common::Geometry::TCoordScaleNDS::TBaseType, DataAccess::Common::Geometry::TCoordScaleNDS::TBaseType> &" (not const-qualified) cannot be initialized with a value 
CPP-49773 [rulewizard] The 'Body' property for 'Class' node does not work correctly for static members defined outside template classes
CPP-49777 [compiler] Improve handling of --relaxed_ansi option for tiarm compilers
CPP-49779 [compiler] Add support for __builtin_addressof for tiarm_18_2
CPP-49808 [engine] cpptestcc compile error: label â€anonymous__CPTR_0’ used but not defined
CPP-49847 [rulewizard] static_cast is detected as normal cast in copy elision of a bit-wise copy initialization
CPP-49854 [static] MISRA2004-12_8 should not report when the number of bits is ensured by bitwise & operator 
CPP-49857 [static] MISRA2004-16_10 (AUTOSAR-M0_3_2-a) reports false positive on overloaded assignment operators
CPP-49867 [static] OPT-41 should check filenames as case insensitive in Windows systems
CPP-49868 [engine][EDG] internal error: assertion failed at: "scope_stk.c", line 10905 in get_enclosing_template_params_and_args
CPP-49889 [engine] Error on test case data generation when routine has VLA parameter
CPP-49908 [docs] Fix documentation for OIDC settings
CPP-49909 [rulewizard] Functional casts are detected as C-style casts on initializations of non-aggregates inside aggregates
CPP-49949 [static] IndexError: list index out of range in SECURITY-14
CPP-49950 [static] C++Test output doesn't show error on second run
CPP-49966 [static] COMMENT-14 fails on error in own internal procedure
CPP-49984 [rulewizard] Incorrectly detected class in template specialization function instantiated by const class type
CPP-49991 [static] MISRA2004-12_4_a (MISRAC2012-RULE_13_5-a) does not report violation on access to a volatile object 
CPP-49993 [ide] Some assertion macros missing from Test Case Editor
CPP-49994 [static] AUTOSAR-M0_1_3-a(OPT-02) does not correctly parse structured binding in C++17
CPP-50002 [EDG] error: operand types are incompatible 
CPP-50061 [compiler] renrx and gcc: improve config for compiler options changing plain 'char' type signedness
CPP-50062 [static] False positive for AUTOSAR-M5_0_4-a
CPP-50087 [ide] Creating new test configuration enables some unselected metrics
CPP-50089 [compiler] LSI fails for TIC compilers if project path contain spaces
CPP-50100 [static] AUTOSAR-A12_1_1-a false positive
CPP-50103 [static] AUTOSAR-M3_4_1-a: false positive
CPP-50106 [rulewizard] Template function's unnamed parameter not connected with correct line in code
CPP-50107 [static] MISRA2004-14_1_b reports false positive when the return statement is used after extern array declaration in function
CPP-50108 [static] Improve mapping for AUTOSAR-A2-13-1
CPP-50110 [static] FORMAT-25 reports false positives because does not support sizeof... operator
CPP-50111 [ide] C/C++test Professional cannot find IAppFile when pointing to symlink file
CPP-50113 [static] HICPP-5_8_1-a (AUTOSAR-A5_16_1-a) reports false positive on conditional operator used as separate expression
CPP-50123 [static] CODSTA-CPP-101 (AUTOSAR-A13_2_3-a) reports false positive on template conversion operators
CPP-50125 [static] EXCEPT-22 reports false positive when template function with @throw specification is called
CPP-50128 [static] EXCEPT-14 (AUTOSAR-A15_5_3-h) reports false positive when an exception is catch inside function in try-catch block
CPP-50134 [static] AUTOSAR-A15_4_5-a false positive 
CPP-50139 [static] MISRA2004-14_1_f (AUTOSAR-M0_1_1-e) reports false positive when 'return' statement is used inside 'catch' block
CPP-50148 [static] Improve mapping for AUTOSAR-M12-1-1
CPP-50149 [static] CODSTA-CPP-78 (AUTOSAR-M9_3_3-a) reports false positive when captured 'this' is modified in lambda expression in non-const function
CPP-50168 [engine][EDG] cpptestcc instrumentation compilation error: incomplete type is not allowed
CPP-50171 [static] Improve mapping for CERT_C-PRE31
CPP-50181 [coverage] For longer method names "Coverage Summary" columns are heavily unaligned making report unreadable
CPP-50209 [compiler] VC++ 2017 (and newer): add support for /external option
CPP-50220 [vscode] Improve showing suppressions (quick-fixes) for multiple violations in the same line
CPP-50234 [static] FORMAT-06 (AUTOSAR-A7_1_7-a) reports false positive when multiline C-style comment is used inside statement
CPP-50235 [static] EXCEPT-08 (AUTOSAR-M15_3_1-a/AUTOSAR-A15_5_3-f) reports false positives on calls to constexpr functions
CPP-50236 [static] MISRA2004-9_2_c (AUTOSAR-M8_5_2-c) reports false positive when the struct with static const variables is initialized
CPP-50246 [static] CODSTA-MCPP-04 (AUTOSAR-A4_10_1-b) reports false positive when a 'new' with the '0' constant is assigned to a pointer
CPP-50255 [engine][EDG] cpptestcc internal error: assertion failed: gen_paren_or_brace_dynamic_init: bad kind (cp_gen_be.c, line 22147 in gen_paren_or_brace_dynamic_init)
CPP-50260 [static] TEMPL-12 (AUTOSAR-M14_6_1-a) reports false positives on implicit calls of function from non-dependent base class
CPP-50263 [static] MISRA2004-8_4 internal error (zh_CN only)
CPP-50272 [coverage] Improve coverage integration for CMake with incremental builds (GNU/clang compilers; Ninja/Make generator)
CPP-50281 [static] Inconsistent behaviour of MISRAC2012-RULE_17_7-a
CPP-50296 [static] HICPP-18_2_4-a reports false positive on pattern that is not Double-Checked Locking
CPP-50312 [engine] GNU make is leaking file descriptors if cpptesttrace is used
CPP-50360 [static] COMMENT-14_b (AUTOSAR-A2_7_3-b) should ignore [in], [out] and [in,out] in comment for @param tags 
CPP-50361 [static] MISRA2004-14_1_a (HICPP-1_2_1-a) reports false positive on 'if' with condition containing enum constant dependent from template type
CPP-50387 [static] OPT-32 (AUTOSAR-M0_1_8-a) reports false positive violations on functions containing implicit calls of constructors with side effects
CPP-50397 [static][change output message] CODSTA-178 (MISRAC2012-RULE_5_1-a) - remove line number from output message
CPP-50398 [rulewizard] RuleWizard a(b) block doesn't match the builtin function __builtin_choose_expr()
CPP-50419 [static] MISRA2004-5_2_b (MISRA2008-2_10_2_b) reports false positive for unrelated enum class identifiers
CPP-50467 [static] CODSTA-122_a (CERT_C-ERR33-a) reports false positive when function call is used in condition of ternary operator
CPP-50565 STL-23 (HICPP-17_5_1-a) reports false positive when the result of the 'remove_if' function is used as argument in the call to the 'erase'
CPP-50586 [EDG] assertion failed at: "overload.c" during class template arguments deduction
CPP-50695 Cannot run static analysis successfully with "-f" compiler option
FA-7833 BD-RES-LEAKS reports false positives on resources managed by smart pointers
FA-8047 BD-PB-NP false negative
FA-8531 Improve documentation of BD-PB-VOVR rule
FA-8562 BD-PB-NOTINIT false positive on nested anonymous structures
FA-8625 BD-PB-OVERFNZT reports bogus violation cause memcpy makes first arg non-zero terminated again
FA-8696 Improve documentation of BD-TRS-DIFCS rule
FA-8697 BD-RES-LEAKS false negative
FA-8701 Flow Analysis uses incorrect assumption on the size of the unknown buffer pointed to by void*
FA-8736 BD-PB-CC false positive caused by read
FA-8739 BD.PB.ARRAY false positive
FA-8774 BD-API-VALPARAM false positive as squared value of variable cannot be < 0
FA-8792 BD-PB-VALRANGE false positive
FA-8824 BD.SECURITY.TDALLOC potential false negative
FA-8839 BD-PB-NP false negative because FA does not understand shared_ptr semantics.
FA-8853 BD-PB-CC false positive as Flow Analysis does not fully take into account that fgets changes contents of the buffer
FA-8884 BD-TRS-MLOCK violations are missing in the incremental run
FA-8901 MISRAC2012-DIR_4_11-a (BD-API-VALPARAM) false positive
FA-8910 BD-PB-VOVR false positive when variable is used only to calculate a constant value
XT-39581Could not parse JSON with access token containing duplicated entries
XT-39618"Automatically import findings at a specific time" doesn't work in Visual Studio
XT-39839How to use scope.path.accept.regexp and scope.path.reject.regexp


