File content as of revision 1:efe9cad8942f:

// Functions known to cause issues in C/C++ code.
// To add new issues use the format: function name[=>][[N]][description]
//	(where N is a severity rating of 1 (Critical) to 3 (Medium) (or optionally, 0 for 'normal'))
//
// NB - function names are case-sensitive for this file
//
// MS banned string copy functions and replacements
strcpyA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
strcpyW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
strcpy =>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
strcpy(=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCpyNA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
StrCpyNW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
StrCpyN=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
StrNCpyA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
StrNCpyW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
StrNCpy=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
strcpynA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
strncpy =>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
strncpy(=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.

// MS banned string concatenation functions and replacements
strcatA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
strcatW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
strcat =>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
strcat(=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCatA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCatW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCat=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
lstrcatA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
lstrcatW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
lstrcat=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCatBuffA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCatBuffW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
StrCatBuff=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
lstrcatnA=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
lstrcatnW=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
lstrcatn=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
lstrncat=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
strncat =>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.
strncat(=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions. While 'safer', the current "n" functions include non-null termination of overflowed buffers and no error returns on overflow.

// MS banned string tokenizing functions and replacements
strtok =>Function appears in Microsoft's banned function list. Function is not always thread-safe and can facilitate buffer overflows.
strtok(=>Function appears in Microsoft's banned function list. Function is not always thread-safe and can facilitate buffer overflows.
_tcstok=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
wcstok=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.
_mbstok=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions.

// MS banned Makepath/Splitpath functions and replacements
 makepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'.
(makepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'.
_tmakepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'.
_makepath(=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'.
_wmakepath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'.
_splitpath =>Function appears in Microsoft's banned function list. Use the safe alternative, '_makepath_s'.
_splitpath(=>Function appears in Microsoft's banned function list. Use the safe alternative, '_splitpath_s'.
_tsplitpath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_splitpath_s'.
_wsplitpath=>Function appears in Microsoft's banned function list. Use the safe alternative, '_splitpath_s'.

// MS banned numeric conversion functions and replacements
_itoa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_itow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_i64toa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_i64tow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_ui64toa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_ui64tot=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_ui64tow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_ultoa=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_ultot=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.
_ultow=>Function appears in Microsoft's banned function list. It does not perform a safe conversion on account of a failure to distinguish between 'signed' and 'unsigned'.

// MS banned scanf functions and replacements
 scanf=>[2]Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
(scanf=>[2]Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
fscanf=>[2]Function appears in Microsoft's banned function list. The function directs external input to a buffer and so can facilitate buffer overflows.
wscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
_tscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
sscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
swscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
_stscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
snscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
snwscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.
_sntscanf=>Function appears in Microsoft's banned function list. The function directs user defined input to a buffer and so can facilitate buffer overflows.

// MS banned gets functions and replacements
 gets=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows.
(gets=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows.
_getts=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows.
_gettws=>[2]Function appears in Microsoft's banned function list. Since the function reads characters from STDIN and writes to buffer until EOL it can facilitate buffer overflows.

// MS banned string length functions
 strlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors.
(strlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors. 
wcslen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors.
_mbslen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors.
_mbstrlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors.
StrLen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors.
lstrlen=>Function appears in Microsoft's banned function list. For critical applications, particularly applications accepting anonymous Internet connections or unverified input data, strlen and similar functions can become victims of integer overflow or 'wraparound' errors.

// MS banned memory copy functions and replacements
wmemcpy=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
 memcpy=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
(memcpy=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
RtlCopyMemory=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
 CopyMemory=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
(CopyMemory=>[3]Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
 
// MS banned stack dynamic memory allocation functions and replacements
 alloca=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.
 _alloca=>Function appears in Microsoft's banned function list. Can facilitate buffer overflow conditions and other memory mis-management situations.

// Unrestricted memory manipulation
memmove=>Unrestricted memory copy function. Can facilitate buffer overflow conditions and other memory mis-management situations.
realloc=>Unrestricted memory resize function. Use of realloc can expose residual memory contents or render existing buffers impossible to securely erase. Do not use realloc on memory intended to be secure as the old structure will not be zeroed out.

// *printf family
 sprintf=>[3]Function appears in Microsoft's banned function list. Can facilitate format string bugs.
_snprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs.
_swprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs.
_sntprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs.
nsprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs.
vsprintf=>Function appears in Microsoft's banned function list. Can facilitate format string bugs.
std_strlprintf=>Function is generally safe but will result in buffer overflows if destination is not checked for zero length. Can facilitate format string bugs.

// MS banned IsBad* functions
IsBadWritePtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour.
IsBadHugeWritePtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour.
IsBadReadPtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour.
IsBadHugeReadPtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour.
IsBadCodePtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour.
IsBadStringPtr=>Function appears in Microsoft's banned function list. Can mask errors during pointer assignment, resulting in memory leaks, crashes and unstable behaviour.

// File handling
_wfopen=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously.
_wopen=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously.
fopen=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously.
_open=>Function used to open file. Carry out a manual check to ensure that user cannot modify filename for malicious purposes and that file is not 'opened' more than once simultaneously.

// 'considered harmful'
goto =>[3]Use of 'goto' function. The goto function can result in unstructured code which is difficult to maintain and can result in failures to initialise or de-allocate memory.
LoadLibrary=>[2]The function searches several paths for a library if called with a filename, but no path. This can allow trojan DLLs to be deployed, regardless of the presence of the correct DLL. Manually check the code to ensure that the full path is specified.
EnterCriticalSection=>[3]This function can throw exceptions when limited memory is available, resulting in unstable behaviour and potential DoS conditions. Use the safer InitialCriticalSectionAndSpinCount function.
rewind=>[3]The 'rewind' function is considered unsafe and obsolete. Using rewind() makes it impossible to determine if the file position indicator was set back to the beginning of the file, potentially resulting in improper control flow. fseek() is considered a safer alternative.
umask=>[3]Manually check this function to ensure that safe privilege levels are being applied.
catgets=>[3]This function may use the NLSPATH environment variable. Environment variables may be within the control of the end user and should be handled with caution. Manually check the code to ensure that the return value is checked for malicious content and is truncated, where appropriate.
getenv=>[3]Environment variables may be within the control of the end user and should be handled with caution. Manually check the code to ensure that the return value is checked for malicious content and is truncated, where appropriate.
gethostbyname=>[3]Environment variables may be within the control of the end user and should be handled with caution. Manually check the code to ensure that the return value is checked for malicious content and is truncated, where appropriate.
ChangeWindowMessageFilter=>The use of this function is now discouraged. It has process-wide scope and ChangeWindowMessageFilterEx should be used as a safe replacement.
_strlwr =>Function is deprecated. Use the safer version, _strlwr_s.
_strlwr(=>Function is deprecated. Use the safer version, _strlwr_s.
_strupr =>Function is deprecated. Use the safer version, _strupr_s.
_strupr(=>Function is deprecated. Use the safer version, _strupr_s.
setbuf=>Allows data to be read from a file/stream. Use with caution and do not allow user defined streams where possible. Conduct a manual check to ensure data is handled in a safe manner.
assert=>[3]The 'assert' macro usually only exists for code in the debug build. In general, no check will take place in production code. Verify that this check does not perform any critical function and is not being used in place of error handling.