Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space CPPTDESKDEV and version 10.4.1

...

Test Configuration Description
Recommended Rules

The default configuration of recommended rules. Covers most Severity 1 and Severity 2 rules. Includes rules in the Flow Analysis Fast configuration.

Flow Analysis StandardDetects complex runtime errors without requiring test cases or application execution. Defects detected include using uninitialized or invalid memory, null pointer dereferencing, array and buffer overflows, division by zero, memory and resource leaks, and dead code.  This requires a special Flow Analysis license option. See Introducing Built-in Flow Analysis Test Configurations for more details on Flow Analysis Test Configurations.
Flow Analysis Fast The fast configuration uses "Shallowest" depth of analysis and runs faster than the standard and aggressive configurations. The fast configuration finds a moderate amount of problems and prevents violation number explosion. See Introducing Built-in Flow Analysis Test Configurations for more details on Flow Analysis Test Configurations.
Flow Analysis  AggressiveThe aggressive option reports any suspicious code as a violation. See Introducing Built-in Flow Analysis Test Configurations for more details on Flow Analysis Test Configurations.
Effective C++Checks rules from Scott Meyers’  "Effective C++" book. These rules check the efficiency of C++ programs.
Effective STLChecks rules from Scott Meyers’ "Effective STL" book.
Modern C++ (11, 14 and 17)Checks rules that enforce best practices for modern C++ standards (C++11, C++14, C++17).
Find Duplicated CodeDetects duplicated functions, code fragments, string literals, and #include directives.
Find Unused CodeIncludes rules for identifying unused/dead code.
MetricsReports metrics statistics and detects metric values out of acceptable ranges.
Global AnalysisChecks the Global Static Analysis rules.
Parasoft’s Recommended RulesThe default configuration of recommended rules (deprecated).
Sutter-AlexandrescuChecks rules based on the book "C++ Coding Standards," by Herb Sutter and Andrei Alexandrescu.
The Power of TenChecks rules based on Gerard J. Holzmann’s article "The Power of Ten - Rules for Developing Safety Critical Code." (http://spinroot.com/gerard/pdf/Power_of_Ten.pdf)

...

Test Configuration Description
CWE-SANS Top 25 Most Dangerous Programming Errors

Checks for the 2011 CWE/SANS Top 25 Most Dangerous Software Errors—  a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

(http://cwe.mitre.org/top25/index.html)

For more details, see 2011 CWE/SANS Top 25 Most Dangerous Software Errors Mapping.

OWASP Top 10 2017

Includes rules that find issues identified in OWASP’s Top 10 standard.

Payment Card Industry Data Security Standard

Checks rules for the security issues referenced in section 6 of the Payment Card Industry Data Security Standard (PCI DSS) (https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml)

Issues detected include input validation (to prevent cross-site scripting, injection flaws, malicious file execution, etc.) and validation of proper error handling.

Security RulesChecks rules designed to prevent or identify security vulnerabilities.
SEI CERT C Coding GuidelinesChecks rules and recommendations for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.
SEI CERT C RulesChecks rules for the SEI CERT C Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.
SEI CERT C++ RulesChecks rules for the SEI CERT C++ Coding Standard. This standard provides guidelines for secure coding. The goal is to facilitate the development of safe, reliable, and secure systems by, for example, eliminating undefined behaviors that can lead to undefined program behaviors and exploitable vulnerabilities.
UL 2900Includes rules that find issues identified in the UL-2900 standard.

...