Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Apex
C
C++
CloudFormation
COBOL
C#
CSS
Docker
Flex
Go
HTML
Java
JavaScript
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Tags

"memset" should not be used to delete sensitive data
Vulnerability
POSIX functions should not be called with arguments that trigger buffer overflows
Vulnerability
XML parsers should not be vulnerable to XXE attacks
Vulnerability
Function-like macros should not be invoked without all of their arguments
Bug
The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist
Bug
The result of "make_format_args" should be passed directly as an argument
Bug
Assigning to an optional should directly target the optional
Bug
Result of the standard remove algorithms should not be ignored
Bug
"std::scoped_lock" should be created with constructor arguments
Bug
Objects should not be sliced
Bug
Immediately dangling references should not be created
Bug
"pthread_mutex_t" should be unlocked in the reverse order they were locked
Bug
"pthread_mutex_t" should be properly initialized and destroyed
Bug
"pthread_mutex_t" should not be consecutively locked or unlocked twice
Bug
"std::move" and "std::forward" should not be confused
Bug
A call to "wait()" on a "std::condition_variable" should have a condition
Bug
A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast
Bug
Functions with "noreturn" attribute should not return
Bug
RAII objects should not be temporary
Bug
"memcmp" should only be called with pointers to trivially copyable types with no padding
Bug
"memcpy", "memmove", and "memset" should only be called with pointers to trivially copyable types
Bug
"std::auto_ptr" should not be used
Bug
Destructors should be "noexcept"
Bug
Stack allocated memory and non-owned memory should not be freed
Bug
Closed resources should not be accessed
Bug
Dynamically allocated memory should be released
Bug
Freed memory should not be used
Bug
Memory locations should not be released more than once
Bug
Memory access should be explicitly bounded to prevent buffer overflows
Bug
Printf-style format strings should not lead to unexpected behavior at runtime
Bug
Recursion should not be infinite
Bug
Resources should be closed
Bug
Appropriate memory de-allocation should be used
Bug
Hard-coded credentials are security-sensitive
Security Hotspot
"goto" should jump to labels declared later in the same function
Code Smell
The name "main" should not be used for any function other than the global "main" function
Code Smell
Only standard forms of the "defined" directive should be used
Code Smell
Switch labels should not be nested inside non-switch blocks
Code Smell
The right-hand operands of && and || should not contain side effects
Code Smell
Digraphs should not be used
Code Smell
Trigraphs should not be used
Code Smell
Use "std::variant" instead of unions with non-trivial types.
Code Smell
A single statement should not have more than one resource allocation
Code Smell
Facilities in <random> should be used instead of "srand", "rand" and "random_shuffle"
Code Smell
Move and swap operations should be "noexcept"
Code Smell
"case" ranges should cover multiple values
Code Smell
Array indices should be placed between brackets
Code Smell
Comparison operators should not be virtual
Code Smell
Assignment operators should not be "virtual"
Code Smell
Redundant pointer operator sequences should be removed
Code Smell
Child class fields should not shadow parent class fields
Code Smell
Non-reentrant POSIX functions should be replaced with their reentrant versions
Code Smell
"goto" statements should not be used to jump into blocks
Code Smell
Keywords introduced in later specifications should not be used as identifiers
Code Smell
Context-sensitive keywords should not be used as identifiers
Code Smell
Switch cases should end with an unconditional "break" statement
Code Smell
"switch" statements should not contain non-case labels
Code Smell
Control should not be transferred into a complex logic block using a "goto" or a "switch" statement
Code Smell
Accessing files should not introduce TOCTOU vulnerabilities
Vulnerability
Cipher algorithms should be robust
Vulnerability
Encryption algorithms should be used with secure mode and padding scheme
Vulnerability
Server hostnames should be verified during SSL/TLS connections
Vulnerability
Server certificates should be verified during SSL/TLS connections
Vulnerability
Cryptographic keys should be robust
Vulnerability
Weak SSL/TLS protocols should not be used
Vulnerability
Insecure functions should not be used
Vulnerability
"scanf()" and "fscanf()" format strings should specify a field width for the "%s" string placeholder
Vulnerability
Function exit paths should have appropriate return values
Bug
Coroutine should have co_return on each execution path or provide return_void
Bug
"volatile" should not be used to qualify objects for which the meaning is not defined
Bug
"volatile" types should not be used in compound operations
Bug
Values returned from string find-related methods should not be treated as boolean
Bug
Relational and subtraction operators should not be used with pointers to different arrays
Bug
Arguments evaluation order should not be relied on
Bug
"reinterpret_cast" should be used carefully
Bug
Parameter values should be appropriate
Bug
Zero should not be a possible denominator
Bug
Line-splicing should not be used in "//" comments
Bug
Member variables should be initialized
Bug
Pointers should not be cast to integral types
Bug
"operator delete" should be written along with "operator new"
Bug
Destructors should not throw exceptions
Bug
Handlers of a function-try-block implementation of a class constructor or destructor shall not reference non-static members from this class or its bases
Bug
Empty throws ("throw;") should only be used in the compound statements of catch handlers
Bug
An exception object should not have pointer type
Bug
"sprintf" should not be used
Security Hotspot
Changing working directories without verifying the success is security-sensitive
Security Hotspot
Using "tmpnam", "tmpnam_s" or "tmpnam_r" is security-sensitive
