Skip to content

Commit 242744c

Browse files
lcarteylcartey
committed
Add additional CERT risk assessment tags
1 parent a1f45ff commit 242744c

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

74 files changed

+1411
-235
lines changed

rule_packages/c/Banned.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,12 @@
1313
"severity": "error",
1414
"short_name": "DoNotCallSystem",
1515
"tags": [
16-
"security"
16+
"security",
17+
"external/cert/severity/high",
18+
"external/cert/likelihood/probable",
19+
"external/cert/remediation-cost/medium",
20+
"external/cert/priority/p12",
21+
"external/cert/level/l1"
1722
]
1823
}
1924
],

rule_packages/c/Concurrency1.json

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,12 @@
1515
"shared_implementation_short_name": "GuardAccessToBitFields",
1616
"tags": [
1717
"correctness",
18-
"concurrency"
18+
"concurrency",
19+
"external/cert/severity/medium",
20+
"external/cert/likelihood/probable",
21+
"external/cert/remediation-cost/medium",
22+
"external/cert/priority/p8",
23+
"external/cert/level/l2"
1924
]
2025
}
2126
],
@@ -35,7 +40,12 @@
3540
"short_name": "RaceConditionsWhenUsingLibraryFunctions",
3641
"tags": [
3742
"correctness",
38-
"concurrency"
43+
"concurrency",
44+
"external/cert/severity/medium",
45+
"external/cert/likelihood/probable",
46+
"external/cert/remediation-cost/high",
47+
"external/cert/priority/p4",
48+
"external/cert/level/l3"
3949
]
4050
}
4151
],
@@ -55,7 +65,12 @@
5565
"short_name": "DoNotCallSignalInMultithreadedProgram",
5666
"tags": [
5767
"correctness",
58-
"concurrency"
68+
"concurrency",
69+
"external/cert/severity/low",
70+
"external/cert/likelihood/probable",
71+
"external/cert/remediation-cost/low",
72+
"external/cert/priority/p6",
73+
"external/cert/level/l2"
5974
],
6075
"implementation_scope": {
6176
"description": "This implementation does not consider threads created function pointers."

rule_packages/c/Concurrency2.json

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,12 @@
1515
"shared_implementation_short_name": "PreventDeadlockByLockingInPredefinedOrder",
1616
"tags": [
1717
"correctness",
18-
"concurrency"
18+
"concurrency",
19+
"external/cert/severity/low",
20+
"external/cert/likelihood/probable",
21+
"external/cert/remediation-cost/medium",
22+
"external/cert/priority/p4",
23+
"external/cert/level/l3"
1924
]
2025
}
2126
],
@@ -36,7 +41,12 @@
3641
"shared_implementation_short_name": "WrapSpuriousFunctionInLoop",
3742
"tags": [
3843
"correctness",
39-
"concurrency"
44+
"concurrency",
45+
"external/cert/severity/low",
46+
"external/cert/likelihood/unlikely",
47+
"external/cert/remediation-cost/medium",
48+
"external/cert/priority/p2",
49+
"external/cert/level/l3"
4050
]
4151
}
4252
],

rule_packages/c/Concurrency3.json

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,12 @@
1515
"shared_implementation_short_name": "DoNotAllowAMutexToGoOutOfScopeWhileLocked",
1616
"tags": [
1717
"correctness",
18-
"concurrency"
18+
"concurrency",
19+
"external/cert/severity/medium",
20+
"external/cert/likelihood/probable",
21+
"external/cert/remediation-cost/high",
22+
"external/cert/priority/p4",
23+
"external/cert/level/l3"
1924
],
2025
"implementation_scope": {
2126
"description": "This implementation does not allow for thread synchronization to be performed in subroutines. All synchronization must be performed within the context of the other thread management functions."
@@ -31,7 +36,12 @@
3136
"shared_implementation_short_name": "DoNotDestroyAMutexWhileItIsLocked",
3237
"tags": [
3338
"correctness",
34-
"concurrency"
39+
"concurrency",
40+
"external/cert/severity/medium",
41+
"external/cert/likelihood/probable",
42+
"external/cert/remediation-cost/high",
43+
"external/cert/priority/p4",
44+
"external/cert/level/l3"
3545
]
3646
}
3747
],
@@ -52,7 +62,12 @@
5262
"shared_implementation_short_name": "PreserveSafetyWhenUsingConditionVariables",
5363
"tags": [
5464
"correctness",
55-
"concurrency"
65+
"concurrency",
66+
"external/cert/severity/low",
67+
"external/cert/likelihood/unlikely",
68+
"external/cert/remediation-cost/medium",
69+
"external/cert/priority/p2",
70+
"external/cert/level/l3"
5671
],
5772
"implementation_scope": {
5873
"description": "This implementation does not attempt to identify unique condition variables and instead advocates for the usage of `cnd_broadcast`."
@@ -75,7 +90,12 @@
7590
"short_name": "WrapFunctionsThatCanFailSpuriouslyInLoop",
7691
"tags": [
7792
"correctness",
78-
"concurrency"
93+
"concurrency",
94+
"external/cert/severity/low",
95+
"external/cert/likelihood/unlikely",
96+
"external/cert/remediation-cost/medium",
97+
"external/cert/priority/p2",
98+
"external/cert/level/l3"
7999
],
80100
"implementation_scope": {
81101
"description": "This implementation does not attempt to identify a relationship between the condition variable and the atomic operation."

