🔥🔥 Don’t Miss Out on Our End of Autumn Sale. If you have any questions, feel free to click the bottom right corner to contact our customer service..

Concat us[email protected]
Shopping Cart

No products in the cart.

🔍
BSI PD ISO/IEC TR 24772-2:2020

BSI PD ISO/IEC TR 24772-2:2020

$198.66

Programming languages. Guidance to avoiding vulnerabilities in programming languages – Ada

Published By Publication Date Number of Pages
BSI 2020 60
PDF Format Searchable Printable Preview Now
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this document is applicable to the software developed, reviewed or maintained for any application.

Vulnerabilities described in this document present the way that the vulnerability described in ISO/IEC TR 24772-1 are manifested in Ada.

PDF Catalog

PDF Pages PDF Title
2 National foreword
9 Foreword
10 Introduction
11 1 Scope
2 Normative references
3 Terms and definitions
16 4 Language concepts
4.1 Enumeration type
4.2 Exception
4.3 Hiding
4.4 Implementation defined
4.5 Type conversions
17 4.6 Operational and Representation Attributes
4.7 User defined types
4.8 Pragma compiler directives
4.8.1 Pragma Atomic
4.8.2 Pragma Atomic_Components
4.8.3 Pragma Convention
4.8.4 Pragma Detect_Blocking
18 4.8.5 Pragma Discard_Names
4.8.6 Pragma Export
4.8.7 Pragma Import
4.8.8 Pragma Normalize_Scalars
4.8.9 Pragma Pack
4.8.10 Pragma Restrictions
4.8.11 Pragma Suppress
4.8.12 Pragma Unchecked_Union
4.8.13 Pragma Volatile
4.8.14 Pragma Volatile_Components
4.9 Separate compilation
19 4.10 Storage pool
4.11 Unsafe programming
5 General guidance for Ada
5.1 Ada language design
20 5.2 Top avoidance mechanisms
21 6 Specific guidance for Ada
6.1 General
6.2 Type system [IHN]
6.2.1 Applicability to language
6.2.2 Guidance to language users
6.3 Bit representation [STR]
6.3.1 Applicability to language
22 6.3.2 Guidance to language users
6.4 Floating-point arithmetic [PLF]
6.4.1 Applicability to language
6.4.2 Guidance to language users
23 6.5 Enumerator issues [CCB]
6.5.1 Applicability to language
6.5.2 Guidance to language users
6.6 Conversion errors [FLC]
6.6.1 Applicability to language
24 6.6.2 Guidance to language users
6.7 String termination [CJM]
6.8 Buffer boundary violation (buffer overflow) [HCB]
6.9 Unchecked array indexing [XYZ]
6.9.1 Applicability to language
6.9.2 Guidance to language users
6.10 Unchecked array copying [XYW]
25 6.11 Pointer type conversions [HFC]
6.11.1 Applicability to language
6.11.2 Guidance to language users
6.12 Pointer arithmetic [RVG]
6.13 Null pointer dereference [XYH]
6.13.1 Applicability to the language
6.13.2 Guidance to language users
6.14 Dangling reference to heap [XYK]
6.14.1 Applicability to language
26 6.14.2 Guidance to language users
6.15 Arithmetic wrap-around error [FIF]
6.16 Using shift operations for multiplication and division [PIK]
6.17 Choice of clear names [NAI]
6.17.1 Applicability to language
27 6.17.2 Guidance to language users
6.18 Dead store [WXQ]
6.18.1 Applicability to language
6.18.2 Guidance to language users
6.19 Unused variable [YZS]
6.19.1 Applicability to language
6.19.2 Guidance to language users
28 6.20 Identifier name reuse [YOW]
6.20.1 Applicability to language
6.20.2 Guidance to language users
6.21 Namespace issues [BJL]
6.22 Initialization of variables [LAV]
6.22.1 Applicability to language
29 6.22.2 Guidance to language users
6.23 Operator precedence/order of evaluation [JCW]
6.23.1 Applicability to language
6.23.2 Guidance to language users
30 6.24 Side-effects and order of evaluation [SAM]
6.24.1 Applicability to language
6.24.2 Guidance to language users
6.25 Likely incorrect expression [KOA]
6.25.1 Applicability to language
31 6.25.2 Guidance to language users
6.26 Dead and deactivated code [XYQ]
6.26.1 Applicability to language
6.26.2 Guidance to language users
