Skip to content

A4-7-1: Incorporate CERT C integer data loss rules #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lcartey opened this issue Jan 17, 2024 · 0 comments
Open

A4-7-1: Incorporate CERT C integer data loss rules #491

lcartey opened this issue Jan 17, 2024 · 0 comments
Assignees
@lcartey
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-High Standard-AUTOSAR

Comments

@lcartey
Copy link
Collaborator

lcartey commented Jan 17, 2024

Affected rules

  • A4-7-1

Description

The IntegerExpressionLeadToDataLoss.ql query should be replaced by the more refined queries from CERT, specifically INT30-C (UnsignedIntegerOperationsWrapAround.ql), INT31-C (IntegerConversionCausesDataLoss.ql), INT32-C (SignedIntegerOverflow.ql) and INT34-C (ExprShiftedByNegativeOrGreaterPrecisionOperand.ql). These provide:

  • Additional results not covered by the original query (particularly around lossy casts and conversions).
  • Improved alert messages with more additional information and no inaccurate descriptions.
  • Additional guard and validation detection, to reduce false positives.
@lcartey lcartey added the false positive/false negative An issue related to observed false positives or false negatives. label Jan 17, 2024
@lcartey lcartey self-assigned this Jan 17, 2024
@lcartey lcartey added Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address Impact-High labels Jan 17, 2024
@lcartey lcartey mentioned this issue Jan 17, 2024
Closed
@lcartey lcartey mentioned this issue Dec 10, 2024
Open
@lcartey lcartey added Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address and removed Difficulty-Low A false positive or false negative report which is expected to take <1 day effort to address labels Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lcartey lcartey

Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-High Standard-AUTOSAR
Projects
Coding Standards Public Development Board
Status: Assigned
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelRFairhurst @lcartey