Security Hotspot
Changing directories improperly when using "chroot" is security-sensitive
Security Hotspot
Using publicly writable directories is security-sensitive
Security Hotspot
Using clear-text protocols is security-sensitive
Security Hotspot
Expanding archive files without controlling resource consumption is security-sensitive
Security Hotspot
Using weak hashing algorithms is security-sensitive
Security Hotspot
Using pseudorandom number generators (PRNGs) is security-sensitive
Security Hotspot
"#undef" should be used with caution
Code Smell
Function names should be used either as a call with a parameter list or with the "&" operator
Code Smell
Functions should not be defined with a variable number of arguments
Code Smell
The comma operator, "&&", and "||" should not be overloaded
Code Smell
A cast shall not remove any const or volatile qualification from the type of a pointer or reference
Code Smell
The return value of "std::move" should be used in a function
Code Smell
Cognitive Complexity of coroutines should not be too high
Code Smell
Use discriminated unions or "std::variant"
Code Smell
Multiple mutexes should not be acquired with individual locks
Code Smell
Pointers or references obtained from aliased smart pointers should not be used as function parameters
Code Smell
"try_lock", "lock" and "unlock" should not be directly used for mutexes
Code Smell
Appropriate arguments should be passed to UNIX/POSIX functions
Code Smell
Appropriate arguments should be passed to stream functions
Code Smell
"Forwarding references" parameters should be used only to forward parameters
Code Smell
Non-const global variables should not be used
Code Smell
Functions that throw exceptions should not be used as hash functions
Code Smell
Blocking functions should not be called inside critical sections
Code Smell
Return value of "setuid" family of functions should always be checked
Code Smell
Size of variable length arrays should be positive
Code Smell
Argument of "printf" should be a format string
Code Smell
"mktemp" family of functions templates should have at least six trailing "X"s
Code Smell
Logical operators should not be confused with bitwise operators
Code Smell
Header guards should be followed by according "#define" macro
Code Smell
Template parameters should be preferred to "std::function" when configuring behavior at compile time
Code Smell
The addresses of standard library functions should not be taken
Code Smell
Macros should not be used to define constants
Code Smell
Memory should not be managed manually
Code Smell
Lambdas that capture "this" should capture everything explicitly
Code Smell
"void *" should not be used in typedefs, member variables, function parameters or return type
Code Smell
The "Rule-of-Zero" should be followed
Code Smell
"nullptr" should be used to denote the null pointer
Code Smell
"default" clauses should be first or last
Code Smell
A conditionally executed single line should be denoted by indentation
Code Smell
Conditionals should start on new lines
Code Smell
Cognitive Complexity of functions should not be too high
Code Smell
Exceptions should not be thrown in "noexcept" functions
Code Smell
Member variables should not be "protected"
Code Smell
When the "Rule-of-Zero" is not applicable, the "Rule-of-Five" should be followed
Code Smell
Default capture should not be used
Code Smell
Standard groupings should be used with digit separators
Code Smell
Special member function should not be defined unless a non standard behavior is required
Code Smell
Standard namespaces should not be modified
Code Smell
Destructors should not be called explicitly
Code Smell
"static" base class members should not be accessed via derived types
Code Smell
Control characters should not be used in literals
Code Smell
Exception specifications should not be used
Code Smell
The sign of an unsigned variable should not be tested
Code Smell
Pre-defined macros should not be defined, redefined or undefined
Code Smell
"explicit" should be used on single-parameter constructors and conversion operators
Code Smell
Virtual functions should not be called from constructors or destructors
Code Smell
Control flow statements "if", "for", "while", "switch" and "try" should not be nested too deeply
Code Smell
Inherited functions should not be hidden
Code Smell
C-style memory allocation routines should not be used
Code Smell
Methods should not be empty
Code Smell
Pure "virtual" functions should not override non-pure "virtual" functions
Code Smell
"using namespace" directives should not be used in header files
Code Smell
Account validity should be verified when authenticating users with PAM
Vulnerability
Lines starting with "#" should contain valid preprocessing directives
Bug
"#include" directives should be followed by either <filename> or "filename" sequences
Bug
Non-standard characters should not occur in header file names in "#include" directives
Bug
Non-empty statements should change control flow or have at least one side-effect
Bug
Unary minus should not be applied to an unsigned expression
Bug
Objects with integer type should not be converted to objects with pointer type
Bug
Variables should be initialized before use
Bug
String literals with different prefixes should not be concatenated
Bug
Only escape sequences defined in the ISO C standard should be used
Bug
"std::format" numeric types should be 0-padded using the numerical padding and not the character padding
Bug
Arguments corresponding to width and precision formatting options should be integers
Bug
Type-constraints should not be used for forwarding reference parameters
Bug
Perfect forwarding constructors should be constrained
Bug
Requires-expression should not contain unevaluated concept checks or type predicates
Bug
"std::bit_cast" should be used instead of union type-punning
Bug
"std::cmp_*" functions should be used to compare unsigned values with negative values
Bug
Call to "std::is_constant_evaluated" should not be gratuitous
Bug
Heterogeneous sorted containers should only be used with types that support heterogeneous comparison
