This release includes the following enhancements: Release date: November 21, 2024 Enhanced Security Compliance PackThe ...test configurations have been updated. Enhanced Static Analysis- New code analysis rules have been added to extend coverage of compliance standards. See New Rulesfor the list of new rules.
- Static analysis rules have been updated to increase the accuracy of reported violations. See See Updated Rules for the list of updated rules.
- Static analysis engine has been enhanced to better support modern C/C++ syntax.
Enhanced Unit Testing and Code CoverageUnit testing and coverage engine has been enhanced to better support modern C/C++ syntax. In-File Suppressions Enhancements- Added the ability to easily customize the location of suppression files in both the CLI and IDE.
- Enhancements to suppression definitions:
- You can now use a file path containing wildcards for the file attribute.
- You can now specify a rule category, optionally with a severity suffix, for the rule-id attribute.
For details, see Defining Suppressions in Suppression Files. Support for CompilersThe following compilers are now supported: Compiler Name | Compiler Identifier |
---|
Clang C/C++ Compiler v 17.0 for x86_64
| clang_17_0-x86_64 | Clang C/C++ Compiler v 17.0 for aarch64/arm64 | clang_17_0-aarch64 | Clang C/C++ Compiler v 18.0 for x86_64 | clang_18_0-x86_64 | Clang C/C++ Compiler v 18.0 for aarch64/arm64
| clang_18_0-aarch64 | GNU GCC 11.x for PowerPC
| gcc_11-powerpc | Green Hills Software Compiler for Tricore v. 2021.1.x
| ghstri_2021_1 | HighTec Clang C/C++ Compiler 8.1 for aarch32/arm* | (hightec-clang_8_1-aarch32) |
* - Runtime analysis support has been added. The support level for the following compilers has been changed from Extended to Standard: - IAR Compiler for MSP430 v. 6.1x (icc430_6_1)
- QNX GCC 5.x (ARM64) (qccarm_5-64)
- QNX GCC 5.x (qcc_5)
- Wind River Clang 8.0.x (wrclang_8_0)
- Wind River Clang 9.0.x for aarch32 (wrclang_9_0-aarch32)
- Wind River Diab 5.9.x (diab_5_9)
See Compilers. Support for IDEsThe following IDEs are now supported: - Eclipse version 4.32 (2024-06)
- Eclipse version 4.33 (2024-09)
- Texas Instruments Code Composer Studio 12
New and Updated Test ConfigurationsThe Security Compliance Pack has been extended by adding support for the following test configurations :The following test configuration has have been updated with new rules: - AUTOSAR C++14 Coding Guidelines
- CWE Top 25 + On the Cusp 2022
- CWE Top 25 + On the Cusp 2023
- CWE Top 25 2022
- CWE Top 25 2023
- Flow Analysis Aggressive
- Flow Analysis Fast
- Flow Analysis Standard
- Joint Strike Fighter
- MISRA C 1998
- MISRA C 2004
- MISRA C 2023 (MISRA C 2012)
- MISRA C 2012 Legacy
- MISRA C++ 2008
- MISRA C++ 2023
- OWASP API Security Top 10 2019
- Recommended Rules
- SEI CERT C Guidelines
- SEI CERT C Rules
- SEI CERT C++ Rules
- Security Rules
Additional UpdatesDeprecated and Removed SupportDeprecated Support for IDEsSupport for the following IDEs is deprecated and will be removed in future releases: - ARM DS-5 5.28
- Eclipse 4.6 ('Neon') - 4.21 (2021-09)
- QNX Software Development Platform 7
- Texas Instruments Code Composer Studio 10
- Wind River Workbench 4.0
Removed Support for IDEsThe following IDEs are no longer supported: - Texas Instruments Code Composer Studio 7.4
- Texas Instruments Code Composer Studio 8.0