6.27 Switch statements and static analysis [CLL]
6.27.1 Applicability to language
32 6.27.2 Guidance to language users
6.28 Demarcation of control flow [EOJ]
6.29 Loop control variables [TEX]
6.30 Off-by-one error [XZH]
6.30.1 Applicability to language
33 6.30.2 Guidance to language users
6.31 Unstructured programming [EWD]
6.31.1 Applicability to language
6.31.2 Guidance to language users
6.32 Passing parameters and return values [CSJ]
6.32.1 Applicability to language
6.32.2 Guidance to language users
6.33 Dangling references to stack frames [DCM]
6.33.1 Applicability to language
34 6.33.2 Guidance to language users
6.34 Subprogram signature mismatch [OTR]
6.34.1 Applicability to language
6.34.2 Guidance to language users
35 6.35 Recursion [GDL]
6.35.1 Applicability to language
6.35.2 Guidance to language users
6.36 Ignored error status and unhandled exceptions [OYB]
6.36.1 Applicability to language
6.36.2 Guidance to language users
36 6.37 Type-breaking reinterpretation of data [AMV]
6.37.1 Applicability to language
6.37.2 Guidance to language users
6.38 Deep vs. shallow copying [YAN]
6.38.1 Applicability to language
6.38.2 Guidance to language users
37 6.39 Memory leak and heap fragmentation [XYL]
6.39.1 Applicability to language
6.39.2 Guidance to language users
6.40 Templates and generics [SYM]
6.41 Inheritance [RIP]
6.41.1 Applicability to language
38 6.41.2 Guidance to language users
6.42 Violations of the Liskov substitution principle or the contract model [BLP]
6.42.1 Applicability to language
6.42.2 Guidance to language users
6.43 Redispatching [PPH]
6.43.1 Applicability to language
39 6.43.2 Guidance to language users
6.44 Polymorphic variables [BKK]
6.44.1 Applicability to language
6.44.2 Guidance to language users
6.45 Extra intrinsics [LRM]
6.46 Argument passing to library functions [TRJ
6.46.1 Applicability to language
40 6.46.2 Guidance to language users
6.47 Inter-language calling [DJS]
6.47.1 Applicability to language
6.47.2 Guidance to language users
6.48 Dynamically-linked code and self-modifying code [NYY]
6.49 Library signature [NSQ]
6.49.1 Applicability to language
41 6.49.2 Guidance to language users
6.50 Unanticipated exceptions from library routines [HJW]
6.50.1 Applicability to language
6.50.2 Guidance to language users
6.51 Pre-processor directives [NMP]
6.52 Suppression of language-defined run-time checking [MXB]
6.52.1 Applicability to Language
42 6.52.2 Guidance to language users
6.53 Provision of inherently unsafe operations [SKL]
6.53.1 Applicability to Language
6.53.2 Guidance to language users
6.54 Obscure language features [BRS]
6.54.1 Applicability to language
6.54.2 Guidance to language users
6.55 Unspecified behaviour [BQF]
6.55.1 Applicability to language
43 6.55.2 Guidance to language users
6.56 Undefined behaviour [EWF]
6.56.1 Applicability to language
44 6.56.2 Guidance to language users
6.57 Implementation-defined behaviour [FAB]
6.57.1 Applicability to language
45 6.57.2 Guidance to language users
6.58 Deprecated language features [MEM]
6.58.1 Applicability to language
6.58.2 Guidance to language users
6.59 Concurrency — Activation [CGA]
6.59.1 Applicability to language
6.59.2 Guidance to language users
46 6.60 Concurrency — Directed termination [CGT]
6.60.1 Applicability to language
6.60.2 Guidance to language users
6.61 Concurrent data access [CGX]
6.61.1 Applicability to language
6.61.2 Guidance to language users
6.62 Concurrency — Premature termination [CGS]
6.62.1 Applicability to language
6.62.2 Guidance to language users
47 6.63 Protocol lock errors [CGM]
6.63.1 Applicability to language
6.63.2 Guidance to language users
6.64 Reliance on external format strings [SHL]
7 Language-specific vulnerabilities for Ada
48 8 Implications for standardization
49 Bibliography
50 Index

Related products

BSI PD ISO/IEC TR 24772-2:2020
$198.66