rule_packages/c/Concurrency4.json

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,12 @@
1414
"short_name": "CleanUpThreadSpecificStorage",
1515
"tags": [
1616
"correctness",
17-
"concurrency"
17+
"concurrency",
18+
"external/cert/severity/medium",
19+
"external/cert/likelihood/unlikely",
20+
"external/cert/remediation-cost/medium",
21+
"external/cert/priority/p4",
22+
"external/cert/level/l3"
1823
],
1924
"implementation_scope": {
2025
"description": "This query does not attempt to ensure that the deallocation function in fact deallocates memory and instead assumes the contract is valid. Additionally, this query requires that all `tss_create` calls are bookended by calls to `tss_delete`, even if a thread is not created."
@@ -37,7 +42,13 @@
3742
"short_name": "AppropriateThreadObjectStorageDurations",
3843
"tags": [
3944
"correctness",
40-
"concurrency"
45+
"concurrency",
46+
"external/cert/recommendation/con34-c",
47+
"external/cert/severity/medium",
48+
"external/cert/likelihood/probable",
49+
"external/cert/remediation-cost/high",
50+
"external/cert/priority/p4",
51+
"external/cert/level/l3"
4152
],
4253
"implementation_scope": {
4354
"description": "This query does not consider Windows implementations or OpenMP implementations. This query is primarily about excluding cases wherein the storage duration of a variable is appropriate. As such, this query is not concerned if the appropriate synchronization mechanisms are used, such as sequencing calls to `thrd_join` and `free`. An audit query is supplied to handle some of those cases."
@@ -53,7 +64,13 @@
5364
"tags": [
5465
"external/cert/audit",
5566
"correctness",
56-
"concurrency"
67+
"concurrency",
68+
"external/cert/recommendation/con34-c",
69+
"external/cert/severity/medium",
70+
"external/cert/likelihood/probable",
71+
"external/cert/remediation-cost/high",
72+
"external/cert/priority/p4",
73+
"external/cert/level/l3"
5774
]
5875
}
5976
],

rule_packages/c/Concurrency5.json

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,12 @@
1515
"shared_implementation_short_name": "JoinOrDetachThreadOnlyOnce",
1616
"tags": [
1717
"correctness",
18-
"concurrency"
18+
"concurrency",
19+
"external/cert/severity/low",
20+
"external/cert/likelihood/likely",
21+
"external/cert/remediation-cost/medium",
22+
"external/cert/priority/p6",
23+
"external/cert/level/l2"
1924
],
2025
"implementation_scope": {
2126
"description": "This query considers problematic usages of join and detach irrespective of the execution of the program and other synchronization and interprocess communication mechanisms that may be used."
@@ -38,7 +43,12 @@
3843
"short_name": "AtomicVariableTwiceInExpression",
3944
"tags": [
4045
"correctness",
41-
"concurrency"
46+
"concurrency",
47+
"external/cert/severity/medium",
48+
"external/cert/likelihood/probable",
49+
"external/cert/remediation-cost/medium",
50+
"external/cert/priority/p8",
51+
"external/cert/level/l2"
4252
]
4353
}
4454
],

rule_packages/c/Contracts.json

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,12 @@
1313
"severity": "error",
1414
"short_name": "DoNotViolateInLineLinkageConstraints",
1515
"tags": [
16-
"correctness"
16+
"correctness",
17+
"external/cert/severity/low",
18+
"external/cert/likelihood/unlikely",
19+
"external/cert/remediation-cost/medium",
20+
"external/cert/priority/p2",
21+
"external/cert/level/l3"
1722
],
1823
"implementation_scope": {
1924
"description": "This query only considers the constraints related to inline extern functions."

