Lack of "Injection" Rules (OWASP Top 10) for C and C++ in Sonarcloud

I was looking at the rules (Sonarcloud) in C++ and C languages and realized that neither of these language have any kind of “Injection” rules available (OWASP top 10 - category) where as languages like C# and PHP have some Injection rules available.

Can someone please help me know where how we can enable these rules for C & C++ as well (as majority of our code is in C++ and C)

Hi @muqsitbaig,

You can find the coverage of OWASP top 10 for C in C++ using the OWASP tag. For example

Injection flows are very popular in Languages used for web development like PHP. Hence the exhaustive and explicit coverage.

They are existing but are less common and take a different shape, like buffer overflow using tainted access, in languages like C and C++. That is why we don’t currently dedicate a section for them.
We might do that once our coverage is more comprehensive.


1 Like

Thanks for your reply Abbas!

How long ahead in your roadmap before we start seeing Injection Rules in languages like C / C++ ?


@muqsitbaig, We currently don’t have an ETA.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.