Maxim Integrated
Maxim Integrated's IoT development kit.
Dependencies: MAX30101 MAX30003 MAX113XX_Pixi MAX30205 max32630fthr USBDevice
tools/VisualCodeGrepper-2.1.0/cppfunctions.conf@1:efe9cad8942f, 2018-03-13 (annotated)
- Committer:
- Mahir Ozturk
- Date:
- Tue Mar 13 14:52:59 2018 +0300
- Revision:
- 1:efe9cad8942f
Commit project files
Change-Id: I2188228f2a27e9a13e2407846e48b38c2596caa0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| Mahir Ozturk |
1:efe9cad8942f | 1 | // Functions known to cause issues in C/C++ code. |
| Mahir Ozturk |
1:efe9cad8942f | 2 | // To add new issues use the format: function name[=>][[N]][description] |
| Mahir Ozturk |
1:efe9cad8942f | 3 | // (where N is a severity rating of 1 (Critical) to 3 (Medium) (or optionally, 0 for 'normal')) |
| Mahir Ozturk |
1:efe9cad8942f | 4 | // |
| Mahir Ozturk |
1:efe9cad8942f | 5 | // NB - function names are case-sensitive for this file |
| Mahir Ozturk |
1:efe9cad8942f | 6 | // |
| Mahir Ozturk |
1:efe9cad8942f | 7 | // MS banned string copy functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 8 | strcpyA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 9 | strcpyW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 10 | strcpy =>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 11 | strcpy(=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 12 | StrCpyNA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 13 | StrCpyNW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 14 | StrCpyN=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 15 | StrNCpyA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 16 | StrNCpyW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 17 | StrNCpy=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 18 | strcpynA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 19 | strncpy =>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 20 | strncpy(=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 21 | |
| Mahir Ozturk |
1:efe9cad8942f | 22 | // MS banned string concatenation functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 23 | strcatA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 24 | strcatW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 25 | strcat =>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 26 | strcat(=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 27 | StrCatA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 28 | StrCatW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 29 | StrCat=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 30 | lstrcatA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 31 | lstrcatW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 32 | lstrcat=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 33 | StrCatBuffA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 34 | StrCatBuffW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 35 | StrCatBuff=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 36 | lstrcatnA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 37 | lstrcatnW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 38 | lstrcatn=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 39 | lstrncat=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 40 | strncat =>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 41 | strncat(=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow. |
| Mahir Ozturk |
1:efe9cad8942f | 42 | |
| Mahir Ozturk |
1:efe9cad8942f | 43 | // MS banned string tokenizing functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 44 | strtok =>Function appears in Microsoft's banned function list. Function is not always thread-safe and can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 45 | strtok(=>Function appears in Microsoft's banned function list. Function is not always thread-safe and can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 46 | _tcstok=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 47 | wcstok=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 48 | _mbstok=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. |
| Mahir Ozturk |
1:efe9cad8942f | 49 | |
| Mahir Ozturk |
1:efe9cad8942f | 50 | // MS banned Makepath/Splitpath functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 51 | makepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 52 | (makepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 53 | _tmakepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 54 | _makepath(=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 55 | _wmakepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 56 | _splitpath =>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 57 | _splitpath(=>Function appears in Microsoft's banned function list. Use the safe alternative, '_splitpath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 58 | _tsplitpath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_splitpath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 59 | _wsplitpath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_splitpath_s'. |
| Mahir Ozturk |
1:efe9cad8942f | 60 | |
| Mahir Ozturk |
1:efe9cad8942f | 61 | // MS banned numeric conversion functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 62 | _itoa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 63 | _itow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 64 | _i64toa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 65 | _i64tow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 66 | _ui64toa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 67 | _ui64tot=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 68 | _ui64tow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 69 | _ultoa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 70 | _ultot=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 71 | _ultow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'. |
| Mahir Ozturk |
1:efe9cad8942f | 72 | |
| Mahir Ozturk |
1:efe9cad8942f | 73 | // MS banned scanf functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 74 | scanf=>[2]Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 75 | (scanf=>[2]Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 76 | fscanf=>[2]Function appears in Microsoft's banned function list. The function directs external input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 77 | wscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 78 | _tscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 79 | sscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 80 | swscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 81 | _stscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 82 | snscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 83 | snwscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 84 | _sntscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 85 | |
| Mahir Ozturk |
1:efe9cad8942f | 86 | // MS banned gets functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 87 | gets=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 88 | (gets=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 89 | _getts=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 90 | _gettws=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows. |
| Mahir Ozturk |
1:efe9cad8942f | 91 | |
| Mahir Ozturk |
1:efe9cad8942f | 92 | // MS banned string length functions |
| Mahir Ozturk |
