logo top
logo middle
  • +44 1293 403636
  • This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
  • Follow us on Twitter
  • Facebook
  • Google+

Code Quality

CodeSonar - What defects are checked?

CodeSonar Find Out More
Read the datasheet
Request a Demo of CodeSonar

Sample CodeSonar checks performed during an analysis

These are just some of the checks that the CodeSonar analysis performs. Users can also use the CodeSonar API to add checks for custom warning classes.

CWE numbers are from the Common Weakness Enumeration dictionary of software weakness types (http://cwe.mitre.org)

Memory Management API misuse

Double Free - CWE-415
Double Initialization CWE-452 and CWE-675
Free non-heap variable CWE-590
Free null pointer CWE-590
Integer Overflow of Allocation Size CWE-680
Leak CWE-401, CWE-771 and CWE-773
Misaligned Object CWE-664 and CWE-761
Dynamic Allocation After Initialization CWE-710
Return pointer to freed CWE-465
Type Mismatch CWE-686 and CWE-762
Use after Free CWE-416

Vulnerable or avoidable APIs

BSI AddAccess-ACE Rule Check CWE-269
Use of AfxParseURL CWE-242

Functions Prone to Internal Buffer Overflows

Use of getopt CWE-242 and CWE-120
Use of getpass CWE-242 and CWE-120
Use of gets CWE-242 and CWE-120
Use of getwd CWE-242 and CWE-120
BSI OemToChar Rule Check CWE-242 and CWE-120
Use of realpath CWE-242 and CWE-120
Use of recvmsg CWE-242 and CWE-120
Use of signal CWE-242
Use of strcat CWE-242, CWE-251 and CWE-120
Use of StrCatChainW CWE-242, CWE-251 and CWE-120
Use of strcmp CWE-242, CWE-251 and CWE-120
Use of strcpy CWE-242, CWE-251 and CWE-120
Use of strlen CWE-242, CWE-251 and CWE-120
Use of strtrns CWE-242, CWE-251 and CWE-120
Use of syslog CWE-242 and CWE-120
Use of catopen CWE-242
Use of chroot CWE-242
Use of CreateFile CWE-242
Use of CreateProcess CWE-242
Use of CreateThread CWE-242
Use of crypt CWE-326 and CWE-330
Use of cuserid CWE-477 and CWE-592
Use of FormatMessage CWE-134 and CWE-242
Use of getlogin CWE-592
Use of LoadModule CWE-477
Use of longjmp CWE-691 and CWE-710
Use of memset   CWE-14
Use of MoveFile CWE-477

Functions That Require A Securely-Specified Path Parameter

Use of _exec CWE-426
Use of _spawn CWE-426
Use of AfxLoadLibrary CWE-426
Use of CoLoadLibrary CWE-426
Use of execlp CWE-426
Use of execvp CWE-426
Use of LoadLibrary CWE-426
Use of popen CWE-426
Use of SHCreateProcessAsUserW CWE-426
Use of ShellExecute CWE-426
Use of system CWE-426

Functions That Provide Insufficient Randomness

Use of rand CWE-330
Use of rand48 Function CWE-330
Use of random CWE-330
Use of setjmp CWE-691 and CWE-710
Use of setuid CWE-242
Use of t_open CWE-242

Functions With Temporary File Vulnerabilities

Use of GetTempFileName CWE-377
Use of mktemp CWE-377
Use of tmpfile CWE-377
Use of tmpnam CWE-377
Use of ttyname CWE-242
Use of vfork CWE-242
Use of WinExecCWE-477

Thread misuse

Deadlock CWE-557
Double Lock CWE-411 and CWE-764
Double Unlock CWE-411 and CWE-765
Try-lock that will never succeed CWE-411

Misuse of system IO Api's

Double close CWE-672 and CWE-675
Negative file descriptor
File System Race Condition CWE-367
Socket In Wrong State CWE-666
Use After Close CWE-672

C/C++ language misuse

ARITH
Shift Amount Exceeds Bit Width
Divide by zero CWE-369
Negative Shift Amount

CAST
Dangerous function cast CWE-234, CWE-628, CWE-704
Cast Alters Value CWE-192, CWE-704
Varargs function cast CWE-628, CWE-704

FUNCS
Not Enough Assertions CWE-710
Ignored return value CWE-252, CWE-253
Missing Return Value
Recursion CWE-710
Function Too Long CWE-710

MEM
Buffer Overrun CWE-120, CWE-788
Buffer Underrun CWE-786
Null Pointer Dereference CWE-476
Type Overrun CWE-120, CWE-126
Type Underrun CWE-124, CWE-127
Uninitialized variable CWE-457
High Risk Loop CWE-119, CWE-465

PREPROC
Macro Uses -> Operator CWE-710
Macro Uses [] Operator CWE-710
Conditional Compilation CWE-710
Macro Does Not End With ) or }  CWE-710
Macro Does Not Start With ( or {  CWE-710
Macro Uses ## Operator CWE-710
Macro Uses Unary * Operator CWE-710
Recursive Macro CWE-710
Unbalanced Parenthesis CWE-710
Variadic Macro CWE-710

STRUCT
Excessive Stack Depth
Empty Branch Statement
Empty Branch Statement
Empty IF Statement
Empty SWITCH Statement
Function Pointer CWE-710
Goto Statement CWE-710
Missing Return Statement
Null Test After Dereference CWE-696
Pointer Before Beginning of Object CWE-465
Pointer Type Inside Typedef CWE-710
Pointer Past End of Object CWE-465
Redundant Condition CWE-570, CWE-571
Return Pointer to local CWE-562

SCOPE
Scope Could Be File Static CWE-485
Scope Could Be Local Static CWE-485
Too Many Dereferences CWE-710
Useless assignment
Unreachable code CWE-561
Unreachable Call
Unreachable Computation
Unreachable Conditional
Unreachable Control Flow
Unreachable Data Flow
Potential Unbounded Loop CWE-400
Unchecked Parameter Dereference CWE-476
Unused value CWE-563

Misc

Format String CWE-134
No Space For Null Terminator CWE-170
Overlapping Memory Regions
Unreasonable Size Argument CWE-789
Negative Character Value CWE-686
Function Call Has No Effect
Null Security Descriptor CWE-284
MAX_PATH Exceeded CWE-227

 

Contact us

  1. First name(*)
    Invalid Input
  2. Last name(*)
    Invalid Input
  3. Organization
    Invalid Input
  4. email(*)
    Invalid Input
  5. Message
    Invalid Input