Compilers to Be DeprecatedSupport for the following compilers will be deprecated in future releases: - ARM Compiler 6.9
- Clang C/C++ Compiler v 8.0 (x86_64)
- Clang C/C++ Compiler v 10.0 (x86_64)
- Green Hills Software Compiler for ARM v. 2017.5.x
- Green Hills Software Compiler for ARM64 v. 2017.5.x
- Green Hills Software Compiler for PPC v. 2017.1.x
- Hexagon Clang Compiler v. 8.4.x
- IAR Compiler for ARM v. 8.11.x
- Microchip MPLAB C32 Compiler for PIC32 v2.0x
- QNX GCC 5.x
- QNX GCC 5.x (x86-64)
- QNX GCC 5.x (ARM)
- QNX GCC 5.x (ARM64)
- Renesas RX C/C++ Compiler 2.5x
- TI ARM C/C++ Compiler v18.1
- TI ARM C/C++ Compiler GNU GCC 7.x
Deprecated CompilersSupport for the following compilers is deprecated and will be removed in future releases: - ARM Compiler 5.0
- ARM Compiler 5.0 for uVision
- GNU GCC 6.x
- GNU GCC 6.x (x86_64)
- Green Hills Software Compiler for PPC v. 2013.1.x
- IAR Compiler for MSP430 v. 6.1x
- Microchip MPLAB C30 Compiler for dsPIC v3.2x
- National Instruments LabWindows/CVI 2015 Clang C/C++ Compiler v3.3 for Win32
Removed Support for CompilersThe following compilers are no longer supported: - GNU GCC 5.x
- GNU GCC 5.x (x86_64)
- Green Hills Software Compiler for ARM64 v. 2014.1.x
- Green Hills Software Compiler for PPC v. 4.2.x
- Green Hills Software Compiler for PPC v. 5.0.x
- Green Hills Software Compiler for V850 v. 2014.1.x
- IAR Compiler for ARM v. 7.4x
- IAR Compiler for ARM v. 7.8x
- IAR Compiler for M16C & R8C v. 3.5x
- Microsoft Visual C++ 14.0
- Microsoft Visual C++ 14.0 (x64)
- SH Series C/C++ Compiler V.9.04.xx
- Vx-toolset for TriCore C/C++ Compiler 6.2
- Wind River GCC 4.8.x
Deprecated Support for IAR ImportImporting Embedded Workbench .ewp project files is now deprecated and will be removed in future releases. Resolved Bugs and FRsBug/FR ID | Description |
---|
CPP-46243 | [static] Mapping for CERT FIO01-C and FIO21-C should be improved | CPP-47511 | [static] Split MISRA2004-2_4 (AUTOSAR-A2_7_2-a) rule (exclude doxygen comments) | CPP-53074 | [static] Optimize scope computation for large workspaces (with C/C++test Pro) | CPP-55517 | [compiler] Support for Green Hills compiler 2021.1.5 for TriCore | CPP-55616 | [static] The do-while(0) statements (used in macro) should not be counted in cyclomatic complexity | CPP-56180 | [static] Remove AUTOSAR-A3_9_1-c rule mapping | CPP-56567 | [static] MISRA2004-19_9 (MISRAC2012-RULE_20_6-a) does not report violation when '#' is followed by comment with non-ascii characters | CPP-56606 | [ide] Improve support for linker option LinkLibraryDependencies in VS2019 and VS2022. | CPP-56716 | [static] MISRACPP2023-28_3_1-a: False positive regarding "persistent side effects" in lambda functions | CPP-56736 | [static] Improve mapping for MISRACPP2023-6_4_1 to focus on variable names only | CPP-56779 | [static] MISRACPP2023-0_2_1-a does not support an exception from Rule 0.2.1 | CPP-56793 | [static] Improve output message in CODSTA-CPP-66 (MISRACPP2023-8_2_2-a) rule | CPP-56807 | [engine] Parsing fails on a Modern C++ function declaration with "const auto" | CPP-56814 | [compiler] Support for HighTec C compiler for ARM 8.1 (runtime analysis) | CPP-56989 | [static] Improve support for CERT_C-DCL37 | CPP-57005 | [static] MISRACPP2023-0_1_2-a (CODSTA-CPP-58) false positives in unevaluated contexts (noexcept, typeid) | CPP-57006 | [static] MISRACPP2023-6_4_2-b (OOP-53) false positive