1:efe9cad8942f | 93 | strlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 94 | (strlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 95 | wcslen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 96 | _mbslen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 97 | _mbstrlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 98 | StrLen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 99 | lstrlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. |
| Mahir Ozturk |
1:efe9cad8942f | 100 | |
| Mahir Ozturk |
1:efe9cad8942f | 101 | // MS banned memory copy functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 102 | wmemcpy=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 103 | memcpy=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 104 | (memcpy=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 105 | RtlCopyMemory=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 106 | CopyMemory=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 107 | (CopyMemory=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 108 | |
| Mahir Ozturk |
1:efe9cad8942f | 109 | // MS banned stack dynamic memory allocation functions and replacements |
| Mahir Ozturk |
1:efe9cad8942f | 110 | alloca=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 111 | _alloca=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 112 | |
| Mahir Ozturk |
1:efe9cad8942f | 113 | // Unrestricted memory manipulation |
| Mahir Ozturk |
1:efe9cad8942f | 114 | memmove=>Unrestricted memory copy function. Can facilitate buffer overflow conditions and other memory mis-management situations. |
| Mahir Ozturk |
1:efe9cad8942f | 115 | realloc=>Unrestricted memory resize function. Use of realloc can expose residual memory contents or render existing buffers impossible to securely erase. Do not use realloc on memory intended to be secure as the old structure will not be zeroed out. |
| Mahir Ozturk |
1:efe9cad8942f | 116 | |
| Mahir Ozturk |
1:efe9cad8942f | 117 | // *printf family |
| Mahir Ozturk |
1:efe9cad8942f | 118 | sprintf=>[3]Function appears in Microsoft's banned function list. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 119 | _snprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 120 | _swprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 121 | _sntprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 122 | nsprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 123 | vsprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 124 | std_strlprintf=>Function is generally safe but will result in buffer overflows if destination is not checked for zero length. Can facilitate format string bugs. |
| Mahir Ozturk |
1:efe9cad8942f | 125 | |
| Mahir Ozturk |
1:efe9cad8942f | 126 | // MS banned IsBad* functions |
| Mahir Ozturk |
1:efe9cad8942f | 127 | IsBadWritePtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour. |
| Mahir Ozturk |
1:efe9cad8942f | 128 | IsBadHugeWritePtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour. |
| Mahir Ozturk |
1:efe9cad8942f | 129 | IsBadReadPtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour. |
| Mahir Ozturk |
1:efe9cad8942f | 130 | IsBadHugeReadPtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour. |
| Mahir Ozturk |
1:efe9cad8942f | 131 | IsBadCodePtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour. |
| Mahir Ozturk |
1:efe9cad8942f | 132 | IsBadStringPtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour. |
| Mahir Ozturk |
1:efe9cad8942f | 133 | |
| Mahir Ozturk |
1:efe9cad8942f | 134 | // File handling |
| Mahir Ozturk |
1:efe9cad8942f | 135 | _wfopen=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously. |
| Mahir Ozturk |
1:efe9cad8942f | 136 | _wopen=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously. |
| Mahir Ozturk |
1:efe9cad8942f | 137 | fopen=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously. |
| Mahir Ozturk |
1:efe9cad8942f | 138 | _open=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously. |
| Mahir Ozturk |
1:efe9cad8942f | 139 | |
| Mahir Ozturk |
1:efe9cad8942f | 140 | // 'considered harmful' |
| Mahir Ozturk |
1:efe9cad8942f | 141 | goto =>[3]Use of 'goto' function. The goto function can result in unstructured code which is difficult to maintain and can result in failures to initialise or de-allocate memory. |
| Mahir Ozturk |
1:efe9cad8942f | 142 | LoadLibrary=>[2]The function searches several paths for a library if called with a filename, but no path. This can allow trojan DLLs to be deployed, regardless of the presence of the correct DLL. Manually check the code to ensure that the full path is specified. |
| Mahir Ozturk |
1:efe9cad8942f | 143 | EnterCriticalSection=>[3]This function can throw exceptions when limited memory is available, resulting in unstable behaviour and potential DoS conditions. Use the safer InitialCriticalSectionAndSpinCount function. |
| Mahir Ozturk |
1:efe9cad8942f | 144 | rewind=>[3]The 'rewind' function is considered unsafe and obsolete. Using rewind() makes it impossible to determine if the file position indicator was set back to the beginning of the file, potentially resulting in improper control flow. fseek() is considered a safer alternative. |
| Mahir Ozturk |
1:efe9cad8942f | 145 | umask=>[3]Manually check this function to ensure that safe privilege levels are being applied. |
| Mahir Ozturk |
1:efe9cad8942f | 146 | catgets=>[3]This function may use the NLSPATH environment variable. Environment variables may be within the control of the end user and should be handled with caution. Manually check the code to ensure that the return value is checked for malicious content and is truncated, where appropriate. |
| Mahir Ozturk |
1:efe9cad8942f | 147 | getenv=>[3]Environment variables may be within the control of the end user and should be handled with caution. Manually check the code to ensure that the return value is checked for malicious content and is truncated, where appropriate. |
| Mahir Ozturk |
1:efe9cad8942f | 148 | gethostbyname=>[3]Environment variables may be within the control of the end user and should be handled with caution. Manually check the code to ensure that the return value is checked for malicious content and is truncated, where appropriate. |
| Mahir Ozturk |
1:efe9cad8942f | 149 | ChangeWindowMessageFilter=>The use of this function is now discouraged. It has process-wide scope and ChangeWindowMessageFilterEx should be used as a safe replacement. |
| Mahir Ozturk |
1:efe9cad8942f | 150 | _strlwr =>Function is deprecated. Use the safer version, _strlwr_s. |
| Mahir Ozturk |
1:efe9cad8942f | 151 | _strlwr(=>Function is deprecated. Use the safer version, _strlwr_s. |
| Mahir Ozturk |
1:efe9cad8942f | 152 | _strupr =>Function is deprecated. Use the safer version, _strupr_s. |
| Mahir Ozturk |
1:efe9cad8942f | 153 | _strupr(=>Function is deprecated. Use the safer version, _strupr_s. |
| Mahir Ozturk |
1:efe9cad8942f | 154 | setbuf=>Allows data to be read from a file/stream. Use with caution and do not allow user defined streams where possible. Conduct a manual check to ensure data is handled in a safe manner. |
| Mahir Ozturk |
1:efe9cad8942f | 155 | assert=>[3]The 'assert' macro usually only exists for code in the debug build. In general, no check will take place in production code. Verify that this check does not perform any critical function and is not being used in place of error handling. |