From c2e1fcd59f25a6c13eda3faa77e2113ba7432508 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20G=2E=20Dieste?= Date: Tue, 27 Jan 2026 17:28:20 +0100 Subject: [PATCH 1/2] Add PWR002 to `modernization` - C99 introduced the ability to mix variable declarations with the rest of the code. - Fortran 2008 introduced the `block` construct. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4dc1c20..b62edb3 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ designed to demonstrate: | ID | Title | Category | CWE | ISO/IEC 24772-8 | SEI CERT C | SEI CERT C++ | C | Fortran | C++ | AutoFix | |:------------------------ |:-----------------------------------------------------------------------------------------------------------:|:--------------------------------------------------:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|:----------------------------------------------------------------------------------------------------------------------------:|:-:|:-------:|:---:|:-------:| | [PWR001](Checks/PWR001/) | Pass global variables as function arguments | correctness, modernization, security | [CWE-1108](https://cwe.mitre.org/data/definitions/1108.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | ✓ | ✓ | | -| [PWR002](Checks/PWR002/) | Declare scalar variables in the smallest possible scope | correctness, security | [CWE-1126](https://cwe.mitre.org/data/definitions/1126.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | | ✓ | | +| [PWR002](Checks/PWR002/) | Declare scalar variables in the smallest possible scope | correctness, modernization, security | [CWE-1126](https://cwe.mitre.org/data/definitions/1126.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | | ✓ | | | [PWR003](Checks/PWR003/) | Explicitly declare pure functions | modernization, security | | [6.24](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | ✓ | ✓ | ✓ | | | [PWR004](Checks/PWR004/) | Declare OpenMP scoping for all variables | correctness | | | | | ✓ | ✓ | ✓ | | | [PWR005](Checks/PWR005/) | Disable default OpenMP scoping | correctness | | | | | ✓ | ✓ | ✓ | | From e9bbbb16e5ff3f037f7238f47116b139a966ddb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20G=2E=20Dieste?= Date: Tue, 27 Jan 2026 17:32:44 +0100 Subject: [PATCH 2/2] Add PWR004 and PWR005 to `security` They help avoid common parallel programming pitfalls, such as data races, which are considered vulnerabilities by rules like CON43-C. --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b62edb3..609872f 100644 --- a/README.md +++ b/README.md @@ -34,8 +34,8 @@ designed to demonstrate: | [PWR001](Checks/PWR001/) | Pass global variables as function arguments | correctness, modernization, security | [CWE-1108](https://cwe.mitre.org/data/definitions/1108.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | ✓ | ✓ | | | [PWR002](Checks/PWR002/) | Declare scalar variables in the smallest possible scope | correctness, modernization, security | [CWE-1126](https://cwe.mitre.org/data/definitions/1126.html) | | [DCL19-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL19-C.+Minimize+the+scope+of+variables+and+functions) | | ✓ | | ✓ | | | [PWR003](Checks/PWR003/) | Explicitly declare pure functions | modernization, security | | [6.24](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf) | | | ✓ | ✓ | ✓ | | -| [PWR004](Checks/PWR004/) | Declare OpenMP scoping for all variables | correctness | | | | | ✓ | ✓ | ✓ | | -| [PWR005](Checks/PWR005/) | Disable default OpenMP scoping | correctness | | | | | ✓ | ✓ | ✓ | | +| [PWR004](Checks/PWR004/) | Declare OpenMP scoping for all variables | correctness, security | | | | | ✓ | ✓ | ✓ | | +| [PWR005](Checks/PWR005/) | Disable default OpenMP scoping | correctness, security | | | | | ✓ | ✓ | ✓ | | | [PWR006](Checks/PWR006/) | Avoid privatization of read-only variables | optimization | | | | | ✓ | ✓ | ✓ | | | [PWR007](Checks/PWR007/) | Disable the implicit declaration of variables and procedures | correctness, modernization, security | [CWE-628](https://cwe.mitre.org/data/definitions/628.html) | [6.17](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.18](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.19](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.21](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.54](https://j3-fortran.org/doc/year/23/23-241.pdf), [7.2](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL07-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL07-C.+Include+the+appropriate+type+information+in+function+declarators), [DCL31-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL31-C.+Declare+identifiers+before+using+them), [EXP37-C](https://wiki.sei.cmu.edu/confluence/display/c/EXP37-C.+Call+functions+with+the+correct+number+and+type+of+arguments) | | | ✓ | | ✓[^1] | | [PWR008](Checks/PWR008/) | Declare the intent for each procedure argument | correctness, modernization, security | [CWE-374](https://cwe.mitre.org/data/definitions/374.html) | [6.32](https://j3-fortran.org/doc/year/23/23-241.pdf), [6.65](https://j3-fortran.org/doc/year/23/23-241.pdf) | [DCL13-C](https://wiki.sei.cmu.edu/confluence/display/c/DCL13-C.+Declare+function+parameters+that+are+pointers+to+values+not+changed+by+the+function+as+const) | | | ✓ | | ✓[^1] |