when introducing base method through a using declaration (templates) | CPP-57009 | [static] AUTOSAR-M3_3_2-a: false positive for static keyword in explicit template specialization | CPP-57033 | [static] TEMPL-16 reports false positive when a template forward declaration is used in another file | CPP-57057 | [engine] Static inline field parsing error when not initialized explicitly | CPP-57209 | [engine] error: no instance of function template "std::construct_at" | CPP-57361 | [engine] cpptestcc fails on __c11_atomic_is_lock_free | CPP-57389 | [engine] Coverage instrumentation error: Mixing void and non-void results of the functor in for_each is not supported | CPP-57398 | [engine] Instrumentation compile error: ambiguous call of overloaded Matrix... | CPP-57399 | [engine] Coverage instrumenation instrumentation error: TFixedBlockAllocator is not a template | CPP-57425 | [static] MISRA2004-12_2_f (MISRAC2012-RULE_13_2-f) reports false positive when volatile member of volatile object is used | CPP-57427 | [static] PORT-28 reports false positive when integer constants with big values are used | CPP-57428 | [static] MISRACPP2023-6_4_1-e (CODSTA-CPP-85) false positives on heavily templated code | CPP-57484 | [engine] cpptestcc fails on __c11_atomic_load | CPP-57517 | [engine] error: declaration is incompatible with "CInfraComArray<CMasterClass ... | CPP-57524 | [static] False positive for MRM-39 | CPP-57525 | [static] MRM-19 reports false positive when a pointer is cast before delete | CPP-57533 | [compiler] Support for powerpc-eabi-gcc 11.2 compiler | CPP-57538 | [static] Analysis error due to possible ppro crash if 'CR' line endings are used | CPP-57541 | [static] Incorrectly detected typedef declaration (AUTOSAR-A7_1_6-a, CODSTA-MCPP-02, GLOBAL-UNIQUETYPEDEF, GLOBAL-UNIQUETYPEDEFC) | CPP-57553 | [engine] Variadic template stubs are ignored | CPP-57594 | [engine] error: expected an expression static constexpr bool isComplex = ((QTypeInfo<Ts>::isComplex) || ...); | CPP-57609 | [engine] Add option for disabling C/C++test instrumentation for functions with OpenMP code | CPP-57628 | [engine] afxpanecontainer.h line 35: error: expected a ")" | CPP-57659 | [static] FORMAT-43 reports false positive when the closing brace of a block is in the same line as the last statement | CPP-57673 | [static] Improve mapping for AUTOSAR A7-1-2 | CPP-57678 | [engine] static assertion failed when running SCA, the original code compiles w/o issues | CPP-57679 | [engine] Improve compiler configuration for vxtc_6_3 (--fp-model=1) | CPP-57683 | [ide] Debugging unit tests does not work in VS 2022 latest update (17.10.3) | CPP-57734 | [engine] Improve support for CLA mode of tic2000_18_1 compiler for Static Analysis | CPP-57736 | [static] PPRO crash from yylex() in lib/libppro.so | CPP-57738 | [ide] Invalid libstdc++ dependency for Rulewizard native libraries | CPP-57739 | [static] INIT-12 (CERT_CPP-DCL56-a) reports false positive when template variable is used in initializer | CPP-57744 | [engine] xharness crash due to stack overflow during reconstruction | CPP-57748 | [static] MISRA-005 reports cwc exit code 1 when very long strings are checked | CPP-57749 | [static] cwc exit code 3 - Narrowing in list initialization ignored in non-evaluated context | CPP-57770 | [engine] error: incomplete type "A<void>" is not allowed | CPP-57778 | [engine] Errors with