Scroll Ignore | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
This release includes the following enhancements:
Release date: , 2024 Enhanced Security Compliance PackEnhanced Static AnalysisIn-File Suppressions Enhancements
For details, see Defining Suppressions in Suppression Files. Support for CompilersThe following compilers are now supported:
The support level for the following compilers has been changed from Extended to Standard:
See Supported Compilers. Support for IDEsThe following IDEs are now supported:
New and Updated Test ConfigurationsThe Security Compliance Pack has been extended by adding support for the following test configurations: The following test configuration has been updated with new rules: Additional Updates
Deprecated and Removed SupportDeprecated Support for IDEsSupport for the following IDEs is deprecated and will be removed in future releases:
Compilers to Be DeprecatedSupport for the following compilers will be deprecated in future releases:
Deprecated CompilersSupport for the following compilers is deprecated and will be removed in future releases:
Removed Support for IDEsSupport for the following IDE is now removed:
Removed Support for CompilersThe following compilers are no longer supported:
Resolved Bugs and FRs
Updates to Rules
Anchor | | Updated Rules | Updated Rules | Updated Rules
AUTOSAR-A5_2_5-e | Avoid accessing collections out of bounds |
AUTOSAR-M0_1_3-f | A project shall not contain unused uninitialized local variables |
AUTOSAR-M0_1_3-g | A project should not contain unused uninitialized variables with internal linkage |
BD-PB-COOB | Avoid accessing collections out of bounds |
CERT_C-DCL37-b | Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared |
CERT_C-DCL37-c | Avoid declaring file-scoped objects whose names begin with an underscore |
CERT_C-DCL37-d | The names of standard library macros should not be reused (C11 code) |
CERT_C-DCL37-e | The names of standard library identifiers with file scope should not be reused (C11 code) |
CERT_C-DCL37-f | The standard library identifiers with external linkage should not be reused (C11 code) |
CERT_C-DCL37-g | Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined |
CERT_C-ERR32-b | Properly define signal handlers |
CERT_C-ERR33-e | Provide error handling for file opening errors right next to the call to fopen |
CERT_C-FIO01-c | Be careful using functions that use file names for identification |
CERT_C-FIO21-b | Use secure temporary file name functions |
CODSTA-303 | A variable declared in an inner scope shall not hide a variable declared in an outer scope |
CODSTA-92_c | The names of standard library macros should not be reused (C11 code) |
CODSTA-92_d | The names of standard library identifiers with file scope should not be reused (C11 code) |
CODSTA-92_e | The standard library identifiers with external linkage should not be reused (C11 code) |
CWE-119-l | Avoid accessing collections out of bounds |
CWE-125-f | Avoid accessing collections out of bounds |
CWE-787-i | Avoid accessing collections out of bounds |
JSF-127_b | Sections of code should not be "commented out" using Doxygen comments |
MISRA2004-2_4_b | Sections of code should not be "commented out" using Doxygen comments |
MISRA2008-0_1_3_f | A project shall not contain unused uninitialized local variables |
MISRA2008-0_1_3_g | A project should not contain unused uninitialized variables with internal linkage |
