AWS CloudFormation Linter

Risky cast after possibly misaligned pointer offsetCXX-S1014 Unnecessary copy of non-trivially copyable typeCXX-P2005 Found `posix_*` or `pthread_*` return value tested to be negativeCXX-W2013 Possible loss of precision due to iterator element type-casting in `std::accumulate`CXX-W2005 Missing or incorrect invocation of base class copy constructorCXX-W2003 Unintended implicit conversion of a boolean pointer in a conditionCXX-W2002 Incorrect usage of erase-remove patternCXX-W2007 Unbound checked function calls lacking external bounds checkingCXX-S1003 Use of inefficient generic algorithm over efficient container based onesCXX-P2000 While processing the buffer using `printf`/`scanf`, not using any width for the format specifier `%s` is vulnerable to buffer overflowCXX-S1004 Potential heap memory use after freeCXX-S1012 Suspicious `sizeof()` in `strncpy`, `strncat`, or `memcpy`CXX-S1016 Modify namespace `std` or `posix` is an undefined behaviorCXX-W2017 Audit required: found possible occurrence of secret in sourceCXX-A1004 Empty exception handler blockCXX-S1021 `std::bad_alloc` exception not caught during memory allocationCXX-W2020 Audit required: found a non-const global variableCXX-W2009 Avoid using `setjmp()` and `longjmp()` for exception handlingCXX-W2015 Found copy-on-return when move-on-return is fasterCXX-P2006 Inefficient use of `std::vector` in loopCXX-P2007 Potential buffer overrunCXX-S1005 Identifier names are typographically ambiguousCXX-W1022 Found shadowing of identifiers from outer scopeCXX-W1023 Implicit type promotion of `float` to `double` in a math functionCXX-P2001 Inefficient character look-up in `std::string`CXX-P2003 Found value copy of non-trivially copyable parameterCXX-P2009 Found a call to ancestor's virtual method instead of direct parent's methodCXX-W2008 Unnecessary expensive copy of loop-based variableCXX-P2004 Potential divide by zeroCXX-W1264 Side-effects in the right-hand operand of logical operators (`&&`, and `||`)CXX-W1066 Audit required: untrusted format stringCXX-A1002 Assignment in condition should be parenthesizedCXX-W1161 Found incomplete function parameters in declarationCXX-W3032 Found use of possibly reserved identifierCXX-E2000 Possibly unintended type used in `shared_ptr`CXX-E2001 Possibly bad use of `cnd_wait`, `cnd_timedwait`, `wait`, `wait_for`, or `wait_until` function callsCXX-E2002 Use of `memset` with possibly unintended behaviourCXX-W2048 Use of `realloc` without aliasing can lead to memory leaksCXX-W2049 Incorrect use of `strcmp`CXX-W2050 Function call might produce in a non-null terminated resultsCXX-W2046 Bad signal used to terminate a threadCXX-W2042 Possibly unintended overload for constructor due to forwarding referenceCXX-W2044 MISRA Required: Size of an array is not specifiedCXX-W3041 Use of temporary RAII objectCXX-W2051 MISRA Required: A non-null statement should either have a side effect or change control flowCXX-W3006 Function should not contain unused 'goto' labelsCXX-W3010 MISRA Required: A null statement in original source code should be on a separate line and the semicolon should be followed by at least one white space and then a commentCXX-W3012 Implicit widening of multiplication result can cause unintended overflowCXX-W2045 MISRA Required: Line-splicing should not be used in single line commentsCXX-W3013 MISRA Required: Octal constants should not be usedCXX-W3027 Consider using the "u" or "U" suffix for unsigned integer constantsCXX-W3028 Avoid using the lowercase `l` character as a literal suffixCXX-W3029 String literals should only be assigned to `const`-qualified `char` pointersCXX-W3030 MISRA Required: Implicitly specified enumeration constants should be uniqueCXX-W3042 MISRA Required: Variables with automatic storage duration should be initialized before being usedCXX-W3045 MISRA Required: Arrays should not be partially initializedCXX-W3047 MISRA Required: Conversions shall not be performed between a pointer to an incomplete type and any other typeCXX-W3059 MISRA Required: The 'goto' statement should not be usedCXX-W3081 MISRA Required: The 'goto' statement shouldn't jump to a label declared earlierCXX-W3082 MISRA Required: The 'if' ... 