QT brace-initialization | CPP-57785 | [static] Property 'CapturedVariables' detects local variables that are not captured | CPP-57796 | [engine] error: expression must have a constant value | CPP-57802 | [static] Analysis finished with code 33 - signal 11 in libppro.so | CPP-57834 | [static] Improve support for CERT_C-PRE02 | CPP-57835 | [bazel] Add option to disable symlinks expansion (CPPTEST_COVERAGE_SRC_ROOT_RESOLVE_SYMLINKS) | CPP-57885 | [static] CODSTA-CPP-206 (MISRACPP2023-6_8_4) should treat conversion operators differing by cv-qualifiers as function overloads | CPP-57886 | [static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on const-lvalue-ref-qualified template function | CPP-57892 | [static] MISRACPP2023-0_2_3-a false positive: does not consider decltype/template arg to be a use | CPP-57893 | [static] Improve mapping for MISRACPP2023 Rule 15.1.3 | CPP-57894 | [static] OPT-02 (MISRACPP2023-0_2_1-a) reports false positive for a variable used inside 'static_if' | CPP-57899 | [engine] Instrumentation parse error: more than one operator "=" matches these operands | CPP-57906 | [static] CODSTA-CPP-212 (MISRACPP2023-7_0_2-a) reports false positive when parameter of 'auto' type is used | CPP-57918 | [static] MISRA2004-19_16 (MISRAC2012-RULE_20_13-a) reports false positive when line in a comment starts from '#' | CPP-57919 | [compiler] Improve support for -c99 option for TI compilers | CPP-57990 | [compiler] Inconsistent handling of profiling flags with GNU GCC | CPP-57993 | [ide] Corrupted Chinese comments after adding/deleting test cases | CPP-58001 | [engine] C++23 literal suffixes for floats cause parse errors | CPP-58011 | [static] Improve CERT_C-ERR32 mapping (BD-PB-ERRNO to BD-PB-SIGHAN) | CPP-58012 | [static] cannot analyze file (cwc exit code: 4) | CPP-58013 | [static] CODSTA-CPP-43 (AUTOSAR-A8_4_9-a) reports false positives on references to array types | CPP-58016 | [static] OOP-07 (AUTOSAR-A10_1_1-a) reports false positive, when interface class contains deleted functions | CPP-58017 | [static] CODSTA-29 (CERT_C-DCL06-a) reports false positive on enumerations ins[ide] functions | CPP-58053 | [engine] 'static constexpr' array init error | CPP-58058 | [engine] no instance of function template "printValue" matches the argument list | CPP-58060 | [ide] For VS projects with both /std:c17 and /std:c++17 options, it is not possible to run analysis or tests | CPP-58070 | [engine] Instrumentation problem when -ignore-const-decisions is enabled | CPP-58072 | [engine] Class does not initialize correctly during instrumentation | CPP-58077 | [engine] Instrumentation problem due to extra brackets | CPP-58091 | [static] CODSTA-CPP-206 (MISRACPP2023-6_8_4-a) reports false positive on ref-to-pointer and pointer-to-ref conversions for members which are not subobjects | CPP-58096 | [static] CODSTA-38 works inconsistently for integer and floating constants | CPP-58251 | [engine] I\O exception was caught - Unable to read XML file | CPP-58585 | [engine] Instrumentation error: cannot deduce "auto" type | FA-4156 | BD-PB-NP should report a violation when null is passed to printf-like function as the argument corresponding to "%s" specifier. | FA-9845 | MISRACPP2023-11_6_2-a (BD-PB-NOTINIT) False positive - Avoid use before initialization for "*this"? | FA-9901 | MISRACPP2023-28_6_3-a false positives on forwarding references and