MISRA2008-2_7_2_b | Sections of code shall not be "commented out" using C-style comments |
MISRA2008-2_7_3_b | Sections of code should not be "commented out" using C++ comments |
MISRA2012-DIR-4_4_b | Sections of code should not be "commented out" using Doxygen comments |
MISRAC2012-DIR_4_4-b | Sections of code should not be "commented out" using Doxygen comments |
MISRACPP2023-19_2_1-b | Use unique multiple include guards |
MISRACPP2023-6_4_1-g | A variable declared in an inner scope shall not hide a variable declared in an outer scope |
NAMING-33_c | Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined |
NAMING-33_d | Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared |
NAMING-33_e | Avoid declaring file-scoped objects whose names begin with an underscore |
OPT-02_b | A project shall not contain unused uninitialized local variables |
OPT-43_b | A project should not contain unused uninitialized variables with internal linkage |
OWASP2019-API3-r | Avoid accessing collections out of bounds |
PFO-02_b | Use unique multiple include guards |
PREPROC-29 | Use angle brackets <> to include standard library headers |
SECURITY-55 | Be careful using functions that use file names for identification |
Anchor Updated Rules Updated Rules
Updated Rules
Updated Rules | |
Updated Rules |
Category ID | Rule IDs |
---|---|
AUTOSAR C++14 Coding Guidelines | AUTOSAR-A0_1_2-a, AUTOSAR-A0_4_4-a, AUTOSAR-A10_1_1-a, AUTOSAR-A10_2_1-a, AUTOSAR-A10_2_1-b, AUTOSAR-A12_0_1-a, AUTOSAR-A13_5_2-a, AUTOSAR-A14_7_2-a, AUTOSAR-A18_9_4-a, AUTOSAR-A23_0_2-b, AUTOSAR-A27_0_2-a, AUTOSAR-A27_0_2-b, AUTOSAR-A2_10_1-e, AUTOSAR-A2_3_1-a, AUTOSAR-A2_7_2-a, AUTOSAR-A4_7_1-c, AUTOSAR-A5_0_1-b, AUTOSAR-A5_2_5-a, AUTOSAR-A5_3_2-a, AUTOSAR-A7_1_7-c, AUTOSAR-A7_2_3-a, AUTOSAR-A7_3_1-a, AUTOSAR-A8_4_2-a, AUTOSAR-A8_4_3-b, AUTOSAR-A8_4_9-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_3-e, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-f, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_1-i, AUTOSAR-M0_3_2-a, AUTOSAR-M16_0_5-a, AUTOSAR-M16_0_8-a, AUTOSAR-M16_1_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_14_1-a, AUTOSAR-M7_1_2-c, AUTOSAR-M8_0_1-a |
Coding Conventions for C++ | CODSTA-CPP-04, CODSTA-CPP-206, CODSTA-CPP-211, CODSTA-CPP-212, CODSTA-CPP-43, CODSTA-CPP-58, CODSTA-CPP-85 |
Coding Conventions for Modern C++ | CODSTA-MCPP-01, CODSTA-MCPP-03, CODSTA-MCPP-47_b, CODSTA-MCPP-56 |
Coding Conventions | CODSTA-122_a, CODSTA-122_b, CODSTA-138, CODSTA-144, CODSTA-226_a, CODSTA-227, CODSTA-29, CODSTA-311, CODSTA-38 |
Common Weakness Enumeration | CWE-119-a, CWE-119-d, CWE-119-e, CWE-125-a, CWE-125-c, CWE-20-f, CWE-362-d, CWE-476-a, CWE-787-a, CWE-787-d |
DISA ASD STIG | APSC_DV-000060-a, APSC_DV-001995-a, APSC_DV-002520-a, APSC_DV-002530-a, APSC_DV-002550-a, APSC_DV-002560-a, APSC_DV-002590-b, APSC_DV-002590-c, APSC_DV-002590-d, APSC_DV-003235-a, APSC_DV-003235-c |
Flow Analysis | BD-API-BADPARAM, BD-API-STRSIZE, BD-API-VALPARAM, BD-CO-ITINVCOMP, BD-CO-STRMOD, BD-PB-ARRAY, BD-PB-CC, BD-PB-NOTINIT, BD-PB-NP, BD-PB-OVERFNZT, BD-PB-OVERFRD, BD-PB-OVERFWR, BD-PB-SUBSEQFRWD, BD-PB-UCMETH, BD-PB-VARARGS, BD-RES-INVFREE, BD-SECURITY-TDENV, BD-TRS-FORKFILE |
Formatting | FORMAT-33, FORMAT-43 |
Global Static Analysis | GLOBAL-PREDICATENOSE |
High Integrity C++ | HICPP-10_3_1-a, HICPP-12_1_1-a, HICPP-12_1_1-b, HICPP-13_1_1-a, HICPP-16_1_4-a, HICPP-17_3_3-a, HICPP-1_2_1-h, HICPP-1_2_1-i, HICPP-3_1_1-e, HICPP-5_1_2-f, HICPP-5_1_2-j, HICPP-5_1_6-d, HICPP-5_2_1-a, HICPP-5_2_1-c, HICPP-6_3_2-a, HICPP-7_1_1-b, HICPP-8_3_1-a, HICPP-8_4_1-a |
