Sorry to bother you again, I am doing the comparison between SonarQub and other static analysis tools, and now i want to know whether SonaQub has the similar rules to scan these issues?
- res = WideCharToMultiByte(CP_ACP, 0, src, -1, 0, 3, 0, 0); //buffer overflow
- wchar_t *foo = L"abc"; BSTR bar = (BSTR)foo; //it’s best not to use BSTR in new designs.
- does this rule “Insecure functions should not be used” only check
- When an application loads an external library, it’s important for the code to use a fully qualified path.
I don’t know how to reply for this topic in web site, so I edit the post. Our codes are legacy code, so there are many out of C++ standard code in our project, but there are not secure and need to be addressed, so I want to figure out that part. As you said, we can specify our own rules, that’s great, how to do that?