SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 45 rules found
symbolic-execution
    Impact
      Clean code attribute
        1. The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist

           Bug
        2. Variables should be initialized before use

           Bug
        3. Variables should not be accessed outside of their scope

           Bug
        4. Well-defined type-punning method should be used instead of a union-based one

           Bug
        5. "std::cmp_*" functions should be used to compare unsigned values with negative values

           Bug
        6. "std::cmp_*" functions should be used to compare signed and unsigned values

           Code Smell
        7. Account validity should be verified when authenticating users with PAM

           Vulnerability
        8. Changing directories improperly when using "chroot" is security-sensitive

           Security Hotspot
        9. POSIX functions should not be called with arguments that trigger buffer overflows

           Vulnerability
        10. Immediately dangling references and pointers should not be created

           Bug
        11. Server hostnames should be verified during SSL/TLS connections

           Vulnerability
        12. "pthread_mutex_t" should be unlocked in the reverse order they were locked

           Bug
        13. Only valid arguments should be passed to UNIX/POSIX functions

           Code Smell
        14. "pthread_mutex_t" should be properly initialized and destroyed

           Bug
        15. "pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked

           Bug
        16. Only valid arguments should be passed to stream functions

           Code Smell
        17. Using publicly writable directories is security-sensitive

           Security Hotspot
        18. Using clear-text protocols is security-sensitive

           Security Hotspot
        19. Blocking functions should not be called inside critical sections

           Code Smell
        20. Return value of "setuid" family of functions should always be checked

           Code Smell
        21. Size of variable length arrays should be greater than zero

           Code Smell
        22. "mktemp" family of functions templates should have at least six trailing "X"s

           Code Smell
        23. Appropriate size arguments should be passed to "strncat" and "strlcpy"

           Code Smell
        24. Moved-from objects should not be relied upon

           Code Smell
        25. Server certificates should be verified during SSL/TLS connections

           Vulnerability
        26. Weak SSL/TLS protocols should not be used

           Vulnerability
        27. Integral operations should not overflow

           Bug
        28. Parameter values should be appropriate

           Bug
        29. Stack allocated memory and non-owned memory should not be freed

           Bug
        30. Closed resources should not be accessed

           Bug
        31. Dynamically allocated memory should be released

           Bug
        32. Freed memory should not be used

           Bug
        33. Memory locations should not be released more than once

           Bug
        34. Memory access should be explicitly bounded to prevent buffer overflows

           Bug
        35. Zero should not be a possible denominator

           Bug
        36. XML parsers should not be vulnerable to XXE attacks

           Vulnerability
        37. "nonnull" parameters and return values of "returns_nonnull" functions should not be null

           Bug
        38. Null pointers should not be dereferenced

           Bug
        39. Member variables should be initialized

           Bug
        40. Resources should be closed

           Bug
        41. Unused assignments should be removed

           Code Smell
        42. Appropriate memory de-allocation should be used

           Bug
        43. An object shall not be accessed outside of its lifetime

           Bug
        44. Reads and writes on the same file stream shall be separated by a positioning operation

           Bug
        45. The value of an object must not be read before it has been set

           Bug

        POSIX functions should not be called with arguments that trigger buffer overflows

        consistency - conventional
        reliability
        security
        Vulnerability
        • cwe
        • symbolic-execution
        • cert

        Some POSIX functions take one argument that is a buffer and another one that represents the size of the buffer. It is up to the developer to make sure the two arguments do match and that the size argument does not exceed the buffer’s size.

        Why is this an issue?

        How can I fix it?

        More Info

        When the size argument exceeds the actual size of the buffer, the memory management functions will either read or write data past the buffer memory boundary into adjacent memory. Because the memory might be uninitialized or contain other pieces of data, the behavior of the affected function can not be predicted and will likely trigger bugs.

        What is the potential impact?

        Buffer boundaries violations can lead to serious security issues.

        Information disclosure

        In some scenarios, insecure functions can lead to information disclosure. For instance, if an attacker can cause a buffer overread, they might be able to disclose data in memory that they’re not supposed to have access to. This could potentially allow them to access sensitive information, such as passwords or encryption keys. An example of a buffer overread is provided with the Heartbleed vulnerability. ==== Code execution

        In some cases, an attacker can craft input in a way that allows them to gain unauthorized access to your system. For example, they might be able to overwrite a function’s return address in memory, causing your program to execute code of the attacker’s choosing. This could potentially give the attacker full control over your system.

        Denial of service

        If an attacker can trigger a buffer overflow by providing oversized input, it can cause the program to crash. If the attacker repeats this process, it can continually disrupt the service, denying access to other users. This can be particularly damaging for services that require high availability, such as online platforms or databases.

        In some cases, the input might cause the program to enter an infinite loop or consume excessive memory, slowing down the system or even causing it to become unresponsive. This type of attack is known as a resource exhaustion DoS attack.

        Exceptions

        Functions related to sockets using the type socklen_t are not checked. This is because these functions are using a C-style polymorphic pattern using union. It relies on a mismatch between allocated memory and sizes of structures and it creates false positives.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use