SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
C++

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

  • All rules 674
  • Vulnerability13
  • Bug139
  • Security Hotspot19
  • Code Smell503

  • Quick Fix 91
Filtered: 45 rules found
symbolic-execution
    Impact
      Clean code attribute
        1. The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist

           Bug
        2. Variables should be initialized before use

           Bug
        3. Variables should not be accessed outside of their scope

           Bug
        4. Well-defined type-punning method should be used instead of a union-based one

           Bug
        5. "std::cmp_*" functions should be used to compare unsigned values with negative values

           Bug
        6. "std::cmp_*" functions should be used to compare signed and unsigned values

           Code Smell
        7. Account validity should be verified when authenticating users with PAM

           Vulnerability
        8. Changing directories improperly when using "chroot" is security-sensitive

           Security Hotspot
        9. POSIX functions should not be called with arguments that trigger buffer overflows

           Vulnerability
        10. Immediately dangling references and pointers should not be created

           Bug
        11. Server hostnames should be verified during SSL/TLS connections

           Vulnerability
        12. "pthread_mutex_t" should be unlocked in the reverse order they were locked

           Bug
        13. Only valid arguments should be passed to UNIX/POSIX functions

           Code Smell
        14. "pthread_mutex_t" should be properly initialized and destroyed

           Bug
        15. "pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked

           Bug
        16. Only valid arguments should be passed to stream functions

           Code Smell
        17. Using publicly writable directories is security-sensitive

           Security Hotspot
        18. Using clear-text protocols is security-sensitive

           Security Hotspot
        19. Blocking functions should not be called inside critical sections

           Code Smell
        20. Return value of "setuid" family of functions should always be checked

           Code Smell
        21. Size of variable length arrays should be greater than zero

           Code Smell
        22. "mktemp" family of functions templates should have at least six trailing "X"s

           Code Smell
        23. Appropriate size arguments should be passed to "strncat" and "strlcpy"

           Code Smell
        24. Moved-from objects should not be relied upon

           Code Smell
        25. Server certificates should be verified during SSL/TLS connections

           Vulnerability
        26. Weak SSL/TLS protocols should not be used

           Vulnerability
        27. Integral operations should not overflow

           Bug
        28. Parameter values should be appropriate

           Bug
        29. Stack allocated memory and non-owned memory should not be freed

           Bug
        30. Closed resources should not be accessed

           Bug
        31. Dynamically allocated memory should be released

           Bug
        32. Freed memory should not be used

           Bug
        33. Memory locations should not be released more than once

           Bug
        34. Memory access should be explicitly bounded to prevent buffer overflows

           Bug
        35. Zero should not be a possible denominator

           Bug
        36. XML parsers should not be vulnerable to XXE attacks

           Vulnerability
        37. "nonnull" parameters and return values of "returns_nonnull" functions should not be null

           Bug
        38. Null pointers should not be dereferenced

           Bug
        39. Member variables should be initialized

           Bug
        40. Resources should be closed

           Bug
        41. Unused assignments should be removed

           Code Smell
        42. Appropriate memory de-allocation should be used

           Bug
        43. An object shall not be accessed outside of its lifetime

           Bug
        44. Reads and writes on the same file stream shall be separated by a positioning operation

           Bug
        45. The value of an object must not be read before it has been set

           Bug

        Changing directories improperly when using "chroot" is security-sensitive

        intentionality - logical
        security
        Security Hotspot
        • cwe
        • symbolic-execution

        The purpose of creating a jail, the "virtual root directory" created with chroot-type functions, is to limit access to the file system by isolating the process inside this jail. However, many chroot function implementations don’t modify the current working directory, thus the process has still access to unauthorized resources outside of the "jail".

        Ask Yourself Whether

        • The application changes the working directory before or after running chroot.
        • The application uses a path inside the jail directory as working directory.

        There is a risk if you answered no to any of those questions.

        Recommended Secure Coding Practices

        Change the current working directory to the root directory after switching to a jail directory.

        Sensitive Code Example

        The current directory is not changed with the chdir function before or after the creation of a jail with the chroot function:

        const char* root_dir = "/jail/";
        chroot(root_dir); // Sensitive: no chdir before or after chroot, and missing check of return value
        

        The chroot or chdir operations could fail and the process still have access to unauthorized resources. The return code should be checked:

        const char* root_dir = "/jail/";
        chroot(root_dir); // Sensitive: missing check of the return value
        const char* any_dir = "/any/";
        chdir(any_dir); // Sensitive: missing check of the return value
        

        Compliant Solution

        To correctly isolate the application into a jail, change the current directory with chdir before the chroot and check the return code of both functions:

        const char* root_dir = "/jail/";
        
        if (chdir(root_dir) == -1) {
          exit(-1);
        }
        
        if (chroot(root_dir) == -1) {  // compliant: the current dir is changed to the jail and the results of both functions are checked
          exit(-1);
        }
        

        See

        • OWASP - Top 10 2021 Category A5 - Security Misconfiguration
        • OWASP - Top 10 2017 Category A5 - Broken Access Control
        • CWE - CWE-243 - Creation of chroot Jail Without Changing Working Directory
        • man7.org - chdir
        • man7.org - chroot
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use