Bug
"#pragma pack" should be used correctly
Bug
Enums should be consistent with the bit fields they initialize
Bug
User-defined types should not be passed as variadic arguments
Bug
Class members should not be initialized with dangling references
Bug
Array values should not be replaced unconditionally
Bug
Integral operations should not overflow
Bug
"case" ranges should not be empty
Bug
All branches in a conditional structure should not have exactly the same implementation
Bug
"extern" shouldn't be used on member definitions
Bug
Declaration specifiers should not be redundant
Bug
Function declarations that look like variable declarations should not be used
Bug
"sizeof" should not be called on pointers
Bug
"const" references to numbers should not be made
Bug
Unary prefix operators should not be repeated
Bug
"=+" should not be used instead of "+="
Bug
Values of different "enum" types should not be compared
Bug
Conditionally executed code should be reachable
Bug
Null pointers should not be dereferenced
Bug
Single-bit named bit fields should not be of a signed type
Bug
Values should not be uselessly incremented
Bug
"sizeof(sizeof(...))" should not be used
Bug
Related "if/else if" statements should not have the same condition
Bug
Identical expressions should not be used on both sides of a binary operator
Bug
All code should be reachable
Bug
Loops with at most one iteration should be refactored
Bug
The original exception object should be rethrown
Bug
Variables should not be self-assigned
Bug
Condition-specific "catch" handlers should not be used after the ellipsis (catch-all) handler
Bug
Handlers in a single try-catch or function-try-block for a derived class and some or all of its bases should be ordered most-derived-first
Bug
Exception classes should be caught by reference
Bug
Setting capabilities is security-sensitive
Security Hotspot
Using "strncpy" or "wcsncpy" is security-sensitive
Security Hotspot
Using "strncat" or "wcsncat" is security-sensitive
Security Hotspot
Using "strcat" or "wcscat" is security-sensitive
Security Hotspot
Using "strlen" or "wcslen" is security-sensitive
Security Hotspot
Using "strcpy" or "wcscpy" is security-sensitive
Security Hotspot
Setting loose POSIX file permissions is security-sensitive
Security Hotspot
#include directives in a file should only be preceded by other preprocessor directives or comments
Code Smell
Loops should not have more than one "break" or "goto" statement
Code Smell
Unused type declarations should be removed
Code Smell
Comma operator should not be used
Code Smell
The unary "&" operator should not be overloaded
Code Smell
"bool" expressions should not be used as operands to built-in operators other than =, &&, ||, !, ==, !=, unary &, and the conditional operator
Code Smell
"enum" members other than the first one should not be explicitly initialized unless all members are explicitly initialized
Code Smell
If a function has internal linkage then all re-declarations shall include the static storage class specifer
Code Smell
Functions should not be declared at block scope
Code Smell
Bit fields should be declared with appropriate types
Code Smell
"std::format" should be used instead of standard output manipulators
Code Smell
Use "std::format" rather than "std::vformat" when the format string is known at compile time
Code Smell
Calls to "std::format" with a locale should use the "L" flag
Code Smell
"std::format" should not have unused arguments
Code Smell
Width, alignment, and padding format options should be used consistently
Code Smell
Explicit argument indexing in "std::format" should be used only for non-trivial ordering
Code Smell
Generic iterator-based algorithms should be constrained
Code Smell
"std::declval" should not be used within requires-expression
Code Smell
Template should not be constrained with ad-hoc requires-expression
Code Smell
Coroutines should not take const references as parameters
Code Smell
Thread local variables should not be used in coroutines
Code Smell
Use symmetric transfer to switch execution between coroutines
Code Smell
rvalue reference members should not be copied accidentally
Code Smell
"std::string_view" and "std::span" parameters should be directly constructed from sequences
Code Smell
Comparision operators ("<=>", "==") should be defaulted unless non-default behavior is required
Code Smell
"std::chrono" components should be used to operate on time
Code Smell
"std::enable_if" should not be used
Code Smell
"std::source_location" should be used instead of "__FILE__", "__LINE__", and "__func__" macros
Code Smell
Function template parameters should be named if reused
Code Smell
Redundant comparison operators should not be defined
Code Smell
"std::format" should be used instead of string concatenation and "std::to_string"
Code Smell
"std::bit_cast" should be used to reinterpret binary representation instead of "std::memcpy"
Code Smell
"[[likely]]" and "[[unlikely]]" should be used instead of compiler built-ins
Code Smell
"starts_with" and "ends_with" should be used for prefix and postfix checks
Code Smell
Designated initializers should be used in their C++ compliant form
Code Smell
"std::jthread" should be used instead of "std::thread"
Code Smell
Elements in a container should be erased with "std::erase" or "std::erase_if"
Code Smell
Mathematical constants should not be hardcoded
Code Smell
Transparent comparator should be used with associative "std::string" containers
Code Smell
"emplace" should be prefered over "insert" with "std::set" and "std::unordered_set"
Code Smell
Unnecessary expensive copy should be avoided when using auto as a placeholder type
Code Smell
The right template argument should be specified for std::forward
Code Smell
"try_emplace" should be used with "std::map" and "std::unordered_map"
Code Smell
Exception specifications should be treated as part of the type
Code Smell
"auto" should be used for non-type template parameter
Code Smell
"std::optional" member function "value_or" should be used
Code Smell
"std::byte" should be used when you need byte-oriented memory access
