Skip to content

A4-7-1: Incorporate CERT C integer data loss rules #491

New issue
New issue
Open
Open
A4-7-1: Incorporate CERT C integer data loss rules#491
Assignees
lcartey
Labels
Difficulty-MediumA false positive or false negative report which is expected to take 1-5 days effort to addressImpact-HighStandard-AUTOSARfalse positive/false negativeAn issue related to observed false positives or false negatives.
@lcartey

Description

@lcartey
lcartey
opened on Jan 17, 2024

Affected rules

  • A4-7-1

Description

The IntegerExpressionLeadToDataLoss.ql query should be replaced by the more refined queries from CERT, specifically INT30-C (UnsignedIntegerOperationsWrapAround.ql), INT31-C (IntegerConversionCausesDataLoss.ql), INT32-C (SignedIntegerOverflow.ql) and INT34-C (ExprShiftedByNegativeOrGreaterPrecisionOperand.ql). These provide:

  • Additional results not covered by the original query (particularly around lossy casts and conversions).
  • Improved alert messages with more additional information and no inaccurate descriptions.
  • Additional guard and validation detection, to reduce false positives.

Metadata

Metadata

Assignees

Labels

Difficulty-MediumA false positive or false negative report which is expected to take 1-5 days effort to addressImpact-HighStandard-AUTOSARfalse positive/false negativeAn issue related to observed false positives or false negatives.

Type

No type

Projects

Coding Standards Public Development Board

Status

Assigned

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions