CodeCheck Documentation
CodeCheck Documentation - SEI CERT C++

Standard: SEI CERT C++

This standard provides rules for secure coding in the C++ programming language.

The rules and recommendations in this standard are a work in progress and reflect the current thinking of the secure coding community. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.

The CERT C++ Coding Standard does not currently expose any recommendations; all C++ recommendations have been removed (moved to The Void section) due to quality concerns pending further review and development.

The list of rules and recommendations in this tool were last updated on 2023/05/23.

Check IDCheck NameSupportedSeverity
CON50-CPPDo not destroy a mutex while it is lockedYesMedium
CON51-CPPEnsure actively held locks are released on exceptional conditionsYesLow
CON52-CPPPrevent data races when accessing bit-fields from multiple threadsYesMedium
CON53-CPPAvoid deadlock by locking in a predefined orderNoLow
CON54-CPPWrap functions that can spuriously wake up in a loopYesMedium
CON55-CPPPreserve thread safety and liveness when using condition variablesYesLow
CON56-CPPDo not speculatively lock a non-recursive mutex that is already owned by the calling threadYesLow
CTR50-CPPGuarantee that container indices and iterators are within the valid rangeYesHigh
CTR51-CPPUse valid references, pointers, and iterators to reference elements of a containerYesHigh
CTR52-CPPGuarantee that library functions do not overflowYesHigh
CTR53-CPPUse valid iterator rangesYesHigh
CTR54-CPPDo not subtract iterators that do not refer to the same containerYesMedium
CTR55-CPPDo not use an additive operator on an iterator if the result would overflowYes
CTR56-CPPDo not use pointer arithmetic on polymorphic objectsYesHigh
CTR57-CPPProvide a valid ordering predicateYesLow
CTR58-CPPPredicate function objects should not be mutableYesLow
DCL50-CPPDo not define a C-style variadic functionYesHigh
DCL52-CPPNever qualify a reference type with const or volatileYesLow
DCL53-CPPDo not write syntactically ambiguous declarationsYesLow
DCL54-CPPOverload allocation and deallocation functions as a pair in the same scopeYesLow
DCL55-CPPAvoid information leakage when passing a class object across a trust boundaryNoLow
DCL56-CPPAvoid cycles during initialization of static objectsYesLow
DCL57-CPPDo not let exceptions escape from destructors or deallocation functionsYesLow
DCL58-CPPDo not modify the standard namespacesYesHigh
DCL59-CPPDo not define an unnamed namespace in a header fileYesMedium
DCL60-CPPObey the one-definition ruleYesHigh
ERR50-CPPDo not abruptly terminate the programYesLow
ERR51-CPPHandle all exceptionsYesLow
ERR52-CPPDo not use setjmp() or longjmp()YesLow
ERR53-CPPDo not reference base classes or class data members in a constructor or destructor function-try-block handlerYesLow
ERR54-CPPCatch handlers should order their parameter types from most derived to least derivedYesMedium
ERR55-CPPHonor exception specificationsYesLow
ERR57-CPPDo not leak resources when handling exceptionsYesLow
ERR58-CPPHandle all exceptions thrown before main() begins executingYesLow
ERR59-CPPDo not throw an exception across execution boundariesYesHigh
ERR60-CPPException objects must be nothrow copy constructibleYesLow
ERR61-CPPCatch exceptions by lvalue referenceYesLow
ERR62-CPPDetect errors when converting a string to a numberYesMedium
EXP50-CPPDo not depend on the order of evaluation for side effectsYesMedium
EXP51-CPPDo not delete an array through a pointer of the incorrect typeYesLow
EXP52-CPPDo not rely on side effects in unevaluated operandsYesLow
EXP53-CPPDo not read uninitialized memoryYesHigh
EXP54-CPPDo not access an object outside of its lifetimeYesHigh
EXP55-CPPDo not access a cv-qualified object through a cv-unqualified typeYesMedium
EXP56-CPPDo not call a function with a mismatched language linkageNoLow
EXP57-CPPDo not cast or delete pointers to incomplete classesYesMedium
EXP58-CPPPass an object of the correct type to va_startYesMedium
EXP59-CPPUse offsetof() on valid types and membersYesMedium
EXP61-CPPA lambda object must not outlive any of its reference captured objectsYesHigh
EXP62-CPPDo not access the bits of an object representation that are not part of the object's value representationYesHigh
EXP63-CPPDo not rely on the value of a moved-from objectYesMedium
FIO50-CPPDo not alternately input and output from a file stream without an intervening positioning callYesLow
FIO51-CPPClose files when they are no longer neededYesMedium
INT50-CPPDo not cast to an out-of-range enumeration valueYesMedium
MEM50-CPPDo not access freed memoryNoHigh
MEM51-CPPProperly deallocate dynamically allocated resourcesYesHigh
MEM52-CPPDetect and handle memory allocation errorsYesHigh
MEM53-CPPExplicitly construct and destruct objects when manually managing object lifetimeNoHigh
MEM57-CPPAvoid using default operator new for over-aligned typesYesMedium
MSC50-CPPDo not use the rand() function for generating pseudorandom numbersYesMedium
MSC51-CPPEnsure your random number generator is properly seededYesMedium
MSC52-CPPValue-returning functions must return a value from all exit pathsYesMedium
MSC53-CPPDo not return from a function declared [[noreturn]]YesMedium
MSC54-CPPA signal handler must be a plain old functionYesHigh
OOP50-CPPDo not invoke virtual functions from constructors or destructorsYesLow
OOP51-CPPDo not slice derived objectsYesLow
OOP52-CPPDo not delete a polymorphic object without a virtual destructorYesLow
OOP53-CPPWrite constructor member initializers in the canonical orderYesMedium
OOP54-CPPGracefully handle self-copy assignmentYesLow
OOP55-CPPDo not use pointer-to-member operators to access nonexistent membersNoHigh
OOP56-CPPHonor replacement handler requirementsYes
OOP57-CPPPrefer special member functions and overloaded operators to C Standard Library functionsYesHigh
OOP58-CPPCopy operations must not mutate the source objectYesLow
STR50-CPPGuarantee that storage for strings has sufficient space for character data and the null terminatorYesHigh
STR51-CPPDo not attempt to create a std::string from a null pointerYesHigh
STR52-CPPUse valid references, pointers, and iterators to reference elements of a basic_stringYesHigh
STR53-CPPRange check element accessYesHigh