C and C++: a couple of new security rules to write safer code

Hello C and C++ developers,

We added 7 additional Security Hotspots to our C and C++ engines:

  • S4790: Using weak hashing algorithms is security-sensitive
  • S1313: Using hardcoded IP addresses is security-sensitive
  • S2068: Hard-coded credentials are security-sensitive
  • S2245: Using pseudorandom number generators (PRNGs) is security-sensitive
  • S5443: Using publicly writable directories is security-sensitive
  • S5042: Expanding archive files without controlling resource consumption is security sensitive
  • S5824: Using “tmpnam”, “tmpnam_s” or “tmpnam_r” is security-sensitive

Results of these rules are visible in the Security Hotspots page, waiting for you to perform a review:

These rules are available on SonarCloud and will be included in SonarQube 8.7 Developer Edition.
Should you have any feedback about these new rules, don’t hesitate to share it here.