New Rules

Rule ID

Header

APSC_DV-000160-aDo not use weak encryption functions
APSC_DV-000170-aDo not use weak encryption functions
APSC_DV-000480-aProtect against SQL injection
APSC_DV-000500-aObserve correct revocation order while relinquishing privileges
APSC_DV-000650-aDo not print potentially sensitive information, resulting from an application error into exception messages
APSC_DV-001290-aProtect against SQL injection
APSC_DV-001290-bUntrusted data is used as a loop boundary
APSC_DV-001290-cAvoid passing user input into methods as parameters
APSC_DV-001290-dAvoid using unsecured shell functions that may be affected by shell metacharacters
APSC_DV-001300-aProtect against SQL injection
APSC_DV-001740-aAvoid passing sensitive data to functions that write to log files
APSC_DV-001750-aAvoid passing sensitive data to functions that write to log files
APSC_DV-001850-aAvoid passing sensitive data to functions that write to log files
APSC_DV-001860-aDo not use weak encryption functions
APSC_DV-001995-aAvoid race conditions when using fork and file descriptors
APSC_DV-001995-bAvoid race conditions while checking for the existence of a symbolic link
APSC_DV-001995-cAvoid race conditions while accessing files
APSC_DV-001995-dUse locks to prevent race conditions when modifying bit fields
APSC_DV-001995-eDo not use global variable with different locks set
APSC_DV-001995-fAvoid using thread-unsafe functions
APSC_DV-001995-gUsage of functions prone to race is not allowed
APSC_DV-001995-hAvoid using the 'vfork()' function
APSC_DV-001995-iProperly define signal handlers
APSC_DV-002000-aEnsure resources are freed
APSC_DV-002010-aDo not use weak encryption functions
APSC_DV-002290-aDo not use the rand() function for generating pseudorandom numbers
APSC_DV-002290-bProperly seed pseudorandom number generators
APSC_DV-002290-cThe 'random_shuffle' identifier should not be used
APSC_DV-002290-dAvoid functions which use random numbers from standard C library
APSC_DV-002350-aDo not use weak encryption functions
APSC_DV-002390-aDisable resolving XML external entities (XXE) in libxerces-c
APSC_DV-002390-bDo not process structured text data natively
APSC_DV-002390-cDo not use scanf and fscanf functions without specifying variable size in format string
APSC_DV-002390-dDo not use mbstowcs() function
APSC_DV-002400-aExclude unsanitized user input from format strings
APSC_DV-002400-bThe execution of a function registered with 'std::atexit()' or 'std::at_quick_exit()' should not exit via an exception
APSC_DV-002400-cAvoid using the 'vfork()' function
APSC_DV-002400-dAvoid using thread-unsafe functions
APSC_DV-002440-aAvoid passing sensitive data to functions that write to log files
APSC_DV-002460-aAvoid passing sensitive data to functions that write to log files
APSC_DV-002470-aAvoid passing sensitive data to functions that write to log files
APSC_DV-002480-aDo not print potentially sensitive information, resulting from an application error into exception messages
APSC_DV-002510-aProtect against command injection
APSC_DV-002520-aProtect against environment injection
APSC_DV-002520-bProtect against file name injection
APSC_DV-002520-cProtect against SQL injection
APSC_DV-002520-dNever use unfiltered data from an untrusted user as the format parameter
APSC_DV-002520-eAvoid tainted data in array indexes
APSC_DV-002520-fProtect against integer overflow/underflow from tainted data
APSC_DV-002520-gAvoid passing unvalidated binary data to log methods
APSC_DV-002520-hProtect against command injection
APSC_DV-002520-iAvoid printing tainted data on the output console
APSC_DV-002520-jExclude unsanitized user input from format strings
APSC_DV-002520-kUntrusted data is used as a loop boundary
APSC_DV-002530-aProtect against environment injection
APSC_DV-002530-bProtect against file name injection
APSC_DV-002530-cProtect against SQL injection
APSC_DV-002530-dNever use unfiltered data from an untrusted user as the format parameter
APSC_DV-002530-eAvoid tainted data in array indexes
APSC_DV-002530-fProtect against integer overflow/underflow from tainted data
APSC_DV-002530-gAvoid passing unvalidated binary data to log methods
APSC_DV-002530-hProtect against command injection
APSC_DV-002530-iAvoid printing tainted data on the output console
APSC_DV-002530-jExclude unsanitized user input from format strings
APSC_DV-002530-kUntrusted data is used as a loop boundary
