Secure Coding Practices in C++

These secure coding practices were picked from the list maintained by Carnegie Mellon University Software Engineering Institute:
  1. DCL52-CPP: Never qualify a reference type with const or volatile
  2. DCL57-CPP: Do not let exceptions escape from destructors or deallocation functions
  3. DCL58-CPP. Do not modify the standard namespaces
  4. DCL59-CPP. Do not define an unnamed namespace in a header file

  5. DCL60-CPP. Obey the one-definition rule
  6. DCL30-C. Declare objects with appropriate storage durations
  7. DCL40-C. Do not create incompatible declarations of the same function or object

  8. EXP50-CPP. Do not depend on the order of evaluation for side effects
  9. EXP51-CPP. Do not delete an array through a pointer of the incorrect type
  10. EXP52-CPP. Do not rely on side effects in unevaluated operands
  11. EXP53-CPP. Do not read uninitialized memory
  12. EXP54-CPP. Do not access an object outside of its lifetime
  13. EXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type
  14. EXP57-CPP. Do not cast or delete pointers to incomplete classes
  15. EXP61-CPP. A lambda object must not outlive any of its reference captured objects
  16. EXP62-CPP. Do not access the bits of an object representation that are not part of the object's value representation

  17. EXP34-C. Do not dereference null pointers
  18. EXP35-C. Do not modify objects with temporary lifetime
  19. EXP39-C. Do not access a variable through a pointer of an incompatible type
  20. EXP42-C. Do not compare padding data
  21. EXP45-C. Do not perform assignments in selection statements

  22. INT50-CPP. Do not cast to an out-of-range enumeration value
  23. INT30-C. Ensure that unsigned integer operations do not wrap
  24. INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
  25. INT32-C. Ensure that operations on signed integers do not result in overflow
  26. INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors
  27. INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand

  28. CTR50-CPP. Guarantee that container indices and iterators are within the valid range Skipped rest

  29. ARR30-C. Do not form or use out-of-bounds pointers or array subscripts

  30. STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
  31. STR51-CPP. Do not attempt to create a std::string from a null pointer
  32. STR52-CPP. Use valid references, pointers, and iterators to reference elements of a basic_string - simplify without begin and end
  33. STR53-CPP. Range check element access
  34. STR30-C. Do not attempt to modify string literals
  35. STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

  36. MEM50-CPP. Do not access freed memory
  37. MEM51-CPP. Properly deallocate dynamically allocated resources
  38. MEM52-CPP. Detect and handle memory allocation errors
  39. MEM53-CPP. Explicitly construct and destruct objects when manually managing object lifetime
  40. MEM31-C. Free dynamically allocated memory when no longer needed
  41. MEM34-C. Only free memory allocated dynamically

  42. FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call
  43. FIO51-CPP. Close files when they are no longer needed
  44. FIO40-C. Reset strings on fgets() or fgetws() failure
  45. FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
  46. FIO42-C. Close files when they are no longer needed

  47. ERR51-CPP. Handle all exceptions
  48. ERR53-CPP. Do not reference base classes or class data members in a constructor or destructor function-try-block handler
  49. ERR54-CPP. Catch handlers should order their parameter types from most derived to least derived
  50. ERR55-CPP. Honor exception specifications
  51. ERR57-CPP. Do not leak resources when handling exceptions
  52. ERR58-CPP. Handle all exceptions thrown before main() begins executing
  53. ERR60-CPP. Exception objects must be nothrow copy constructible
  54. ERR61-CPP. Catch exceptions by lvalue reference
  55. ERR62-CPP. Detect errors when converting a string to a number
  56. ERR30-C. Set errno to zero before calling a library function known to set errno, and check errno only after the function returns a value indicating failure

  57. OOP50-CPP. Do not invoke virtual functions from constructors or destructors\\
  58. OOP51-CPP. Do not slice derived objects
  59. OOP52-CPP. Do not delete a polymorphic object without a virtual destructor
  60. OOP53-CPP. Write constructor member initializers in the canonical order
  61. OOP54-CPP. Gracefully handle self-copy assignment
  62. OOP55-CPP. Do not use pointer-to-member operators to access nonexistent members
  63. OOP58-CPP. Copy operations must not mutate the source object

  64. MSC51-CPP. Ensure your random number generator is properly seeded
  65. MSC52-CPP. Value-returning functions must return a value from all exit paths
  66. MSC37-C. Ensure that control never reaches the end of a non-void function
  67. FLP30-C. Do not use floating-point variables as loop counters
  68. ENV30-C. Do not modify the object referenced by the return value of certain functions
  69. ENV32-C. All exit handlers must return normally
  70. PRE31-C. Avoid side effects in arguments to unsafe macros