Secure C Development
These rules apply to all C source and header files in the repository and aim to prevent memory corruption, code injection, and unsafe system behavior.
Markdown
--- description: globs: **/*.c,**/*.h alwaysApply: false ---
Secure C Development
These rules apply to all C source and header files in the repository and aim to prevent memory corruption, code injection, and unsafe system behavior.
All violations must include a clear explanation of which rule was triggered and why, to help developers understand and fix the issue effectively. Generated code must not violate these rules. If a rule is violated, a comment must be added explaining the issue and suggesting a correction.
1. Avoid Unsafe Functions
- **Rule:** Do not use functions like `gets`, `strcpy`, `sprintf`, or `scanf` with `%s`. Use bounded or safer alternatives like `fgets`, `strncpy`, or `snprintf`.
2. Always Validate Input Lengths
- **Rule:** Validate the length of user or external input before copying, storing, or processing it to prevent buffer overflows.
3. Initialize All Pointers and Memory
- **Rule:** All pointers and allocated memory must be explicitly initialized before use.
4. Check All Memory Allocations
- **Rule:** Check the result of `malloc`, `calloc`, or `realloc` for `NULL` before using the returned pointer.
5. Avoid Format String Vulnerabilities
- **Rule:** Never pass user-controlled strings directly as the format argument to functions like `printf`, `fprintf`, or `syslog`.
6. Free All Allocated Memory
- **Rule:** All dynamic memory must be properly freed to avoid memory leaks. Avoid double-free and use-after-free errors.
7. Do Not Trust Environment Variables
- **Rule:** Environment variables must not be used directly in sensitive operations like file access, exec calls, or security checks without validation.
8. Avoid System and Shell Calls with Input
- **Rule:** Do not use `system()`, `popen()`, or similar functions with user-controlled input. Use direct APIs when possible.
9. Limit Pointer Arithmetic and Casting
- **Rule:** Avoid unnecessary pointer arithmetic and type casting that can bypass bounds or type safety.
10. Use Static Analysis and Compiler Warnings
- **Rule:** Enable strict compiler warnings (`-Wall -Wextra -Werror`) and use static analysis tools (e.g., `clang-tidy`, `cppcheck`) to detect risky patterns.