'else if' construct should be terminated with an 'else' statementCXX-W3087 MISRA Required: Expression resulting from the macro expansion should be surrounded by parenthesesCXX-W3119 MISRA Required: The functions from 'qsort/bsearch' should not be usedCXX-W3121 MISRA Required: The functions from 'time.h/ctime' should not be usedCXX-W3122 MISRA Required: Memory allocation and deallocation functions should not be usedCXX-W3129 MISRA Required: The function with the 'atof/atoi/atol/atoll' name should not be usedCXX-W3133 MISRA Required: A global variable is not initializedCXX-W3046 MISRA Required: The comma operator should not be usedCXX-W3069 MISRA Required: A function should have a single point of exit at the endCXX-W3085 MISRA Required: The 'default' label should be either the first or the last label of a 'switch' statementCXX-W3092 Possibly unintended use of `::empty` over `::clear` in std containersCXX-W2043 Avoid `rand()` and `std::rand()` for generating pseudorandom numbersCXX-W2016 Using C standard libarary functions `std::memset`, `std::memcmp` or `std::memcpy` on non-trival C++ typesCXX-W2021 Ignoring return value from a standard library function that may return an errorCXX-W2022 Missing error handling while converting a string to a number, using C stdlib functionsCXX-W2023 MISRA Required: The function with the 'abort/exit/getenv/system' name should not be usedCXX-W3134 Audit required: calling command processor based `system()` is exploitableCXX-A1001 Mutating the source object during copy operationCXX-W2035 MISRA Required: Pointer to FILE should not be dereferencedCXX-W3152 Found using default opertor `new` for over-aligned typesCXX-W2018 Misuse of enum as an improper bitmaskCXX-W2056 Found visually ambigious integer literal constantCXX-C2018 Use of `nullptr` with string_viewCXX-W2053 Use of `sizeof` operator with stl containersCXX-W2054 Potentially incorrect `memcmp` over objectsCXX-W2057 Buggy or lossy integer to string assignmentCXX-W2060 String literals with embedded null char as non-terminatorCXX-W2061 Found C-style array declaration in place of `std::array` or `std::vector`CXX-W2066 Possibly misspelled virtual functionCXX-W2052 Unused exception likely missing `throw`CXX-W2059 Macro with multiple statements can end up in unconditional executionCXX-W2063 Found an implicit conversion across boolean and other primitive typeCXX-W2065 Use of `sizeof` operator with dynamic expressionsCXX-W2055 Missing unconditional break statement in switch clauseCXX-C1001 Missing default case in switch statementCXX-W1164 Special symbols like `*`, `"`, `'`, `\` and `/*` found in header namesCXX-W1207 Control variable of `for` loop modified in bodyCXX-W1241 Dangling references in value handles `std::string_view`CXX-W2004 Calling `std::move` on a trvially copyable parameterCXX-P2010 Pointer returned from a function is dereferenced on LHS of an assignementCXX-W1230 Iteration expression is outside of `for` loopCXX-W1240 Found throwing or partially-throwing move or move-assignment constructorCXX-P2008 Move constructor is calling the copy constructor of base classCXX-P2011 Switch statement with a single-clauseCXX-W1197 Implicit deletion of copy and move assignment constructors due to non-static const data memberCXX-W2010 Side effect in array indexCXX-W1247 Loop body is not enclosed in `{}`CXX-W1243 Use of `sizeof` with an expression as operandCXX-W1188 Found use of escape character instead of raw-string literalsCXX-W2025 Unhandled self-assignment from user-defined copy constructorCXX-E2003 Found