CERT-C ENV33-C reports exception as violation

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

CERT-C ENV33-C reports exception as violation

Forum: Development

Creator: Mathias Schmid

Created: 2019-11-24

Updated: 2019-11-24

Mathias Schmid - 2019-11-24

ENV33-C defines an exception to call system() using a null pointer to check presence of command processor. The current implementation in cert.py does a strict check and reports system(NULL) and system(0) as violation.
CERT-C states that exceptions are informative only and are not required to be followed.
Is it intended to check rules this strict way and ignore exceptions ?
If exceptions should be treated as compliant this might be done by adding two simpleMatch checks

def env33(data): for token in data.tokenlist: if isFunctionCall(token, ('system',), 1): if not simpleMatch(token, "system ( NULL )") and not simpleMatch(token, "system ( 0 )"): reportError(token, 'style', 'Do not call system()', 'ENV33-C')
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Georgiy Komarov - 2019-11-24

Thanks, really, there's a footnote in the standard:

ENV33-C-EX1: It is permissible to call system() with a null pointer argument to determine the presence of a command processor for the system.

I added this in this PR.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.