rule_packages/c/Contracts1.json

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,12 @@
1414
"short_name": "DoNotModifyTheReturnValueOfCertainFunctions",
1515
"shared_implementation_short_name": "ConstLikeReturnValue",
1616
"tags": [
17-
"correctness"
17+
"correctness",
18+
"external/cert/severity/low",
19+
"external/cert/likelihood/probable",
20+
"external/cert/remediation-cost/medium",
21+
"external/cert/priority/p4",
22+
"external/cert/level/l3"
1823
]
1924
}
2025
],
@@ -33,7 +38,12 @@
3338
"severity": "error",
3439
"short_name": "EnvPointerIsInvalidAfterCertainOperations",
3540
"tags": [
36-
"correctness"
41+
"correctness",
42+
"external/cert/severity/low",
43+
"external/cert/likelihood/probable",
44+
"external/cert/remediation-cost/medium",
45+
"external/cert/priority/p4",
46+
"external/cert/level/l3"
3747
],
3848
"implementation_scope": {
3949
"description": "The rule is enforced in the context of a single function."

rule_packages/c/Contracts2.json

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,12 @@
1313
"severity": "error",
1414
"short_name": "ExitHandlersMustReturnNormally",
1515
"tags": [
16-
"correctness"
16+
"correctness",
17+
"external/cert/severity/medium",
18+
"external/cert/likelihood/likely",
19+
"external/cert/remediation-cost/medium",
20+
"external/cert/priority/p12",
21+
"external/cert/level/l1"
1722
]
1823
}
1924
],
@@ -33,7 +38,12 @@
3338
"short_name": "DoNotStorePointersReturnedByEnvFunctions",
3439
"shared_implementation_short_name": "InvalidatedEnvStringPointers",
3540
"tags": [
36-
"correctness"
41+
"correctness",
42+
"external/cert/severity/low",
43+
"external/cert/likelihood/probable",
44+
"external/cert/remediation-cost/medium",
45+
"external/cert/priority/p4",
46+
"external/cert/level/l3"
3747
]
3848
},
3949
{
@@ -45,7 +55,12 @@
4555
"short_name": "DoNotStorePointersReturnedByEnvironmentFunWarn",
4656
"shared_implementation_short_name": "InvalidatedEnvStringPointersWarn",
4757
"tags": [
48-
"correctness"
58+
"correctness",
59+
"external/cert/severity/low",
60+
"external/cert/likelihood/probable",
61+
"external/cert/remediation-cost/medium",
62+
"external/cert/priority/p4",
63+
"external/cert/level/l3"
4964
]
5065
}
5166
],

rule_packages/c/Contracts4.json

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,12 @@
1313
"severity": "error",
1414
"short_name": "SetlocaleMightSetErrno",
1515
"tags": [
16-
"correctness"
16+
"correctness",
17+
"external/cert/severity/medium",
18+
"external/cert/likelihood/probable",
19+
"external/cert/remediation-cost/medium",
20+
"external/cert/priority/p8",
21+
"external/cert/level/l2"
1722
]
1823
},
1924
{
@@ -24,7 +29,12 @@
2429
"severity": "error",
2530
"short_name": "ErrnoReadBeforeReturn",
2631
"tags": [
27-
"correctness"
32+
"correctness",
33+
"external/cert/severity/medium",
34+
"external/cert/likelihood/probable",
35+
"external/cert/remediation-cost/medium",
36+
"external/cert/priority/p8",
37+
"external/cert/level/l2"
2838
]
2939
},
3040
{
@@ -35,7 +45,12 @@
3545
"severity": "error",
3646
"short_name": "FunctionCallBeforeErrnoCheck",
3747
"tags": [
38-
"correctness"
48+
"correctness",
49+
"external/cert/severity/medium",
50+
"external/cert/likelihood/probable",
51+
"external/cert/remediation-cost/medium",
52+
"external/cert/priority/p8",
53+
"external/cert/level/l2"
3954
]
4055
},
4156
{
@@ -46,7 +61,12 @@
4661
"severity": "error",
4762
"short_name": "ErrnoNotSetToZero",
4863
"tags": [
49-
"correctness"
64+
"correctness",
65+
"external/cert/severity/medium",
66+
"external/cert/likelihood/probable",
67+
"external/cert/remediation-cost/medium",
68+
"external/cert/priority/p8",
69+
"external/cert/level/l2"
5070
]
5171
}
5272
],

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy