ISO/IEC TR 24772-1:2019
(Main)Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance
Programming languages — Guidance to avoiding vulnerabilities in programming languages — Part 1: Language-independent guidance
This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series. It is applicable to the software developed, reviewed, or maintained for any application. This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated. Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.
Langages de programmation — Conduite pour éviter les vulnérabilités dans les langages de programmation — Partie 1: Conduite indépendante du langage
General Information
Relations
Standards Content (Sample)
TECHNICAL ISO/IEC TR
REPORT 24772-1
First edition
2019-12
Programming languages — Guidance
to avoiding vulnerabilities in
programming languages —
Part 1:
Language-independent guidance
Langages de programmation — Conduite pour éviter les
vulnérabilités dans les langages de programmation —
Partie 1: Conduite indépendante du langage
Reference number
ISO/IEC TR 24772-1:2019(E)
©
ISO/IEC 2019
---------------------- Page: 1 ----------------------
ISO/IEC TR 24772-1:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 24772-1:2019(E)
Contents Page
Foreword . xv
Introduction .xvi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
3.1 Terms related to communication . 1
3.2 Terms related to execution model . 2
3.3 Properties . 4
3.4 Safety . 4
3.5 Vulnerabilities . 4
4 Applying this document . 5
5 Vulnerability issues and general avoidance mechanisms . 7
5.1 Predictable execution . 7
5.2 Sources of unpredictability in language specification . 8
5.2.1 Incomplete or evolving specification . 8
5.2.2 Undefined behaviour . 8
5.2.3 Unspecified behaviour . 8
5.2.4 Implementation-defined behaviour . 8
5.2.5 Difficult features . 8
5.2.6 Inadequate language support . 8
5.3 Sources of unpredictability in language usage . 9
5.3.1 Porting and interoperation . 9
5.3.2 Compiler selection and usage . 9
5.4 Top avoidance mechanisms . 9
6 Programming language vulnerabilities .11
6.1 General .11
6.2 Type system [IHN] .11
6.2.1 Description of application vulnerability.11
6.2.2 Cross reference .11
6.2.3 Mechanism of failure .11
6.2.4 Applicable language characteristics .13
6.2.5 Avoiding the vulnerability or mitigating its effects .13
6.2.6 Implications for language design and evolution .14
6.3 Bit representations [STR] .14
6.3.1 Description of application vulnerability.14
6.3.2 Cross reference .14
6.3.3 Mechanism of failure .14
6.3.4 Applicable language characteristics .15
6.3.5 Avoiding the vulnerability or mitigating its effects .15
6.3.6 Implications for language design and evolution .15
6.4 Floating-point arithmetic [PLF] .15
6.4.1 Description of application vulnerability.15
6.4.2 Cross reference .16
6.4.3 Mechanism of failure .16
6.4.4 Applicable language characteristics .17
6.4.5 Avoiding the vulnerability or mitigating its effects .17
6.4.6 Implications for language design and evolution .17
6.5 Enumerator issues [CCB] .18
6.5.1 Description of application vulnerability.18
6.5.2 Cross reference .18
6.5.3 Mechanism of failure .18
6.5.4 Applicable language characteristics .19
© ISO/IEC 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 24772-1:2019(E)
6.5.5 Avoiding the vulnerability or mitigating its effects .19
6.5.6 Implications for language design and evolution .19
6.6 Conversion errors [FLC] .19
6.6.1 Description of application vulnerability.19
6.6.2 Cross reference .20
6.6.3 Mechanism of failure .20
6.6.4 Applicable language characteristics .20
6.6.5 Avoiding the vulnerability or mitigating its effects .21
6.6.6 Implications for language design and evolution .21
6.7 String termination [CJM] .21
6.7.1 Description of application vulnerability.21
6.7.2 Cross reference .21
6.7.3 Mechanism of failure .22
6.7.4 Applicable language characteristics .22
6.7.5 Avoiding the vulnerability or mitigating its effects .22
6.7.6 Implications for language design and evolution .22
6.8 Buffer boundary violation (buffer overflow) [HCB] .22
6.8.1 Description of application vulnerability.22
6.8.2 Cross reference .22
6.8.3 Mechanism of failure .23
6.8.4 Applicable language characteristics .23
6.8.5 Avoiding the vulnerability or mitigating its effects .24
6.8.6 Implications for language design and evolution .24
6.9 Unchecked array indexing [XYZ] .24
6.9.1 Description of application vulnerability.24
6.9.2 Cross reference .25
6.9.3 Mechanism of failure .25
6.9.4 Applicable language characteristics .25
6.9.5 Avoiding the vulnerability or mitigating its effects .26
6.9.6 Implications for language designers .26
6.10 Unchecked array copying [XYW] .26
6.10.1 Description of application vulnerability.26
6.10.2 Cross reference .26
6.10.3 Mechanism of failure .26
6.10.4 Applicable language characteristics .27
6.10.5 Avoiding the vulnerability or mitigating its effects .27
6.10.6 Implications for language design and evolution .27
6.11 Pointer type conversions [HFC] .27
6.11.1 Description of application vulnerability.27
6.11.2 Cross reference .28
6.11.3 Mechanism of failure .28
6.11.4 Applicable language characteristics .28
6.11.5 Avoiding the vulnerability or mitigating its effects .28
6.11.6 Implications for language design and evolution .29
6.12 Pointer arithmetic [RVG] .29
6.12.1 Description of application vulnerability.29
6.12.2 Cross reference .29
6.12.3 Mechanism of failure .29
6.12.4 Applicable language characteristics .29
6.12.5 Avoiding the vulnerability or mitigating its effects .29
6.12.6 Implications for language design and evolution .29
6.13 Null pointer dereference [XYH] .29
6.13.1 Description of application vulnerability.29
6.13.2 Cross reference .30
6.13.3 Mechanism of failure .30
6.13.4 Applicable language characteristics .30
6.13.5 Avoiding the vulnerability or mitigating its effects .30
6.13.6 Implications for language design and evolution .30
iv © ISO/IEC 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 24772-1:2019(E)
6.14 Dangling reference to heap [XYK] .30
6.14.1 Description of application vulnerability.30
6.14.2 Cross reference .31
6.14.3 Mechanism of failure .31
6.14.4 Applicable language characteristics .31
6.14.5 Avoiding the vulnerability or mitigating its effects .32
6.14.6 Implications for language design and evolution .32
6.15 Arithmetic wrap-around error [FIF] .32
6.15.1 Description of application vulnerability.32
6.15.2 Cross reference .32
6.15.3 Mechanism of failure .33
6.15.4 Applicable language characteristics .33
6.15.5 Avoiding the vulnerability or mitigating its effects .33
6.15.6 Implications for language design and evolution .33
6.16 Using shift operations for multiplication and division [PIK] .34
6.16.1 Description of application vulnerability.34
6.16.2 Cross reference .34
6.16.3 Mechanism of failure .34
6.16.4 Applicable language characteristics .34
6.16.5 Avoiding the vulnerability or mitigating its effects .34
6.16.6 Implications for language design and evolution .34
6.17 Choice of clear names [NAI].35
6.17.1 Description of application vulnerability.35
6.17.2 Cross reference .35
6.17.3 Mechanism of Failure .35
6.17.4 Applicable language characteristics .36
6.17.5 Avoiding the vulnerability or mitigating its effects .36
6.17.6 Implications for language design and evolution .36
6.18 Dead store [WXQ] .36
6.18.1 Description of application vulnerability.36
6.18.2 Cross reference .36
6.18.3 Mechanism of failure .37
6.18.4 Applicable language characteristics .37
6.18.5 Avoiding the vulnerability or mitigating its effects .37
6.18.6 Implications for language design and evolution .37
6.19 Unused variable [YZS] .38
6.19.1 Description of application vulnerability.38
6.19.2 Cross reference .38
6.19.3 Mechanism of failure .38
6.19.4 Applicable language characteristics .38
6.19.5 Avoiding the vulnerability or mitigating its effects .38
6.19.6 Implications for language design and evolution .38
6.20 Identifier name reuse [YOW] .38
6.20.1 Description of application vulnerability.38
6.20.2 Cross reference .39
6.20.3 Mechanism of failure .39
6.20.4 Applicable language characteristics .40
6.20.5 Avoiding the vulnerability or mitigating its effects .40
6.20.6 Implications for language design and evolution .40
6.21 Namespace issues [BJL].40
6.21.1 Description of application vulnerability.40
6.21.2 Cross-references . .41
6.21.3 Mechanism of failure .41
6.21.4 Applicable language characteristics .41
6.21.5 Avoiding the vulnerability or mitigating its effects .41
6.21.6 Implications for language design and evolution .42
6.22 Initialization of variables [LAV] .42
6.22.1 Description of application vulnerability.42
© ISO/IEC 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TR 24772-1:2019(E)
6.22.2 Cross reference .42
6.22.3 Mechanism of failure .42
6.22.4 Applicable language characteristics .43
6.22.5 Avoiding the vulnerability or mitigating its effects .43
6.22.6 Implications for language design and evolution .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.