Regarding strlen and strcat function in c

Hi Team, First of all, thanks for the sonar cloud our company bought it is very useful for our team and the code smells , issues and security hotspots are very useful for us in fixing bugs.
we need guidelines from your end currently we are developing the project using ESPIDF using the c99 standard. in that security hotspots mention some issues regarding strlen and strcat.
*Make sure use of “strcat” is safe here.
*Make sure use of “strlen” is safe here.

The suggested method as you mention is strlen_s which is not c standard function and it is c11 standard but our espidf does not support c11 standard . can you give a solution to how fix this issues.
even though we tried strnlen string safer function stills shows issue . Any suggestion please help me out.


Welcome to the community!

The idea behind Security Hotspots is that they’re raised in context-sensitive situations when there might be a problem, but there might not; human intelligence is required. There’s no way to stop them being raised except to stop using the functions in question, and that’s not necessarily what’s expected here, especially since your program logic likely requires them.

So in this case, if the usages are as correct as they can be, then the expectation is simply that you mark them “Safe”.


Thanks for your reply.