Code Smell
Inline variables should be used to declare global variables in header files
Code Smell
"[*this]" should be used to capture the current object by copy
Code Smell
"std::uncaught_exception" should not be used
Code Smell
Objects should not be created solely to be passed as arguments to functions that perform delegated object creation
Code Smell
"std::filesystem::path" should be used to represent a file path
Code Smell
Fold expressions should be used instead of recursive template instantiations
Code Smell
"as_const" should be used to make a value constant
Code Smell
Structured binding should be used
Code Smell
Emplacement should be prefered when insertion creates a temporary with sequence containers
Code Smell
"std::visit" should be used to switch on the type of the current value in a "std::variant"
Code Smell
"bind" should not be used
Code Smell
"make_unique" and "make_shared" should be used to construct "unique_ptr" and "shared_ptr"
Code Smell
C-style array should not be used
Code Smell
"auto" should be used to avoid repetition of types
Code Smell
Integer literals should not be cast to bool
Code Smell
Member functions that don't mutate their objects should be declared "const"
Code Smell
Functions having rvalue reference arguments should "std::move" those arguments
Code Smell
Capture by reference in lambdas used locally
Code Smell
Size of bit fields should not exceed the size of their types
Code Smell
"std::move" should only be used where moving can happen
Code Smell
Classes should not contain both public and private data members
Code Smell
GNU attributes should be used correctly
Code Smell
Unevaluated operands should not have side effects
Code Smell
Size argument of memory functions should be consistent
Code Smell
Return value of "nodiscard" functions should not be ignored
Code Smell
Implicit casts should not lower precision
Code Smell
"std::move" should only be added when necessary
Code Smell
Appropriate size arguments should be passed to "strncat" and "strlcpy"
Code Smell
Moved-from objects should not be relied upon
Code Smell
Keywords shall not be used as macros identifiers
Code Smell
Incomplete types should not be deleted
Code Smell
Dereferenced null pointers should not be bound to references
Code Smell
"else" statements should be clearly matched with an "if"
Code Smell
Function pointers should not be used as function parameters
Code Smell
Function parameters should not be of type "std::unique_ptr<T> const &"
Code Smell
Include directives should not rely on non-portable search strategy
Code Smell
Methods should not have identical implementations
Code Smell
"#include" paths should be portable
Code Smell
"#import" should not be used
Code Smell
Atomic types should be used instead of "volatile" types
Code Smell
String literals should not be immediately followed by macros
Code Smell
"reinterpret_cast" should not be used
Code Smell
"switch" statements should cover all cases
Code Smell
Methods returns should not be invariant
Code Smell
Printf-style format strings should be used correctly
Code Smell
Conditional operators should not be nested
Code Smell
Member data should be initialized in-class or in a constructor initialization list
Code Smell
"this" should not be compared with null
Code Smell
The "delete" operator should only be used for pointers
Code Smell
Multiline blocks should be enclosed in curly braces
Code Smell
Increment should not be used to set boolean variables to 'true'
Code Smell
Boolean expressions should not be gratuitous
Code Smell
Standard C++ headers should be used
Code Smell
Parameters should be passed in the correct order
Code Smell
"static" members should be accessed statically
Code Smell
Obsolete POSIX functions should not be used
Code Smell
Two branches in a conditional structure should not have exactly the same implementation
Code Smell
Unused assignments should be removed
Code Smell
Structures should not have too many fields
Code Smell
"switch" statements should not have too many "case" clauses
Code Smell
Classes should not have too many methods
Code Smell
Sections of code should not be commented out
Code Smell
Pass by reference to const should be used for large input parameters
Code Smell
Assignment operators should return non-"const" references
Code Smell
Polymorphic base class destructor should be either public virtual or protected non-virtual
Code Smell
Lambdas should not have too many lines
Code Smell
Generic exceptions should not be caught
Code Smell
Unused function parameters should be removed
Code Smell
Unused functions and methods should be removed
Code Smell
Try-catch blocks should not be nested
Code Smell
Track uses of "FIXME" tags
Code Smell
Deprecated attributes should include explanations
Code Smell
Assignments should not be made from within sub-expressions
Code Smell
Generic exceptions should never be thrown
Code Smell
Variables should not be shadowed
Code Smell
Redundant pairs of parentheses should be removed
Code Smell
Inheritance tree of classes should not be too deep
Code Smell
Nested blocks of code should not be left empty
Code Smell
Functions should not have too many parameters
Code Smell
Unused "private" fields should be removed
Code Smell
Collapsible "if" statements should be merged
Code Smell
Unused labels should be removed
Code Smell
Virtual functions should be declared with the "virtual" keyword
Code Smell
Parameters in an overriding virtual function shall either use the same default arguments as the function they override, or else shall not specify any default arguments
Code Smell
Header files should not contain unnamed namespaces
Code Smell
"std::format" should not be missing indexes
Bug
The "sizeof" and "alignof" operator should not be used with operands of a "void" type
Bug
"nonnull" pointers should not be set to null
Bug
"for" loop counters should not have essentially floating type
Bug
Line continuation characters '\' should not be followed by trailing whitespace
Bug
Using hardcoded IP addresses is security-sensitive
Security Hotspot
Pointer and reference parameters should be "const" if the corresponding object is not modified
