C/C++ Secure Coding
Secure coding practices for C/C++ applications.
Buffer Overflow Prevention
1// β Vulnerable
2char buffer[100];
3gets(buffer); // Never use!
4sprintf(buffer, "%s", user_input);
5
6// β
Secure
7char buffer[100];
8fgets(buffer, sizeof(buffer), stdin);
9snprintf(buffer, sizeof(buffer), "%s", user_input);
Integer Overflow
1// β Vulnerable
2size_t size = user_size;
3char* buffer = malloc(size);
4
5// β
Secure
6size_t size = user_size;
7if (size > MAX_ALLOWED_SIZE || size == 0) {
8 return ERROR;
9}
10char* buffer = malloc(size);
11if (!buffer) {
12 return ERROR;
13}
Format String Vulnerability
1// β Vulnerable
2printf(user_input); // Dangerous!
3
4// β
Secure
5printf("%s", user_input);
SQL Injection (C++)
1// β Vulnerable
2std::string query = "SELECT * FROM users WHERE username = '" + username + "'";
3mysql_query(conn, query.c_str());
4
5// β
Secure: Prepared statements
6MYSQL_STMT* stmt = mysql_stmt_init(conn);
7const char* query = "SELECT * FROM users WHERE username = ?";
8mysql_stmt_prepare(stmt, query, strlen(query));
9mysql_stmt_bind_param(stmt, bind);
Command Injection
1// β Vulnerable
2char cmd[256];
3sprintf(cmd, "cat %s", filename);
4system(cmd);
5
6// β
Secure
7if (!is_valid_filename(filename)) {
8 return ERROR;
9}
10char* args[] = {"cat", filename, NULL};
11execvp(args[0], args);
Use After Free Prevention
1// β Vulnerable
2delete ptr;
3// ... later ...
4ptr->method(); // Use after free
5
6// β
Secure: Smart pointers
7auto ptr = std::make_unique<Object>();
8// Can't use after scope ends
Related Snippets
- C/C++ Code Smells
Common code smells in C/C++ and how to fix them. Memory Leaks 1// β Bad 2void β¦ - C/C++ Vulnerability Checks
Tools for checking vulnerabilities in C/C++ code. Valgrind 1# Install 2sudo apt β¦ - Common Antipatterns
Common software antipatterns to avoid across all languages and architectures. β¦ - Common Code Smells
Common code smells to watch for during code reviews with examples and fixes. β¦ - Developer Pre-Submission Checklist
Comprehensive checklist for developers before submitting a pull request. Code β¦ - Go Code Smells
Common code smells in Go and how to fix them. Ignoring Errors 1// β Bad 2result, β¦ - Go Secure Coding
Secure coding practices for Go applications. SQL Injection Prevention 1// β β¦ - Go Vulnerability Checks
Tools for checking vulnerabilities in Go code. Govulncheck 1# Install 2go β¦ - Haskell Code Smells
Common code smells in Haskell and how to fix them. Partial Functions 1-- β Bad: β¦ - Haskell Secure Coding
Secure coding practices for Haskell applications. SQL Injection Prevention 1-- β β¦ - Haskell Vulnerability Checks
Tools for checking vulnerabilities in Haskell code. Cabal Outdated 1# Check β¦ - Python Code Smells
Common code smells in Python and how to fix them. Mutable Default Arguments 1# β β¦ - Python Secure Coding
Secure coding practices for Python applications. SQL Injection Prevention 1# β β¦ - Python Vulnerability Checks
Tools for checking vulnerabilities in Python code. Safety - Dependency Scanner β¦ - Reviewer Checklist
Comprehensive checklist for code reviewers to ensure thorough and constructive β¦ - Rust Code Smells
Common code smells in Rust and how to fix them. Unwrap/Expect Abuse 1// β Bad β¦ - Rust Secure Coding
Secure coding practices for Rust applications. SQL Injection Prevention 1// β β¦ - Rust Vulnerability Checks
Tools for checking vulnerabilities in Rust code. Cargo Audit 1# Install 2cargo β¦ - TypeScript Code Smells
Common code smells in TypeScript and how to fix them. Using any 1// β Bad β¦ - TypeScript Secure Coding
Secure coding practices for TypeScript applications. XSS Prevention 1// β β¦ - TypeScript Vulnerability Checks
Tools for checking vulnerabilities in TypeScript/JavaScript code. npm audit 1# β¦