APSC_DV-002540-aProtect against SQL injection
APSC_DV-002550-aProtect against environment injection
APSC_DV-002550-bProtect against file name injection
APSC_DV-002550-cProtect against SQL injection
APSC_DV-002550-dNever use unfiltered data from an untrusted user as the format parameter
APSC_DV-002550-eAvoid tainted data in array indexes
APSC_DV-002550-fProtect against integer overflow/underflow from tainted data
APSC_DV-002550-gAvoid passing unvalidated binary data to log methods
APSC_DV-002550-hProtect against command injection
APSC_DV-002550-iAvoid printing tainted data on the output console
APSC_DV-002550-jExclude unsanitized user input from format strings
APSC_DV-002550-kUntrusted data is used as a loop boundary
APSC_DV-002560-aProtect against environment injection
APSC_DV-002560-bProtect against file name injection
APSC_DV-002560-cProtect against SQL injection
APSC_DV-002560-dNever use unfiltered data from an untrusted user as the format parameter
APSC_DV-002560-eAvoid tainted data in array indexes
APSC_DV-002560-fProtect against integer overflow/underflow from tainted data
APSC_DV-002560-gAvoid passing unvalidated binary data to log methods
APSC_DV-002560-hProtect against command injection
APSC_DV-002560-iAvoid printing tainted data on the output console
APSC_DV-002560-jExclude unsanitized user input from format strings
APSC_DV-002560-kUntrusted data is used as a loop boundary
APSC_DV-002570-aAvoid passing sensitive data to functions that write to log files
APSC_DV-002570-bDo not print potentially sensitive information, resulting from an application error into exception messages
APSC_DV-002590-aAvoid buffer overflow due to defining incorrect format limits
APSC_DV-002590-bAvoid overflow due to reading a not zero terminated string
APSC_DV-002590-cAvoid overflow when reading from a buffer
APSC_DV-002590-dAvoid overflow when writing to a buffer
APSC_DV-002590-eAvoid integer overflows
APSC_DV-002590-fPrevent buffer overflows from tainted data
APSC_DV-002590-gProtect against integer overflow/underflow from tainted data
APSC_DV-002590-hAvoid buffer overflow from tainted data due to defining incorrect format limits
APSC_DV-002590-iAvoid buffer read overflow from tainted data
APSC_DV-002590-jAvoid buffer write overflow from tainted data
APSC_DV-002590-kEnsure the output buffer is large enough when using path manipulation functions
APSC_DV-003110-aDo not hard code string literals
APSC_DV-003235-aAvoid passing unvalidated binary data to log methods
APSC_DV-003235-bAvoid passing sensitive data to functions that write to log files
AUTOSAR-M12_1_1-bDo not use dynamic type of an object under destruction
BD-PB-MEMOPTAvoid calls to memory-setting functions that can be optimized out by the compiler
BD-PB-PATHBUFEnsure the output buffer is large enough when using path manipulation functions
BD-SECURITY-SENSFREESensitive data should be cleared before being deallocated
BD-SECURITY-TDLOOPValidate potentially tainted data before it is used in the controlling expression of a loop
CERT_C-MEM03-aSensitive data should be cleared before being deallocated
CERT_C-MSC06-aAvoid calls to memory-setting functions that can be optimized out by the compiler
CODSTA-108_bThe facilities that are specified as being provided bytgmath.hshould not be used
CODSTA-224The conditional operator should not be used as a sub-expression
CODSTA-CPP-60_bOnly those escape sequences that are defined in ISO/IEC 14882:2014 shall be used
CODSTA-MCPP-55Use std::call_once rather than the Double-Checked Locking pattern
CWE-119-kEnsure the output buffer is large enough when using path manipulation functions
CWE-787-gEnsure the output buffer is large enough when using path manipulation functions
MISRA2004-16_8_bAll exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
MISRA2008-12_1_1_bDo not use dynamic type of an object under destruction
MISRA2012-RULE-17_4_bAll exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
MISRA2012-RULE-21_11_bThe facilities that are specified as being provided bytgmath.hshould not be used
MISRAC2012-RULE_17_4-bAll exit paths from a function, except main(), with non-void return type shall have an explicit return statement with an expression
MISRAC2012-RULE_21_11-bThe facilities that are specified as being provided bytgmath.hshould not be used
OOP-11_bFriend declarations shall not be used except declarations of comparison operators