Code Smell
The three expressions of a "for" statement should only be concerned with loop control
Code Smell
Literal suffix "L" for long integers shall be upper case
Code Smell
C++ formatting functions should be used instead of C printf-like functions
Code Smell
Concatenated "std::format" outputs should be replaced by a single invocation
Code Smell
Use type-erased "coroutine_handle" when applicable
Code Smell
Use conditional suspension to resume current coroutine
Code Smell
"auto" should be used to store a result of functions that conventionally return an iterator or a range
Code Smell
"std::has_single_bit" should be used to test if an integer is a power of two
Code Smell
Empty class members should be marked as "[[no_unique_address]]"
Code Smell
"std::to_address" should be used to convert iterators to raw pointers
Code Smell
"[[nodiscard]]" attributes on types should include explanations
Code Smell
STL constrained algorithms with range parameter should be used when iterating over the entire range
Code Smell
"std::span" should be used for a uniform sequence of elements contiguous in memory
Code Smell
Operator spaceship "<=>" should be used to define comparable types
Code Smell
"std::midpoint" and "std::lerp" should be used for midpoint computation and linear interpolation
Code Smell
"using enum" should be used in scopes with high concentration of "enum" constants
Code Smell
"contains" should be used to check if a key exists in a container
Code Smell
Free functions should be preferred to member functions when accessing a container in a generic context
Code Smell
The "_t" and "_v" version of type traits should be used instead of "::type" and "::value"
Code Smell
"if constexpr" should be preferred to overloading for metaprogramming
Code Smell
"static_assert" with no message should be used over "static_assert" with empty or redundant message
Code Smell
Redundant class template arguments should not be used
Code Smell
"std::string_view" should be used to pass a read-only string to a function
Code Smell
"if","switch", and range-based for loop initializer should be used to reduce scope of variables
Code Smell
"std::scoped_lock" should be used instead of "std::lock_guard"
Code Smell
Multicharacter literals should not be used
Code Smell
Classes should explicitly specify the access level when specifying base classes
Code Smell
"std::initializer_list" constructor should not overlap with other constructors
Code Smell
Threads should not be detached
Code Smell
Loop variables should be declared in the minimal possible scope
Code Smell
"shared_ptr" should not be taken by rvalue reference
Code Smell
Inheriting constructors should be used
Code Smell
Return type of functions shouldn't be const qualified value
Code Smell
Macros should not be used as replacement to "typdef" and "using"
Code Smell
Concise syntax should be used for concatenatable namespaces
Code Smell
STL algorithms and range-based for loops should be preferred to traditional for loops
Code Smell
"using" should be preferred for type aliasing
Code Smell
"constexpr" functions should not be declared "inline"
Code Smell
"^" should not be confused with exponentiation
Code Smell
Pointer and reference local variables should be "const" if the corresponding object is not modified
Code Smell
Format strings should comply with ISO standards
Code Smell
Functions which do not return should be declared as "noreturn"
Code Smell
Macros should not be redefined
Code Smell
'extern "C"' should not be used with namespaces
Code Smell
"auto" should not be used as a storage class specifier
Code Smell
"#include_next" should not be used
Code Smell
String literals should not be concatenated implicitly
Code Smell
Reference types should not be qualified with "const" or "volatile"
Code Smell
Partial specialization syntax should not be used for function templates
Code Smell
Alternative operators should not be used
Code Smell
Types and variables should be declared in separate statements
Code Smell
Scoped enumerations should be used
Code Smell
"const" and "volatile" should not be used in "enum" declarations
Code Smell
Raw string literals should be used
Code Smell
Jump statements should not be redundant
Code Smell
"static" should not be used in unnamed namespaces
Code Smell
"final" classes should not have "virtual" functions
Code Smell
Redundant lambda return types should be omitted
Code Smell
Declarations of functions defined outside of the class should not be marked as "inline"
Code Smell
Allocation and deallocation functions should not be explicitly declared "static"
Code Smell
Access specifiers should not be redundant
Code Smell
The "register" storage class specifier should not be used
Code Smell
"override" or "final" should be used instead of "virtual"
Code Smell
Empty "case" clauses that fall through to the "default" should be omitted
Code Smell
Namespaces should not be empty
Code Smell
Forward declarations should not be redundant
Code Smell
Members should be initialized in the order they are declared
Code Smell
Declarations should not be empty
Code Smell
General "catch" clauses should not be used
Code Smell
"catch" clauses should do more than rethrow
Code Smell
Exceptions should not be ignored
Code Smell
"final" classes should not have "protected" members
Code Smell
"final" should not be used redundantly
Code Smell
Redundant casts should not be used
Code Smell
Code annotated as deprecated should not be used
Code Smell
"#pragma warning (default: ...)" should not be used
Code Smell
Init-declarator-lists and member-declarator-lists should consist of single init-declarators and member-declarators respectively
Code Smell
Unused local variables should be removed
Code Smell
"switch" statements should have at least 3 "case" clauses
Code Smell
A "while" loop should be used instead of a "for" loop
Code Smell
Nested code blocks should not be used
Code Smell
Overriding member functions should do more than simply call the same member in the base class
Code Smell
Do not check emptiness with a size method when a dedicated function exists
