misra : Standard C++

Home » Blog » Tags » misra

« Prev Next »

misra

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

By Andrey Karpov | Mar 12, 2021 01:06 AM | Tags: static analyzer sei cert security sast safety pvs-studio owasp top 10 owasp misra c++ misra devsecops code quality autosar c++14 autosar

At the moment, PVS-Studio is developing not only as a static analyzer searching for code quality defects (quality control solution) but also as a solution for searching for security and safety defects.

PVS-Studio 7.12 New Features for Finding Safety and Security Threats

by Nikolay Mironov, Paul Eremeev

From the article:

Well, to waste no time, let's point out the additions right away. So, here is what's new, safe, and cool in PVS-Studio:

New diagnostic groups OWASP ASVS and The AUTOSAR C++14 Coding Guidelines have been added to the analyzer. Previously, the compliance of PVS-Studio diagnostic rules with these standards was available only on our website. Now we have more than 50 new diagnostic rules!

Now the analyzer shows information about the compliance of the warnings with the SEI CERT Coding Standard. This information formerly was available only on the PVS-Studio website.

The interface of our plugins for Visual Studio, JetBrains Rider, and IntelliJ IDEA has been improved to ease the work with analyzer messages that have safety and security standards identifiers.

New diagnostic groups (OWASP, AUTOSAR) in PlogConverter are supported.

New diagnostics (OWASP, AUTOSAR) are supported in SonarQube at the tag level. We classified our diagnostic rules by OWASP Top 10.

PVS-Studio 7.04

By Andrey Karpov | Sep 4, 2019 09:40 AM | Tags: warningsng virallicense unreal engine sonarqube pvsstudio misra jenkins devops

PVS-Studio is a tool designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, C#, Java. It works in Windows, Linux, and macOS environment.

PVS-Studio 7.04

by Svyatoslav Razmyslov

From the article:

When working on a task developers take code from so many various places. A popular source of Copy-Paste code is the Stackoverflow website and similar ones. There are cases when a developer takes the code from an open source project and doesn't check license requirements. Thus, a closed source project may accidentally get a few files from an open source project with a Copyleft license, which obliges to make the entire project code open source. In companies with a large number of employees, it's difficult to keep track of this, whereas such actions might cause adverse risks and problems. So, PVS-Studio now has a diagnostic, which will help to find such files. It relates to all supported languages (C, C++, C#, Java). The diagnostic is looking for the following "virus" licenses: AGPL-3.0, GPL-2.0, GPL-3.0, LGPL-3.0.

PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

By Andrey Karpov | Dec 10, 2018 05:25 AM | Tags: pvs-studio misra c++ misra c misra devtools devsecops devops

Starting with the version 6.27, the PVS-Studio static code analyzer can classify its warnings according to MISRA C and MISRA C++ standards. Due to support of these standards it has become possible to effectively use the analyzer to increase the level of security, portability and reliability of programs for embedded systems.

PVS-Studio: Support of MISRA C and MISRA C++ Coding Standards

by Andrey Karpov

From the article:

Such diagnosis can't be applied to already existing projects developed for Windows, Linux or macOS operating systems. For example, only one rule about curly brackets described above gives 1947 warnings of the V2507 diagnostic (MISRA C 15.6, MISRA C++ 6-4-1) for a WinMerge project. Still WinMerge is a small project! In total, only 250 000 lines of code in C and C# languages.