usage of `std::auto_ptr` instead of `std::unique_ptr`CXX-W2026 Using copy-swap trick instead of `shrink_to_fit()` on `std::vector`CXX-W2027 Found use of deprecated C++ headersCXX-W2030 Found use of deprecated `ios_base` aliasesCXX-W2031 Found use of deprecated `std::random_shuffle` typeCXX-W2032 Found redundant use of constructor on return, instead use the braced initializer listCXX-W2033 Found use numeric type as booleanCXX-W2034 Incorrect access to the enclosing function name within a lambda expressionCXX-W2040 Found redundant cloned branchesCXX-W2041 Possibly missing commaCXX-W2047 Audit required: improper seeding of pseudorandom number generatorCXX-A1000 Found `typedef` instead of `using`CXX-W2029 Audit required: suspicious placement of semicolon hinting difference in code behaviour and programmer's intentCXX-A1003 Type is never usedCXX-W3007 MISRA Advisory: Only ISO C escape sequences are allowedCXX-W3014 Avoid array-to-pointer decayCXX-C1000 Using a copied object of FILE type might not have intended consequencesCXX-C1002 Use of variadic function in C++CXX-W2014 Avoid using floating point value as a loop counterCXX-W2024 Found `push_*` with move over `emplace`CXX-W2028 Missing pair of overridden memory management operator `new` and `delete`CXX-W2036 Definition in header file could result in ODR violationCXX-W2037 Using storage specifier `static` inside an anonymous namespace is redundantCXX-C2021 Found the use of static member variable through class instance rather then class nameCXX-C2022 Multiple declarations in single statementCXX-C2013 Boolean expression can be simplifiedCXX-C2015 Using `std::string::compare` over equality operatorsCXX-C2017 Found unnecessary member initializationCXX-C2026 Found usage of `std::bind` in place of lambda expressionCXX-W2064 Misplaced array index in subscript/indexing expressionCXX-C2019 Found a non-const pointer type parameter which is never modifiedCXX-C2014 Misleading indentationCXX-C2011 Redundant access specifiersCXX-C2012 Indirect subscript for STL containersCXX-C2016 Initializing `std:string` or `std::string_view` is redundantCXX-C2023 Found unnecessary conversion from `std::string` to C-style stringCXX-C2024 Function with cyclomatic complexity higher than thresholdCXX-R1000 Unqualified `auto` definition for pointer typeCXX-W2038 Potentially swap argument orderCXX-W2058 `std::move` of forwarding references possibly unintendedCXX-W2062 Found access to `std::unique_ptr`'s raw pointer while deleting the pointerCXX-C2020 Found redundant access to raw pointer while using a smart pointerCXX-C2025

CXX-W2050

Incorrect use of `strcmp`CXX-W2050

Major

Bug Risk

Suspicious usage of runtime string comparison functions can lead to unintended behavior and bugs in C and C++ code. This check detects calls to string comparison functions, such as strcmp, where the result is implicitly compared to zero. It is recommended to explicitly compare the result to a valid constant value, such as < 0, > 0, or == 0, to ensure the desired behavior.

A common mistake is to compare the result to 1 or -1, which is incorrect usage of the returned value. Instead, the result should be compared to 0 for equality.

Additionally, this check warns if the result value is implicitly cast to a non-integer type. This can occur when the returned value is used in an incorrect context. It is important to ensure that the result is used in a context that matches its type.

Bad Practice

if (strcmp(...) == -1) {
    // Incorrect usage of the returned value.
}

if (strcmp(...) < 0.) {
    // Incorrect usage of the returned value.
}

Recommended

// if not zero then not equal
if (strcmp(...) != 0) {
    // Correctly compares the result to a valid constant.
}

// strcmp returns int promoting to float is meaningless
if (strcmp(...) < 0) {
    // Correctly compares the result to a valid constant.
}

References

strcmp