lvalues | FA-9907 | BD-PB-VARARGS False Positive with MSVC | FA-9912 | MISRAC2012-RULE_14_3-ac (BD-PB-CC) false positive | FA-9937 | BD-PB-NOTINIT false positive | FA-9951 | BD-PB-OVERFWR false negative with renesas compiler | FA-9953 | The default value documented in the rules is not correct | FA-9961 | BD-PB-ARRAY false positive | FA-9988 | BD-CO-STRMOD false positive | FA-9990 | MISRACPP2023-0_2_4-a - false positive, private virtual functions | FA-9991 | BD-PB-NOTINIT false positive | FA-9996 | BD-PB-NOTINIT false positive due to wrong assumption about the number of fields to initialize | FA-10003 | BD-PB-OVERFNZT false positives with two-dimensional char array initialized with string literals. | FA-10007 | BD-PB-NOTINIT false positive | FA-10013 | BD-PB-NOTINIT false positive when array is initialized starting from non-first element | FA-10028 | BD-PB-NOTINIT false positive for Nth loop iteration | FA-10046 | Flow Analysis was not able to analyze a source file |
Updates to RulesNew RulesRule ID | Header |
---|
AUTOSAR-A5_2_5-e | Avoid accessing collections out of bounds | AUTOSAR-M0_1_3-f | A project shall not contain unused uninitialized local variables | AUTOSAR-M0_1_3-g | A project should not contain unused uninitialized variables with internal linkage | BD-PB-COOB | Avoid accessing collections out of bounds | CERT_C-DCL37-b | Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared | CERT_C-DCL37-c | Avoid declaring file-scoped objects whose names begin with an underscore | CERT_C-DCL37-d | The names of standard library macros should not be reused (C11 code) | CERT_C-DCL37-e | The names of standard library identifiers with file scope should not be reused (C11 code) | CERT_C-DCL37-f | The standard library identifiers with external linkage should not be reused (C11 code) | CERT_C-DCL37-g | Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined | CERT_C-ERR32-b | Properly define signal handlers | CERT_C-ERR33-e | Provide error handling for file opening errors right next to the call to fopen | CERT_C-FIO01-c | Be careful using functions that use file names for identification | CERT_C-FIO21-b | Use secure temporary file name functions | CODSTA-303 | A variable declared in an inner scope shall not hide a variable declared in an outer scope | CODSTA-92_c | The names of standard library macros should not be reused (C11 code) | CODSTA-92_d | The names of standard library identifiers with file scope should not be reused (C11 code) | CODSTA-92_e | The standard library identifiers with external linkage should not be reused (C11 code) | CWE-119-l | Avoid accessing collections out of bounds | CWE-125-f | Avoid accessing collections out of bounds | CWE-787-i | Avoid accessing collections out of bounds | JSF-127_b | Sections of code should not be "commented out" using Doxygen comments | MISRA2004-2_4_b | Sections of code should not be "commented out" using Doxygen comments | MISRA2008-0_1_3_f | A project shall not contain unused uninitialized local variables | MISRA2008-0_1_3_g | A project should not contain unused uninitialized variables with internal linkage | MISRA2008-2_7_2_b | Sections of code shall not be "commented out" using C-style comments | MISRA2008-2_7_3_b | Sections of code should not be "commented out" using C++ comments | MISRA2012-DIR-4_4_b | Sections of code should not be "commented out" using Doxygen comments | MISRAC2012-DIR_4_4-b | Sections of code should not be "commented out" using Doxygen comments | MISRACPP2023-19_2_1-b | Use unique multiple include guards | MISRACPP2023-6_4_1-g | A variable declared in an inner scope shall not hide a variable declared in an outer scope | NAMING-33_c | Macros that begin with an underscore and either an uppercase letter or another underscore should not be defined | NAMING-33_d | Identifiers that begin with an underscore and either an uppercase letter or another underscore should not be declared | NAMING-33_e | Avoid declaring file-scoped objects whose names begin with an underscore | OPT-02_b | A project shall not contain unused uninitialized local variables | OPT-43_b | A project should not contain unused uninitialized variables with internal linkage | OWASP2019-API3-r | Avoid accessing collections out of bounds | PFO-02_b | Use unique multiple include guards | PREPROC-29 | Use angle brackets <> to include standard library headers | SECURITY-55 | Be careful using functions that use file names for identification |
Anchor |
---|
| Updated Rules |
---|
| Updated Rules |
---|
| Updated Rules
Category ID | Rule IDs |
---|
AUTOSAR C++14 Coding Guidelines | AUTOSAR-A0_1_2-a, AUTOSAR-A0_4_4-a, AUTOSAR-A10_1_1-a, AUTOSAR-A10_2_1-a, AUTOSAR-A10_2_1-b, AUTOSAR-A12_0_1-a, AUTOSAR-A13_5_2-a, AUTOSAR-A14_7_2-a, AUTOSAR-A18_9_4-a, AUTOSAR-A23_0_2-b, AUTOSAR-A27_0_2-a, AUTOSAR-A27_0_2-b, AUTOSAR-A2_10_1-e, AUTOSAR-A2_3_1-a, AUTOSAR-A2_7_2-a, AUTOSAR-A4_7_1-c, AUTOSAR-A5_0_1-b, AUTOSAR-A5_2_5-a, AUTOSAR-A5_3_2-a, AUTOSAR-A7_1_7-c, AUTOSAR-A7_2_3-a, AUTOSAR-A7_3_1-a, AUTOSAR-A8_4_2-a, AUTOSAR-A8_4_3-b, AUTOSAR-A8_4_9-a, AUTOSAR-A8_5_0-a, AUTOSAR-M0_1_2-ac, AUTOSAR-M0_1_3-a, AUTOSAR-M0_1_3-e, AUTOSAR-M0_3_1-b, AUTOSAR-M0_3_1-d, AUTOSAR-M0_3_1-f, AUTOSAR-M0_3_1-g, AUTOSAR-M0_3_1-i, AUTOSAR-M0_3_2-a, AUTOSAR-M16_0_5-a, AUTOSAR-M16_0_8-a, AUTOSAR-M16_1_1-a, AUTOSAR-M5_0_16-a, AUTOSAR-M5_14_1-a, AUTOSAR-M7_1_2-c, AUTOSAR-M8_0_1-a | Coding Conventions for C++ | CODSTA-CPP-04, CODSTA-CPP-206, CODSTA-CPP-211, CODSTA-CPP-212, CODSTA-CPP-43, CODSTA-CPP-58, CODSTA-CPP-85 | Coding Conventions for Modern C++ | CODSTA-MCPP-01, CODSTA-MCPP-03, CODSTA-MCPP-47_b, CODSTA-MCPP-56 | Coding Conventions | CODSTA-122_a, CODSTA-122_b, CODSTA-138, CODSTA-144, CODSTA-226_a, CODSTA-227, CODSTA-29, CODSTA-311, CODSTA-38 | Common Weakness Enumeration | CWE-119-a, CWE-119-d, CWE-119-e, CWE-125-a, CWE-125-c, CWE-20-f, CWE-362-d, CWE-476-a, CWE-787-a, CWE-787-d | DISA ASD STIG | APSC_DV-000060-a, APSC_DV-001995-a, APSC_DV-002520-a, APSC_DV-002530-a, APSC_DV-002550-a, APSC_DV-002560-a, APSC_DV-002590-b, APSC_DV-002590-c, APSC_DV-002590-d, APSC_DV-003235-a, APSC_DV-003235-c | Flow Analysis | BD-API-BADPARAM, BD-API-STRSIZE, BD-API-VALPARAM, BD-CO-ITINVCOMP, BD-CO-STRMOD, BD-PB-ARRAY, BD-PB-CC, BD-PB-NOTINIT, BD-PB-NP, BD-PB-OVERFNZT, BD-PB-OVERFRD, BD-PB-OVERFWR, BD-PB-SUBSEQFRWD, BD-PB-UCMETH, BD-PB-VARARGS, BD-RES-INVFREE, BD-SECURITY-TDENV, BD-TRS-FORKFILE | Formatting | FORMAT-33, FORMAT-43 | Global Static Analysis | GLOBAL-PREDICATENOSE | High Integrity C++ | HICPP-10_3_1-a, HICPP-12_1_1-a, HICPP-12_1_1-b, HICPP-13_1_1-a, HICPP-16_1_4-a, HICPP-17_3_3-a, HICPP-1_2_1-h, HICPP-1_2_1-i, HICPP-3_1_1-e, HICPP-5_1_2-f, HICPP-5_1_2-j, HICPP-5_1_6-d, HICPP-5_2_1-a, HICPP-5_2_1-c, HICPP-6_3_2-a, HICPP-7_1_1-b, HICPP-8_3_1-a, HICPP-8_4_1-a | Initialization | INIT-12 | Joint Strike Fighter | JSF-003, JSF-003_b, JSF-009, JSF-060_b, JSF-088, JSF-088_b, JSF-094, JSF-094_b, JSF-114, JSF-115, JSF-115_a, JSF-117.1, JSF-127, JSF-135_e, JSF-143_a, JSF-157, JSF-177_b, JSF-180_d, JSF-204.1_f, JSF-214 | Memory and Resource Management | MRM-19, MRM-39, MRM-40 | Metrics | METRIC.CC, METRIC.ECC, METRICS-18, METRICS-28, METRICS-29, METRICS-33, METRICS-34, METRICS-35, METRICS-42 | MISRA C 1998 | MISRA-005, MISRA-096 | MISRA C 2004 | MISRA2004-12_2_f, MISRA2004-12_4_a, MISRA2004-16_10, MISRA2004-16_8, MISRA2004-16_8_b, MISRA2004-19_14, MISRA2004-19_16, MISRA2004-19_9, MISRA2004-2_4 | MISRA C 2012 (Legacy) | MISRA2012-DIR-4_11, MISRA2012-DIR-4_13_c, MISRA2012-DIR-4_14_j, MISRA2012-DIR-4_1_a, MISRA2012-DIR-4_1_b, MISRA2012-DIR-4_1_e, MISRA2012-DIR-4_1_g, MISRA2012-DIR-4_1_h, MISRA2012-DIR-4_4, MISRA2012-RULE-13_2_f, MISRA2012-RULE-13_4, MISRA2012-RULE-13_5, MISRA2012-RULE-14_3_zc, MISRA2012-RULE-17_4, MISRA2012-RULE-17_4_b, MISRA2012-RULE-17_7_a, MISRA2012-RULE-17_7_b, MISRA2012-RULE-18_1_a, MISRA2012-RULE-1_3_b, MISRA2012-RULE-1_3_d, MISRA2012-RULE-1_3_e, MISRA2012-RULE-1_3_k, MISRA2012-RULE-20_13, MISRA2012-RULE-20_6, MISRA2012-RULE-21_17_a, MISRA2012-RULE-21_17_b, MISRA2012-RULE-21_18, MISRA2012-RULE-22_2_b, MISRA2012-RULE-2_1_h, MISRA2012-RULE-2_8_b, MISRA2012-RULE-2_8_c, MISRA2012-RULE-9_1 | MISRA C 2023 (MISRA C 2012) | MISRAC2012-DIR_4_1-a, MISRAC2012-DIR_4_1-b, MISRAC2012-DIR_4_1-e, MISRAC2012-DIR_4_1-g, MISRAC2012-DIR_4_1-h, MISRAC2012-DIR_4_11-a, MISRAC2012-DIR_4_13-c, MISRAC2012-DIR_4_14-j, MISRAC2012-DIR_4_4-a, MISRAC2012-RULE_13_2-f, MISRAC2012-RULE_13_4-a, MISRAC2012-RULE_13_5-a, MISRAC2012-RULE_14_3-ac, MISRAC2012-RULE_17_4-a, MISRAC2012-RULE_17_4-b, MISRAC2012-RULE_17_7-a, MISRAC2012-RULE_17_7-b, MISRAC2012-RULE_18_1-a, MISRAC2012-RULE_1_3-b, MISRAC2012-RULE_1_3-d, MISRAC2012-RULE_1_3-e, MISRAC2012-RULE_1_3-k, MISRAC2012-RULE_20_13-a, MISRAC2012-RULE_20_6-a, MISRAC2012-RULE_21_17-a, MISRAC2012-RULE_21_17-b, MISRAC2012-RULE_21_18-a, MISRAC2012-RULE_22_2-b, MISRAC2012-RULE_2_1-h, MISRAC2012-RULE_2_8-b, MISRAC2012-RULE_2_8-c, MISRAC2012-RULE_9_1-a | MISRA C++ 2008 | MISRA2008-0_1_2_aa, MISRA2008-0_1_3_a, MISRA2008-0_1_3_e, MISRA2008-0_1_7, MISRA2008-0_3_1_a, MISRA2008-0_3_1_b, MISRA2008-0_3_1_e, MISRA2008-0_3_1_g, MISRA2008-0_3_1_h, MISRA2008-0_3_2, MISRA2008-16_0_5, MISRA2008-16_0_8, MISRA2008-16_1_1, MISRA2008-2_7_2, MISRA2008-2_7_3, MISRA2008-5_0_16_a, MISRA2008-5_0_1_f, MISRA2008-5_14_1, MISRA2008-7_1_2_b, MISRA2008-8_0_1, MISRA2008-8_4_3 | MISRA C++ 2023 | MISRACPP2023-0_0_2-a, MISRACPP2023-0_1_2-a, MISRACPP2023-0_2_1-a, MISRACPP2023-0_2_1-b, MISRACPP2023-0_2_3-a, MISRACPP2023-0_2_4-a, MISRACPP2023-0_3_2-a, MISRACPP2023-10_0_1-a, MISRACPP2023-10_1_1-c, MISRACPP2023-10_2_2-a, MISRACPP2023-11_6_2-a, MISRACPP2023-15_1_3-a, MISRACPP2023-15_1_3-b, MISRACPP2023-15_1_5-a, MISRACPP2023-19_0_1-a, MISRACPP2023-19_1_1-a, MISRACPP2023-19_3_5-a, MISRACPP2023-28_3_1-a, MISRACPP2023-28_6_3-a, MISRACPP2023-4_1_3-c, MISRACPP2023-4_6_1-f, MISRACPP2023-5_7_2-a, MISRACPP2023-6_2_3-d, MISRACPP2023-6_4_1-e, MISRACPP2023-6_4_2-a, MISRACPP2023-6_4_2-b, MISRACPP2023-6_8_3-a, MISRACPP2023-6_8_4-a, MISRACPP2023-7_0_1-a, MISRACPP2023-7_0_2-a, MISRACPP2023-8_14_1-a, MISRACPP2023-8_18_2-a, MISRACPP2023-8_7_1-a, MISRACPP2023-8_7_1-c, MISRACPP2023-8_7_1-d, MISRACPP2023-8_7_1-e, MISRACPP2023-9_6_5-a | Object