averello/cursor-security-rules-mirror
1
0
Fork 0
mirror of https://github.com/matank001/cursor-security-rules.git synced 2025-12-12 20:35:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
cursor-security-rules-mirror/secure-dev-c.mdc

43 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

---
description:
globs: **/*.c,**/*.h
alwaysApply: false
---
# Secure C Development
These rules apply to all C source and header files in the repository and aim to prevent memory corruption, code injection, and unsafe system behavior.
All violations must include a clear explanation of which rule was triggered and why, to help developers understand and fix the issue effectively.
Generated code must not violate these rules. If a rule is violated, a comment must be added explaining the issue and suggesting a correction.
## 1. Avoid Unsafe Functions
- **Rule:** Do not use functions like `gets`, `strcpy`, `sprintf`, or `scanf` with `%s`. Use bounded or safer alternatives like `fgets`, `strncpy`, or `snprintf`.
## 2. Always Validate Input Lengths
- **Rule:** Validate the length of user or external input before copying, storing, or processing it to prevent buffer overflows.
## 3. Initialize All Pointers and Memory
- **Rule:** All pointers and allocated memory must be explicitly initialized before use.
## 4. Check All Memory Allocations
- **Rule:** Check the result of `malloc`, `calloc`, or `realloc` for `NULL` before using the returned pointer.
## 5. Avoid Format String Vulnerabilities
- **Rule:** Never pass user-controlled strings directly as the format argument to functions like `printf`, `fprintf`, or `syslog`.
## 6. Free All Allocated Memory
- **Rule:** All dynamic memory must be properly freed to avoid memory leaks. Avoid double-free and use-after-free errors.
## 7. Do Not Trust Environment Variables
- **Rule:** Environment variables must not be used directly in sensitive operations like file access, exec calls, or security checks without validation.
## 8. Avoid System and Shell Calls with Input
- **Rule:** Do not use `system()`, `popen()`, or similar functions with user-controlled input. Use direct APIs when possible.
## 9. Limit Pointer Arithmetic and Casting
- **Rule:** Avoid unnecessary pointer arithmetic and type casting that can bypass bounds or type safety.
## 10. Use Static Analysis and Compiler Warnings
- **Rule:** Enable strict compiler warnings (`-Wall -Wextra -Werror`) and use static analysis tools (e.g., `clang-tidy`, `cppcheck`) to detect risky patterns.
Reference in New Issue View Git Blame Copy Permalink