add CERT MSC24-C check (#1903)
* add CERT MSC24-C check * make check a bit more robust * fix cert tester * finetune MSC24 check
This commit is contained in:
parent
88dfb1968f
commit
999aa407f4
|
@ -231,7 +231,31 @@ def int31(data, platform):
|
||||||
'style',
|
'style',
|
||||||
'Ensure that integer conversions do not result in lost or misinterpreted data (casting ' + str(value.intvalue) + ' to ' + destType + ')',
|
'Ensure that integer conversions do not result in lost or misinterpreted data (casting ' + str(value.intvalue) + ' to ' + destType + ')',
|
||||||
'INT31-c')
|
'INT31-c')
|
||||||
break
|
break
|
||||||
|
# MSC24-C
|
||||||
|
# Do not use deprecated or obsolescent functions
|
||||||
|
def msc24(data):
|
||||||
|
for token in data.tokenlist:
|
||||||
|
if isFunctionCall(token, ('asctime',), 1):
|
||||||
|
reportError(token,'style','Do no use asctime() better use asctime_s()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('atof',), 1):
|
||||||
|
reportError(token,'style','Do no use atof() better use strtod()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('atoi',), 1):
|
||||||
|
reportError(token,'style','Do no use atoi() better use strtol()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('atol',), 1):
|
||||||
|
reportError(token,'style','Do no use atol() better use strtol()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('atoll',), 1):
|
||||||
|
reportError(token,'style','Do no use atoll() better use strtoll()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('ctime',), 1):
|
||||||
|
reportError(token,'style','Do no use ctime() better use ctime_s()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('fopen',), 2):
|
||||||
|
reportError(token,'style','Do no use fopen() better use fopen_s()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('freopen',), 3):
|
||||||
|
reportError(token,'style','Do no use freopen() better use freopen_s()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('rewind',), 1):
|
||||||
|
reportError(token,'style','Do no use rewind() better use fseek()', 'MSC24-C')
|
||||||
|
elif isFunctionCall(token, ('setbuf',), 2):
|
||||||
|
reportError(token,'style','Do no use setbuf() better use setvbuf()', 'MSC24-C')
|
||||||
|
|
||||||
# MSC30-C
|
# MSC30-C
|
||||||
# Do not use the rand() function for generating pseudorandom numbers
|
# Do not use the rand() function for generating pseudorandom numbers
|
||||||
|
@ -341,6 +365,7 @@ for arg in sys.argv[1:]:
|
||||||
str05(cfg)
|
str05(cfg)
|
||||||
str07(cfg)
|
str07(cfg)
|
||||||
str11(cfg)
|
str11(cfg)
|
||||||
|
msc24(cfg)
|
||||||
msc30(cfg)
|
msc30(cfg)
|
||||||
|
|
||||||
if VERIFY:
|
if VERIFY:
|
||||||
|
|
|
@ -54,6 +54,51 @@ unsigned char int31(int x)
|
||||||
x = (unsigned long long)-1; // cert-INT31-c
|
x = (unsigned long long)-1; // cert-INT31-c
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void msc24()
|
||||||
|
{
|
||||||
|
struct S {
|
||||||
|
int x; int fopen;
|
||||||
|
};
|
||||||
|
|
||||||
|
struct S s;
|
||||||
|
time_t rawtime;
|
||||||
|
struct tm *timeinfo;
|
||||||
|
char buffer[256];
|
||||||
|
int i;
|
||||||
|
long int li;
|
||||||
|
long long int lli;
|
||||||
|
FILE *f;
|
||||||
|
|
||||||
|
s.fopen = 123;
|
||||||
|
|
||||||
|
f = fopen ("myfile.txt","w+"); //cert-MSC24-C
|
||||||
|
setbuf ( f , buffer ) //cert-MSC24-C
|
||||||
|
for ( i='A' ; i<='Z' ; i++)
|
||||||
|
fputc ( n, f);
|
||||||
|
rewind (f); //cert-MSC24-C
|
||||||
|
fclose (f);
|
||||||
|
|
||||||
|
time ( &rawtime );
|
||||||
|
timeinfo = localtime ( &rawtime );
|
||||||
|
printf ( "The current date/time is: %s", asctime (timeinfo) ); //cert-MSC24-C
|
||||||
|
|
||||||
|
n = atof (buffer); //cert-MSC24-C
|
||||||
|
m = sin (n*pi/180);
|
||||||
|
|
||||||
|
i = atoi (buffer); //cert-MSC24-C
|
||||||
|
|
||||||
|
li = atol(buffer); //cert-MSC24-C
|
||||||
|
|
||||||
|
lli = atoll(buffer); //cert-MSC24-C
|
||||||
|
|
||||||
|
time (&rawtime);
|
||||||
|
printf ("The current local time is: %s", ctime (&rawtime)); //cert-MSC24-C
|
||||||
|
|
||||||
|
freopen ("myfile.txt","w",stdout); //cert-MSC24-C
|
||||||
|
printf ("This sentence is redirected to a file.");
|
||||||
|
fclose (stdout);
|
||||||
|
}
|
||||||
|
|
||||||
void msc30()
|
void msc30()
|
||||||
{
|
{
|
||||||
unsigned int num = rand(); // cert-MSC30-c
|
unsigned int num = rand(); // cert-MSC30-c
|
||||||
|
|
Loading…
Reference in New Issue