Oriented | OOP-07, OOP-07_a, OOP-07_b, OOP-07_c, OOP-32, OOP-53 | Optimization | OPT-02, OPT-43, OPT-46 | OWASP API Security Top 10 (2019) | OWASP2019-API3-b, OWASP2019-API3-e, OWASP2019-API3-f, OWASP2019-API3-g, OWASP2019-API8-c | OWASP API Security Top 10 (2023) | OWASP2023-API10-f | OWASP Top 10 (2017) | OWASP2017-A1-d | OWASP Top 10 (2021) | OWASP2021-A3-d | Portability | PORT-28 | Security | SECURITY-39 | SEI CERT C++ | CERT_CPP-CTR53-b, CERT_CPP-CTR54-a, CERT_CPP-DCL56-a, CERT_CPP-EXP53-a, CERT_CPP-EXP58-a, CERT_CPP-MSC52-a, CERT_CPP-STR50-b, CERT_CPP-STR50-c, CERT_CPP-STR51-a, CERT_CPP-STR52-a | SEI CERT C | CERT_C-API01-a, CERT_C-ARR30-a, CERT_C-ARR38-a, CERT_C-ARR38-b, CERT_C-ARR38-d, CERT_C-ARR39-a, CERT_C-CON31-c, CERT_C-DCL04-a, CERT_C-DCL06-a, CERT_C-ENV01-c, CERT_C-ERR30-b, CERT_C-ERR33-a, CERT_C-EXP02-a, CERT_C-EXP08-b, CERT_C-EXP12-a, CERT_C-EXP12-b, CERT_C-EXP33-a, CERT_C-EXP34-a, CERT_C-FIO37-a, CERT_C-FLP32-a, CERT_C-MEM00-b, CERT_C-MEM34-a, CERT_C-MSC07-i, CERT_C-MSC09-a, CERT_C-MSC12-i, CERT_C-MSC12-j, CERT_C-MSC19-a, CERT_C-MSC19-b, CERT_C-MSC37-a, CERT_C-MSC39-a, CERT_C-POS30-a, CERT_C-POS30-b, CERT_C-POS38-a, CERT_C-POS54-a, CERT_C-PRE02-a, CERT_C-PRE32-a, CERT_C-STR03-a, CERT_C-STR31-a, CERT_C-STR31-b, CERT_C-STR32-a | Template | TEMPL-16 |
Removed RulesRule ID | Notes |
---|
AUTOSAR-A3_9_1-c | Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-223_b can be used as a replacement. | AUTOSAR-A7_1_2-b | Removed from AUTOSAR C++ 14 configuration. For other configurations, CODSTA-MCPP-11_b_cpp11 can be used as a replacement. | AUTOSAR-M0_1_3-a | Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-02 can be used as a replacement. | AUTOSAR-M0_1_3-e | Removed from AUTOSAR C++ 14 configuration. For other configurations, OPT-43 can be used as a replacement. | CERT_C-DCL37-a | Removed from SEI CERT C configuration. For other configurations, MISRA2004-20_1_a can be used as a replacement. | CERT_C-ERR30-b | Removed from SEI CERT C configuration. For other configurations, MRM-39 can be used as a replacement. | CERT_C-ERR32-a | Removed from SEI CERT C configuration. For other configurations, BD-PB-ERRNO can be used as a replacement. | CERT_C-FIO01-b | Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement. | CERT_C-FIO21-a | Removed from SEI CERT C configuration. For other configurations, SECURITY-19 can be used as a replacement. | MISRA2008-0_1_3_a | Removed from MISRA C++ 2008 configuration. For other configurations, OPT-02 can be used as a replacement. | MISRA2008-0_1_3_e | Removed from MISRA C++ 2008 configuration. For other configurations, OPT-43 can be used as a replacement. | MISRACPP2023-19_2_1-a | Removed from MISRA C++ 2023 configuration. For other configurations, PFO-02 can be used as a replacement. | MISRACPP2023-6_4_1-a | Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_a can be used as a replacement. | MISRACPP2023-6_4_1-b | Removed from MISRA C++ 2023 configuration. For other configurations, MISRA2004-5_2_b can be used as a replacement. | MISRACPP2023-6_4_1-c | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-83 can be used as a replacement. | MISRACPP2023-6_4_1-d | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-84 can be used as a replacement. | MISRACPP2023-6_4_1-e | Removed from MISRA C++ 2023 configuration. For other configurations, CODSTA-CPP-85 can be used as a replacement. |
|