Initialization | INIT-12 |
Joint Strike Fighter | JSF-003, JSF-003_b, JSF-009, JSF-060_b, JSF-088, JSF-088_b, JSF-094, JSF-094_b, JSF-114, JSF-115, JSF-115_a, JSF-117.1, JSF-127, JSF-135_e, JSF-143_a, JSF-157, JSF-177_b, JSF-180_d, JSF-204.1_f, JSF-214 |
Memory and Resource Management | MRM-19, MRM-39, MRM-40 |
Metrics | METRIC.CC, METRIC.ECC, METRICS-18, METRICS-28, METRICS-29, METRICS-33, METRICS-34, METRICS-35, METRICS-42 |
MISRA C 1998 | MISRA-005, MISRA-096 |
MISRA C 2004 | MISRA2004-12_2_f, MISRA2004-12_4_a, MISRA2004-16_10, MISRA2004-16_8, MISRA2004-16_8_b, MISRA2004-19_14, MISRA2004-19_16, MISRA2004-19_9, MISRA2004-2_4 |
MISRA C 2012 (Legacy) | MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_c, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_b, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_g, MISRA2012-DIR-4_1_h, MISRA2012-DIR-4_4, MISRA2012-RULE-13_2_f, MISRA2012-RULE-13_4, MISRA2012-RULE-13_5, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-17_4, MISRA2012-RULE-17_4_b, MISRA2012-RULE-17_7_a, MISRA2012-RULE-17_7_b, MISRA2012-RULE-18_1_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_d, MISRA2012-RULE-1_3_e, MISRA2012-RULE-1_3_k, MISRA2012-RULE-20_13, MISRA2012-RULE-20_6, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_17_b, MISRA2012-RULE-21_18, MISRA2012-RULE-22_2_b, MISRA2012-RULE-2_1_h, MISRA2012-RULE-2_8_b, MISRA2012-RULE-2_8_c, MISRA2012-RULE-9_1 |
MISRA C 2023 (MISRA C 2012) | MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-g, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-c, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_4-a, MISRAC2012-RULE_13_2-f, MISRAC2012-RULE_13_4-a, MISRAC2012-RULE_13_5-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_17_4-a, MISRAC2012-RULE_17_4-b, MISRAC2012-RULE_17_7-a, MISRAC2012-RULE_17_7-b, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-d, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_1_3-k, MISRAC2012-RULE_20_13-a, MISRAC2012-RULE_20_6-a, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_18-a, MISRAC2012-RULE_22_2-b, MISRAC2012-RULE_2_1-h, MISRAC2012-RULE_2_8-b, MISRAC2012-RULE_2_8-c, MISRAC2012-RULE_9_1-a |
MISRA C++ 2008 | MISRA2008-0_1_2_aa, MISRA2008-0_1_3_a, MISRA2008-0_1_3_e, MISRA2008-0_1_7, MISRA2008-0_3_1_a, MISRA2008-0_3_1_b, MISRA2008-0_3_1_e, MISRA2008-0_3_1_g, MISRA2008-0_3_1_h, MISRA2008-0_3_2, MISRA2008-16_0_5, MISRA2008-16_0_8, MISRA2008-16_1_1, MISRA2008-2_7_2, MISRA2008-2_7_3, MISRA2008-5_0_16_a, MISRA2008-5_0_1_f, MISRA2008-5_14_1, MISRA2008-7_1_2_b, MISRA2008-8_0_1, MISRA2008-8_4_3 |
MISRA C++ 2023 | MISRACPP2023-0_0_2-a, MISRACPP2023-0_1_2-a, MISRACPP2023-0_2_1-a, MISRACPP2023-0_2_1-b, MISRACPP2023-0_2_3-a, MISRACPP2023-0_2_4-a, MISRACPP2023-0_3_2-a, MISRACPP2023-10_0_1-a, MISRACPP2023-10_1_1-c, MISRACPP2023-10_2_2-a, MISRACPP2023-11_6_2-a, MISRACPP2023-15_1_3-a, MISRACPP2023-15_1_3-b, MISRACPP2023-15_1_5-a, MISRACPP2023-19_0_1-a, MISRACPP2023-19_1_1-a, MISRACPP2023-19_3_5-a, MISRACPP2023-28_3_1-a, MISRACPP2023-28_6_3-a, MISRACPP2023-4_1_3-c, MISRACPP2023-4_6_1-f, MISRACPP2023-5_7_2-a, MISRACPP2023-6_2_3-d, MISRACPP2023-6_4_1-e, MISRACPP2023-6_4_2-a, MISRACPP2023-6_4_2-b, MISRACPP2023-6_8_3-a, MISRACPP2023-6_8_4-a, MISRACPP2023-7_0_1-a, MISRACPP2023-7_0_2-a, MISRACPP2023-8_14_1-a, MISRACPP2023-8_18_2-a, MISRACPP2023-8_7_1-a, MISRACPP2023-8_7_1-c, MISRACPP2023-8_7_1-d, MISRACPP2023-8_7_1-e, MISRACPP2023-9_6_5-a |