Code Smell
Empty statements should be removed
Code Smell
"/*" and "//" should not be used within comments
Code Smell
Classes should not be derived from virtual bases
Code Smell
Track uses of "TODO" tags
Code Smell
Deprecated code should be removed
Code Smell
Reserved identifiers and functions in the C standard library should not be defined or declared
Code Smell
In the definition of a function-like macro, each instance of a parameter shall be enclosed in parentheses, unless it is used as the operand of # or ##
Code Smell
Bit fields should not be used
Code Smell
Track lack of copyright and license headers
Code Smell
Octal values should not be used
Code Smell
Function templates should not be specialized
Code Smell
"abort", "exit", "getenv" and "system" from <stdlib.h> should not be used
Bug
"atof", "atoi" and "atol" from <stdlib.h> should not be used
Bug
"<signal.h>" should not be used
Bug
Dynamic heap memory allocation should not be used
Bug
The global namespace should only contain "main", namespace declarations, and "extern" C declarations
Code Smell
"<time.h>" should not be used
Code Smell
"<stdio.h>" should not be used in production code
Code Smell
"offsetof" macro should not be used
Code Smell
"errno" should not be used
Code Smell
"setjmp" and "longjmp" should not be used
Code Smell
Function-like macros should not be used
Code Smell
Macros should not be #define'd or #undef'd within a block
Code Smell
Unions should not be used
Code Smell
Array type function arguments should not decay to pointers
Code Smell
Object declarations should contain no more than 2 levels of pointer indirection
Code Smell
Recursion should not be used
Code Smell
Constants of unsigned type should have a "U" suffix
Code Smell
Cyclomatic Complexity of coroutines should not be too high
Code Smell
Functions should not have more than one argument of type "bool"
Code Smell
using-directives and using-declarations (excluding class scope or function scope using-declarations) shall not be used in header files
Code Smell
Virtual functions should not have default arguments
Code Smell
Octal and hexadecimal escape sequences should be terminated
Code Smell
Flexible array members should not be declared
Code Smell
Preprocessor directives should not be indented
Code Smell
"switch" statements should not be nested
Code Smell
Lambdas should not be used
Code Smell
Cyclomatic Complexity of functions should not be too high
Code Smell
Cyclomatic Complexity of classes should not be too high
Code Smell
"switch" statements should have "default" clauses
Code Smell
"if ... else if" constructs should end with "else" clauses
Code Smell
"typedef" should be used for function pointers
Code Smell
Control structures should use curly braces
Code Smell
Expressions should not be too complex
Code Smell
"<cstdio>" should not be used
Code Smell
"<ctime>" should not be used
Code Smell
C libraries should not be used
Code Smell
Macros used in preprocessor directives should be defined before use
Bug
Evaluation of the operand to the sizeof operator shall not contain side effects
Bug
Bitwise operators should not be applied to signed operands
Bug
Boolean operations should not have numeric operands, and vice versa
Bug
Pointer conversions should be restricted to a safe subset
Bug
Function pointers should not be converted to any other type
Bug
Results of ~ and << operations on operands of underlying types unsigned char and unsigned short should immediately be cast to the operand's underlying type
Bug
Each operand of the ! operator, the logical && or the logical || operators shall have type bool
Bug
When an array is declared, its size shall either be stated explicitly or defined implicitly by initialization
Bug
Floating point numbers should not be tested for equality
Bug
Multiple declarations for an identifier in the same namespace shall not straddle a using-declaration for that identifier
Bug
There shall be at most one occurrence of the # or ## operators in a single macro definition
Code Smell
Parameters in a function prototype should be named
Code Smell
"goto" statement should not be used
Code Smell
A loop-control-variable other than the loop-counter which is modified in statement shall have type bool
Code Smell
Increment (++) and decrement (--) operators should not be used in a method call or mixed with other operators in an expression
Code Smell
"enum" values should not be used as operands to built-in operators other than [ ], =, ==, !=, unary &, and the relational operators <, <=, >, >=
Code Smell
C-style and functional notation casts should not be used
Code Smell
Operands of "&&" and "||" should be primary (C) or postfix (C++) expressions
Code Smell
Limited dependence should be placed on operator precedence
Code Smell
Braces should be used to indicate and match the structure in the non-zero initialization of arrays and structures
Code Smell
Array declarations should include an explicit size specification
Code Smell
Objects or functions with external linkage shall be declared in a header file
Code Smell
"typedef" names should be unique identifiers
Code Smell
Identifiers should not be longer than 31 characters
Code Smell
All uses of the #pragma directive should be documented
Code Smell
Assembly language should be encapsulated and isolated
Code Smell
Coroutines should not have too many lines of code
Code Smell
[[nodiscard]] should be used when the return value of a function should not be ignored
Code Smell
Functions that are not used in a project should be removed
Code Smell
Local variables should be initialized immediately
Code Smell
The order for arguments of the same type in a function call should be obvious
Code Smell
A cast should not convert a pointer type to an integral type
Code Smell
An object with integral type or pointer to void type shall not be converted to an object with pointer type
Code Smell
An object with pointer type shall not be converted to an unrelated pointer type, either directly or indirectly
Code Smell
Non-exception types should not be caught
Code Smell
Non-exception types should not be thrown
Code Smell