Updated Rules

Category ID

Rule IDs

AUTOSAR C++14 Coding Guidelines AUTOSAR-A0_1_1-a, AUTOSAR-A0_4_4-a, AUTOSAR-A11_3_1-a, AUTOSAR-A12_1_1-a, AUTOSAR-A12_8_3-a, AUTOSAR-A13_2_3-a, AUTOSAR-A15_0_2-a, AUTOSAR-A15_1_4-a, AUTOSAR-A15_4_5-a, AUTOSAR-A15_5_3-f, AUTOSAR-A15_5_3-h, AUTOSAR-A16_2_2-a, AUTOSAR-A18_1_1-a, AUTOSAR-A18_9_4-a, AUTOSAR-A23_0_2-a, AUTOSAR-A26_5_2-a, AUTOSAR-A27_0_1-g, AUTOSAR-A27_0_1-h, AUTOSAR-A27_0_2-a, AUTOSAR-A27_0_2-b, AUTOSAR-A2_10_1-b, AUTOSAR-A2_13_1-a, AUTOSAR-A2_7_3-a, AUTOSAR-A3_3_1-a, AUTOSAR-A4_10_1-b, AUTOSAR-A5_16_1-a, AUTOSAR-A5_2_5-a, AUTOSAR-A5_2_5-c, AUTOSAR-A5_3_2-a, AUTOSAR-A5_6_1-a, AUTOSAR-A7_1_7-a, AUTOSAR-A7_6_1-a, AUTOSAR-A8_4_2-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_1-b, AUTOSAR-M0_1_1-e, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_4-a, AUTOSAR-M0_1_8-a, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-e, AUTOSAR-M0_3_1-f, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_2-a, AUTOSAR-M12_1_1-a, AUTOSAR-M14_6_1-a, AUTOSAR-M15_3_1-a, AUTOSAR-M3_4_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_0_16-b, AUTOSAR-M5_14_1-a, AUTOSAR-M5_8_1-a, AUTOSAR-M7_1_2-b, AUTOSAR-M7_3_1-a, AUTOSAR-M8_5_2-c, AUTOSAR-M9_3_3-a
Flow Analysis BD-API-VALPARAM, BD-CO-ITMOD, BD-CO-ITOUT, BD-MISC-DC, BD-PB-ARRAY, BD-PB-CC, BD-PB-INVRET, BD-PB-NORETURN, BD-PB-NOTINIT, BD-PB-NP, BD-PB-OVERFNZT, BD-PB-OVERFWR, BD-PB-OVERFZT, BD-PB-OVERLAP, BD-PB-PTRARR, BD-PB-SUBSEQ, BD-PB-SUBSEQFRWD, BD-PB-SUBSEQMOVE, BD-PB-VALRANGE, BD-PB-VCTOR, BD-PB-VDTOR, BD-PB-VOVR, BD-PB-ZERO, BD-RES-LEAKS, BD-SECURITY-RAND, BD-SECURITY-TDALLOC, BD-SECURITY-TDCMD, BD-SECURITY-TDCONSOLE, BD-SECURITY-TDENV, BD-SECURITY-TDFNAMES, BD-SECURITY-TDINPUT, BD-SECURITY-TDSQL, BD-TRS-BITLOCK, BD-TRS-DIFCS, BD-TRS-MLOCK
SEI CERT C CERT_C-API01-a, CERT_C-ARR30-a, CERT_C-ARR38-b, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON30-a, CERT_C-CON32-a, CERT_C-CON43-a, CERT_C-DCL01-b, CERT_C-DCL13-a, CERT_C-DCL15-a, CERT_C-DCL19-a, CERT_C-DCL22-a, CERT_C-ENV01-c, CERT_C-ENV34-a, CERT_C-ERR33-a, CERT_C-ERR33-c, CERT_C-EXP02-a, CERT_C-EXP08-b, CERT_C-EXP12-a, CERT_C-EXP33-a, CERT_C-EXP34-a, CERT_C-FIO22-a, CERT_C-FIO32-a, CERT_C-FIO37-a, CERT_C-FIO42-a, CERT_C-FLP03-a, CERT_C-FLP32-a, CERT_C-INT10-a, CERT_C-INT31-a, CERT_C-INT31-b, CERT_C-INT31-i, CERT_C-INT31-j, CERT_C-INT31-k, CERT_C-INT33-a, CERT_C-INT36-b, CERT_C-MEM00-e, CERT_C-MEM12-a, CERT_C-MEM31-a, CERT_C-MSC07-b, CERT_C-MSC07-f, CERT_C-MSC12-b, CERT_C-MSC12-f, CERT_C-MSC19-a, CERT_C-MSC19-b, CERT_C-MSC32-d, CERT_C-MSC37-a, CERT_C-POS30-a, CERT_C-POS49-a, CERT_C-POS54-a, CERT_C-POS54-c, CERT_C-STR02-a, CERT_C-STR02-b, CERT_C-STR02-c, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR31-b, CERT_C-STR32-a, CERT_C-WIN00-a, CERT_C-WIN30-a
SEI CERT C++ CERT_CPP-CON52-a, CERT_CPP-CTR50-a, CERT_CPP-CTR51-a, CERT_CPP-ERR50-f, CERT_CPP-ERR50-h, CERT_CPP-ERR55-a, CERT_CPP-ERR57-a, CERT_CPP-ERR58-a, CERT_CPP-EXP53-a, CERT_CPP-EXP63-a, CERT_CPP-FIO51-a, CERT_CPP-MSC51-a, CERT_CPP-MSC52-a, CERT_CPP-MSC53-a, CERT_CPP-OOP50-c, CERT_CPP-OOP50-d, CERT_CPP-STR50-b, CERT_CPP-STR50-c, CERT_CPP-STR51-a, CERT_CPP-STR53-a
Coding Conventions CODSTA-04, CODSTA-119, CODSTA-122_a, CODSTA-127_b, CODSTA-161_a, CODSTA-161_b, CODSTA-162, CODSTA-163_b, CODSTA-164_a, CODSTA-164_b, CODSTA-221
Coding Conventions for C++ CODSTA-CPP-101, CODSTA-CPP-36, CODSTA-CPP-60, CODSTA-CPP-78, CODSTA-CPP-82
Coding Conventions for Modern C++ CODSTA-MCPP-04
Comments COMMENT-14
Common Weakness Enumeration CWE-119-a, CWE-119-e, CWE-125-a, CWE-20-d, CWE-20-e, CWE-20-f, CWE-20-g, CWE-20-h, CWE-20-i, CWE-22-a, CWE-362-c, CWE-362-e, CWE-426-a, CWE-476-a, CWE-704-e, CWE-770-a, CWE-772-a, CWE-78-a, CWE-787-a, CWE-787-d, CWE-89-a
Exceptions EXCEPT-08, EXCEPT-14, EXCEPT-22
Formatting FORMAT-06, FORMAT-11, FORMAT-23, FORMAT-24, FORMAT-25
Global Static Analysis GLOBAL-ONEUSEVAR
High Integrity C++ HICPP-12_4_1-b, HICPP-12_4_1-c, HICPP-13_2_2-a, HICPP-17_3_3-a, HICPP-17_5_1-a, HICPP-18_2_2-a, HICPP-1_2_1-b, HICPP-1_2_1-f, HICPP-1_2_1-i, HICPP-2_5_3-a, HICPP-3_1_1-b, HICPP-4_2_2-a, HICPP-5_1_6-d, HICPP-5_2_1-a, HICPP-5_2_1-c, HICPP-5_5_1-a, HICPP-6_3_2-a, HICPP-6_4_1-a, HICPP-8_4_1-a, HICPP-9_1_1-a
Joint Strike Fighter JSF-037, JSF-042, JSF-098, JSF-105, JSF-115, JSF-118, JSF-135_b, JSF-136_b, JSF-137, JSF-143_a, JSF-157, JSF-186_b, JSF-186_f, JSF-207
MISRA C 1998 MISRA-022, MISRA-023, MISRA-038, MISRA-071_a
MISRA C 2004 MISRA2004-12_4_a, MISRA2004-12_8, MISRA2004-13_2, MISRA2004-14_1_b, MISRA2004-14_1_f, MISRA2004-16_10, MISRA2004-16_7, MISRA2004-5_2_b, MISRA2004-8_10, MISRA2004-8_1_a, MISRA2004-9_2_c
MISRA C++ 2008 MISRA2008-0_1_1_b, MISRA2008-0_1_1_f, MISRA2008-0_1_2_aa, MISRA2008-0_1_3_a, MISRA2008-0_1_4, MISRA2008-0_1_6, MISRA2008-0_1_8, MISRA2008-0_3_1_a, MISRA2008-0_3_1_b, MISRA2008-0_3_1_c, MISRA2008-0_3_1_e, MISRA2008-0_3_1_h, MISRA2008-0_3_2, MISRA2008-12_1_1, MISRA2008-12_1_2, MISRA2008-14_6_1, MISRA2008-15_3_1, MISRA2008-15_5_2, MISRA2008-15_5_3_f, MISRA2008-15_5_3_h, MISRA2008-2_10_2_b, MISRA2008-2_13_1, MISRA2008-3_3_1, MISRA2008-3_4_1_a , MISRA2008-5_0_16_a, MISRA2008-5_0_16_b, MISRA2008-5_14_1, MISRA2008-5_8_1, MISRA2008-7_1_2_a, MISRA2008-7_3_1, MISRA2008-8_5_2_c, MISRA2008-9_3_3
MISRA C 2012 (Legacy) MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_a, MISRA2012-DIR-4_14_e, MISRA2012-DIR-4_14_f, MISRA2012-DIR-4_14_g, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_14_k, MISRA2012-DIR-4_14_l, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_b, MISRA2012-DIR-4_1_c, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_h, MISRA2012-RULE-10_1_a, MISRA2012-RULE-10_1_b, MISRA2012-RULE-10_2, MISRA2012-RULE-10_3_b, MISRA2012-RULE-10_4_a, MISRA2012-RULE-10_4_b, MISRA2012-RULE-12_1_c, MISRA2012-RULE-12_2, MISRA2012-RULE-13_5, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-14_4, MISRA2012-RULE-16_1_f, MISRA2012-RULE-16_4_b, MISRA2012-RULE-17_7_a, MISRA2012-RULE-18_1_a, MISRA2012-RULE-18_1_c, MISRA2012-RULE-19_1_c, MISRA2012-RULE-1_3_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_e, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_17_b, MISRA2012-RULE-21_20, MISRA2012-RULE-22_1, MISRA2012-RULE-2_1_b, MISRA2012-RULE-2_1_f, MISRA2012-RULE-2_2_b, MISRA2012-RULE-5_3_b, MISRA2012-RULE-8_13_a, MISRA2012-RULE-9_1