Object Oriented | OOP-07, OOP-07_a, OOP-07_b, OOP-07_c, OOP-32, OOP-53 |
Optimization | OPT-02, OPT-43, OPT-46 |
OWASP API Security Top 10 (2019) | OWASP2019-API3-b, OWASP2019-API3-e, OWASP2019-API3-f, OWASP2019-API3-g, OWASP2019-API8-c |
OWASP API Security Top 10 (2023) | OWASP2023-API10-f |
OWASP Top 10 (2017) | OWASP2017-A1-d |
OWASP Top 10 (2021) | OWASP2021-A3-d |
Portability | PORT-28 |
Security | SECURITY-39 |
SEI CERT C++ | CERT_CPP-CTR53-b, CERT_CPP-CTR54-a, CERT_CPP-DCL56-a, CERT_CPP-EXP53-a, CERT_CPP-EXP58-a, CERT_CPP-MSC52-a, CERT_CPP-STR50-b, CERT_CPP-STR50-c, CERT_CPP-STR51-a, CERT_CPP-STR52-a |
SEI CERT C | CERT_C-API01-a, CERT_C-ARR30-a, CERT_C-ARR38-a, CERT_C-ARR38-b, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON31-c, CERT_C-DCL04-a, CERT_C-DCL06-a, CERT_C-ENV01-c, CERT_C-ERR30-b, CERT_C-ERR33-a, CERT_C-EXP02-a, CERT_C-EXP08-b, CERT_C-EXP12-a, CERT_C-EXP12-b, CERT_C-EXP33-a, CERT_C-EXP34-a, CERT_C-FIO37-a, CERT_C-FLP32-a, CERT_C-MEM00-b, CERT_C-MEM34-a, CERT_C-MSC07-i, CERT_C-MSC09-a, CERT_C-MSC12-i, CERT_C-MSC12-j, CERT_C-MSC19-a, CERT_C-MSC19-b, CERT_C-MSC37-a, CERT_C-MSC39-a, CERT_C-POS30-a, CERT_C-POS30-b, CERT_C-POS38-a, CERT_C-POS54-a, CERT_C-PRE02-a, CERT_C-PRE32-a, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR31-b, CERT_C-STR32-a |
Template | TEMPL-16 |
Removed Rules
Rule ID | Notes |
---|---|
AUTOSAR-A3_9_1-c | Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-223_b can be used as a replacement. |
AUTOSAR-A7_1_2-b | Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-MCPP-11_b_cpp11 can be used as a replacement. |
AUTOSAR-M0_1_3-a | Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-02 can be used as a replacement. |
AUTOSAR-M0_1_3-e | Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-43 can be used as a replacement. |
CERT_C-DCL37-a | Removed from SEI CERT C configuration. For other configurations, MISRA2004-20_1_a can be used as a replacement. |
CERT_C-ERR30-b | Removed from SEI CERT C configuration. For other configurations, MRM-39 can be used as a replacement. |
CERT_C-ERR32-a | Removed from SEI CERT C configuration. For other configurations, BD-PB-ERRNO can be used as a replacement. |
CERT_C-FIO01-b | Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement. |
CERT_C-FIO21-a | Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement. |
MISRA2008-0_1_3_a | Removed from MISRA C++ 2008 configuration. For other configurations, OPT-02 can be used as a replacement. |
MISRA2008-0_1_3_e | Removed from MISRA C++ 2008 configuration. For other configurations, OPT-43 can be used as a replacement. |
MISRACPP2023-19_2_1-a | Removed from MISRA C++ 2023 configuration. For other configurations, PFO-02 can be used as a replacement. |
MISRACPP2023-6_4_1-a | Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_a can be used as a replacement. |
MISRACPP2023-6_4_1-b | Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_b can be used as a replacement. |
MISRACPP2023-6_4_1-c | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-83 can be used as a replacement. |
MISRACPP2023-6_4_1-d | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-84 can be used as a replacement. |
MISRACPP2023-6_4_1-e | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-85 can be used as a replacement. |
Category ID
Rule IDs
Removed Rules
Rule ID
Scroll Only |
---|
For information about this release, see https://docs.parasoft.com/display/CPPTEST20242/Updates+in+2024.2. |