Binary operators should be overloaded as "friend" functions
Code Smell
Track parsing failures
Code Smell
Files should not be too complex
Code Smell
The ternary operator should not be used
Code Smell
A "struct" should not have member functions
Code Smell
Default parameters should not be defined
Code Smell
Exceptions should not be used
Code Smell
Rvalue references should not be used
Code Smell
Functions/methods should not have too many lines
Code Smell
Track uses of "NOSONAR" comments
Code Smell
"::" operator should be used to access global variables and functions
Code Smell
"for" loop stop conditions should be invariant
Code Smell
Statements should be on separate lines
Code Smell
"switch case" clauses should not have too many lines of code
Code Smell
Functions should not contain too many return statements
Code Smell
Magic numbers should not be used
Code Smell
Standard outputs should not be used directly to log anything
Code Smell
Files should not have too many lines of code
Code Smell
Lines should not be too long
Code Smell
"operator=" should check for assignment to self
Bug
Accessible base classes should not be both "virtual" and non-virtual in the same hierarchy
Bug
A variable which is not modified shall be const qualified
Code Smell
Preprocessor operators "#" and "##" should not be used
Code Smell
Switch statement conditions should not have essentially boolean type
Code Smell
"continue" should not be used
Code Smell
The loop-counter should be modified by one of: --, ++, -=n, or +=n; where n remains constant for the duration of the loop
Code Smell
Signed and unsigned types should not be mixed in expressions
Code Smell
typedefs that indicate size and signedness should be used in place of the basic types
Code Smell
The first operand of a conditional operator should have type bool
Code Smell
The condition of an if-statement and the condition of an iteration-statement shall have type bool
Code Smell
Appropriate char types should be used for character and integer values
Code Smell
Source code should only use /* ... */ style comments
Code Smell
Concept names should comply with a naming convention
Code Smell
Coroutine names should comply with a naming convention
Code Smell
"std::cmp_*" functions should be used to compare signed and unsigned values
Code Smell
"nodiscard" attributes on functions should include explanations
Code Smell
"dynamic_cast" should be used for downcasting
Code Smell
Struct should explicitly specify the access level when specifying base classes
Code Smell
"std::endl" should not be used
Code Smell
The identifiers used for the parameters in a re-declaration or override of a function shall be identical to those in the declaration
Code Smell
A loop-control-variable other than the loop-counter shall not be modified within condition or expression
Code Smell
The loop-counter shall not be modified within condition or statement
Code Smell
If loop-counter is not modified by -- or ++, then, within condition, the loop-counter shall only be used as an operand to <=, <, > or >=
Code Smell
A for loop shall contain a single loop-counter which shall not have floating type
Code Smell
Every switch statement shall have at least one case-clause
Code Smell
All "if ... else if" constructs shall be terminated with an "else "clause
Code Smell
An `if ( condition )` construct shall be followed by a compound statement. The else keyword shall be followed by either a compound statement, or another if statement
Code Smell
The statement forming the body of a "switch", "while", "do {...} while" or "for" statement shall be a compound statement
Code Smell
C-style casts (other than void casts) and functional notation casts (other than explicit constructor calls) shall not be used
Code Smell
"auto" should not be used to deduce raw pointers
Code Smell
Method overloads should be grouped together in the interface
Code Smell
GNU extensions should not be used
Code Smell
"inline" should not be used redundantly
Code Smell
Digit separators should be used
Code Smell
Base class access specifiers should not be redundant
Code Smell
Inheritance should be "public"
Code Smell
Methods should not return constants
Code Smell
Label names should comply with a naming convention
Code Smell
Enumeration values should comply with a naming convention
Code Smell
Enumeration names should comply with a naming convention
Code Smell
Namespace names should comply with a naming convention
Code Smell
Comment styles "//" and "/* ... */" should not be mixed within a file
Code Smell
"union" names should comply with a naming convention
Code Smell
"public", "protected" and "private" sections of a class should be declared in that order
Code Smell
Constants should come first in equality tests
Code Smell
Type specifiers should be listed in a standard order
Code Smell
C++ comments should be used
Code Smell
Track "TODO" and "FIXME" comments that do not contain a reference to a person
Code Smell
The prefix increment/decrement form should be used
Code Smell
"struct" names should comply with a naming convention
Code Smell
File names should comply with a naming convention
Code Smell
Macro names should comply with a naming convention
Code Smell
Comments should not be located at the end of lines of code
Code Smell
Functions without parameters should not use "(void)"
Code Smell
break statements should not be used except for switch cases
Code Smell
Local variable and function parameter names should comply with a naming convention
Code Smell
Field names should comply with a naming convention
Code Smell
Lines should not end with trailing whitespaces
Code Smell
Files should contain an empty newline at the end
Code Smell
Tabulation characters should not be used
Code Smell
Class names should comply with a naming convention
Code Smell
A function should have a single point of exit at the end of the function
Code Smell
"using-directives" should not be used
Code Smell
Function names should comply with a naming convention
Code Smell
Track comments matching a regular expression
Code Smell
Track instances of the "#error" preprocessor directive being reached
Code Smell