MISRA C 2012 MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_1-c, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-a, MISRAC2012-DIR_4_14-e, MISRAC2012-DIR_4_14-f, MISRAC2012-DIR_4_14-g, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_14-k, MISRAC2012-DIR_4_14-l, MISRAC2012-RULE_10_1-a, MISRAC2012-RULE_10_1-b, MISRAC2012-RULE_10_2-a, MISRAC2012-RULE_10_3-b, MISRAC2012-RULE_10_4-a, MISRAC2012-RULE_10_4-b, MISRAC2012-RULE_12_1-c, MISRAC2012-RULE_12_2-a, MISRAC2012-RULE_13_5-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_14_4-a, MISRAC2012-RULE_16_1-f, MISRAC2012-RULE_16_4-b, MISRAC2012-RULE_17_7-a, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_18_1-c, MISRAC2012-RULE_19_1-c, MISRAC2012-RULE_1_3-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_20-a, MISRAC2012-RULE_22_1-a, MISRAC2012-RULE_2_1-b, MISRAC2012-RULE_2_1-f, MISRAC2012-RULE_2_2-b, MISRAC2012-RULE_5_3-b, MISRAC2012-RULE_8_13-a, MISRAC2012-RULE_9_1-a
Naming Conventions NAMING-06, NAMING-18
Optimization OPT-01, OPT-02, OPT-32, OPT-41
OWASP Top 10 2017 OWASP2017-A1-b, OWASP2017-A1-c, OWASP2017-A1-d, OWASP2017-A1-e, OWASP2017-A1-f, OWASP2017-A3-a, OWASP2017-A5-a
OWASP Top 10 2019 OWASP2019-API3-b, OWASP2019-API3-e, OWASP2019-API3-g, OWASP2019-API3-k, OWASP2019-API4-a, OWASP2019-API4-b, OWASP2019-API8-a, OWASP2019-API8-b, OWASP2019-API8-c, OWASP2019-API8-d, OWASP2019-API8-e, OWASP2019-API8-f, OWASP2019-API8-h, OWASP2019-API9-e
OWASP Top 10 2021 OWASP2021-A1-a, OWASP2021-A2-a, OWASP2021-A3-b, OWASP2021-A3-c, OWASP2021-A3-d, OWASP2021-A3-e, OWASP2021-A3-f, OWASP2021-A8-a
Possible Bugs PB-43
Security SECURITY-04, SECURITY-14
STL Best Practices STL-23, STL-37
Templates TEMPL-12

Removed Rules

Rule ID

Notes

PB-36Consider using BD-PB-VCTOR, BD-PB-VDTOR instead


We've improved the violation message in the following rules: 

  • BD-SECURITY-TDALLOC
  • BD-SECURITY-TDCMD
  • BD-SECURITY-TDCONSOLE
  • BD-SECURITY-TDENV
  • BD-SECURITY-TDFNAMES
  • BD-SECURITY-TDINPUT
  • BD-SECURITY-TDLOOP
  • BD-SECURITY-TDSQL

As a result, existing DTP-based suppressions and in-file suppressions may no longer apply.





  • No labels