Server hostnames should be verified during SSL/TLS connections

Vulnerability

CriticalSonarSource default severity
click to learn more

cwe
symbolic-execution
full-project
privacy
ssl

Why is this an issue?

To establish a SSL/TLS connection not vulnerable to man-in-the-middle attacks, it’s essential to make sure the server presents the right certificate.

The certificate’s hostname-specific data should match the server hostname.

It’s not recommended to re-invent the wheel by implementing custom hostname verification.

TLS/SSL libraries provide built-in hostname verification functions that should be used.

Noncompliant code example

libcurl

#include <curl/curl.h>

CURL *curl;
curl_global_init(CURL_GLOBAL_DEFAULT);

curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); // Noncompliant

//Perform the request
curl_easy_perform(curl);

OpenSSL

#include <openssl/ssl.h>

SSL_CTX *ctx = get_ctx();
SSL *ssl = SSL_new(ctx);

// ...

// By default hostname validation is disabled
// `SSL_set1_host` is not called
SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);

// ...

SSL_connect(ssl); // Noncompliant

botan

#include <botan/tls_client.h>
#include <botan/tls_callbacks.h>
#include <botan/tls_session_manager.h>
#include <botan/tls_policy.h>
#include <botan/auto_rng.h>
#include <botan/certstor.h>
#include <botan/certstor_system.h>

class Callbacks : public Botan::TLS::Callbacks
{
// ...

virtual void tls_verify_cert_chain(
          const std::vector<Botan::X509_Certificate> &cert_chain,
          const std::vector<std::shared_ptr<const Botan::OCSP::Response>> &ocsp_responses,
          const std::vector<Botan::Certificate_Store *> &trusted_roots,
          Botan::Usage_Type usage,
          const std::string &hostname,
          const Botan::TLS::Policy &policy) override {} // Noncompliant (secondary location), tls_verify_cert_chain never throws. Always accept server certificate and doesn't verify hostname
};

class Client_Credentials : public Botan::Credentials_Manager
{
// ...
};

Callbacks callbacks;
Botan::AutoSeeded_RNG rng;
Botan::TLS::Session_Manager_In_Memory session_mgr(rng);
Client_Credentials creds;
Botan::TLS::Strict_Policy policy;

// open the tls connection
Botan::TLS::Client client(callbacks, session_mgr, creds, policy, rng,
                          Botan::TLS::Server_Information("example.com", 443),
                          Botan::TLS::Protocol_Version::TLS_V12); // Noncompliant; uses an implementation of Botan::TLS::Callbacks that doesn't validate server hostname

Compliant solution

libcurl

#include <curl/curl.h>

CURL *curl;
curl_global_init(CURL_GLOBAL_DEFAULT);

curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/");
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L);

curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 2L); // Compliant

//Perform the request
curl_easy_perform(curl);

OpenSSL

#include <openssl/ssl.h>

SSL_CTX *ctx = get_ctx();
SSL *ssl = SSL_new(ctx);

// ...

SSL_set1_host(ssl, HOST_NAME); // Compliant
SSL_set_verify(ssl, SSL_VERIFY_PEER, NULL);

// ...

SSL_connect(ssl);

botan

#include <botan/tls_client.h>
#include <botan/tls_callbacks.h>
#include <botan/tls_session_manager.h>
#include <botan/tls_policy.h>
#include <botan/auto_rng.h>
#include <botan/certstor.h>
#include <botan/certstor_system.h>

// Compliant use the default implementation of tls_verify_cert_chain method which verify server certificate and hostname
class Callbacks : public Botan::TLS::Callbacks
{
// ...
};

class Client_Credentials : public Botan::Credentials_Manager
{
// ...
};

Callbacks callbacks;
Botan::AutoSeeded_RNG rng;
Botan::TLS::Session_Manager_In_Memory session_mgr(rng);
Client_Credentials creds;
Botan::TLS::Strict_Policy policy;

// open the tls connection
Botan::TLS::Client client(callbacks, session_mgr, creds, policy, rng,
                          Botan::TLS::Server_Information("example.com", 443),
                          Botan::TLS::Protocol_Version::TLS_V12); // Compliant; uses an implementation of Botan::TLS::Callbacks that validate server hostname

Resources

OWASP Top 10 2021 Category A2 - Cryptographic Failures
OWASP Top 10 2021 Category A5 - Security Misconfiguration
OWASP Top 10 2021 Category A7 - Identification and Authentication Failures
OWASP Top 10 2017 Category A3 - Sensitive Data Exposure
OWASP Top 10 2017 Category A6 - Security Misconfiguration
Mobile AppSec Verification Standard - Network Communication Requirements
OWASP Mobile Top 10 2016 Category M3 - Insecure Communication
MITRE, CWE-297 - Improper Validation of Certificate with Host Mismatch

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Developer
Edition

© 2008-2023 SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource S.A. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.
Privacy Policy

In-IDE

SaaS

Self-Hosted