{"id":26688,"date":"2020-10-02T15:19:47","date_gmt":"2020-10-02T15:19:47","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/cppblog\/?p=26688"},"modified":"2020-10-12T10:41:31","modified_gmt":"2020-10-12T10:41:31","slug":"new-safety-rules-in-c-code-analysis","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/cppblog\/new-safety-rules-in-c-code-analysis\/","title":{"rendered":"New Safety Rules in C++ Code Analysis"},"content":{"rendered":"<p><span data-contrast=\"none\">In\u00a0<\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releases\/2019\/release-notes-preview\"><span data-contrast=\"none\">Visual Studio version 16.8<\/span><span data-contrast=\"none\"> Preview 3<\/span><\/a><span data-contrast=\"none\">,\u00a0 <\/span><span data-contrast=\"none\">we\u00a0<\/span><span data-contrast=\"none\">are\u00a0<\/span><span data-contrast=\"none\">add<\/span><span data-contrast=\"none\">ing<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">a\u00a0<\/span><span data-contrast=\"none\">few\u00a0<\/span><span data-contrast=\"none\">safety rules to C++ Code Analysis\u00a0<\/span><span data-contrast=\"none\">that can\u00a0<\/span><span data-contrast=\"none\">find<\/span><span data-contrast=\"none\">\u00a0some common mistakes, which can lead to\u00a0<\/span><span data-contrast=\"none\">bugs ranging<\/span><span data-contrast=\"none\">\u00a0from simple broken features to\u00a0<\/span><span data-contrast=\"none\">costly security vulnerabilities.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><span data-contrast=\"none\">These new rules are developed around issues discovered in <\/span><span data-contrast=\"none\">production<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">software via\u00a0<\/span><span data-contrast=\"none\">security reviews and incidents\u00a0<\/span><span data-contrast=\"none\">requiring\u00a0<\/span><span data-contrast=\"none\">costly\u00a0<\/span><span data-contrast=\"none\">servicing<\/span><span data-contrast=\"none\">.<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">Every shipping piece of software in Microsoft runs these rules as part of security and compliance requirements.<\/span><\/p>\n<p><span data-contrast=\"none\">This blog post will introduce new rules related to <code><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/oaidl\/ns-oaidl-variant\">VARIANT<\/a> <\/code>and its sibling types \u2013 such as <code>VARIANTARG<\/code>, or <code>PROPVARIANT<\/code>. To help with the new rules, <\/span><span data-contrast=\"none\">we <\/span><span data-contrast=\"none\">have built a code analysis extension, called <code>VariantClear<\/code>, that <\/span><span data-contrast=\"none\">detects violations of these new rules <\/span><span data-contrast=\"none\">in code<\/span><span data-contrast=\"none\">.\u00a0<\/span><span data-contrast=\"none\"> It is named <code>VariantClear<\/code> because the primary rule it detects is about misuse of <code><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/oleauto\/nf-oleauto-variantclear\">VariantClear<\/a> <\/code>function.<\/span><\/p>\n<p><span data-contrast=\"none\">The <code>VariantClear<\/code><\/span><span data-contrast=\"none\"><code>\u00a0<\/code>extension<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">detects\u00a0<\/span><span data-contrast=\"none\">and reports <\/span><span data-contrast=\"none\">the following warnings:<\/span><\/p>\n<ul>\n<li data-leveltext=\"\u00b7\" data-font=\"Symbol\" data-listid=\"1\" aria-setsize=\"-1\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"none\">C33001<\/span><span data-contrast=\"none\">:\u00a0<\/span><span data-contrast=\"none\">VARIANT &#8216;var&#8217; was cleared when it was\u00a0<\/span><span data-contrast=\"none\">uninitialized<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\u00b7\" data-font=\"Symbol\" data-listid=\"1\" aria-setsize=\"-1\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"none\">C33004<\/span><span data-contrast=\"none\">:\u00a0<\/span><span data-contrast=\"none\">VARIANT &#8216;var&#8217;, which is marked as\u00a0<\/span><i><span data-contrast=\"none\">Out<\/span><\/i><span data-contrast=\"none\">\u00a0was cleared before being\u00a0<\/span><span data-contrast=\"none\">initialized<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<li data-leveltext=\"\u00b7\" data-font=\"Symbol\" data-listid=\"1\" aria-setsize=\"-1\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"none\">C33005<\/span><span data-contrast=\"none\">:<\/span><span data-contrast=\"none\">\u00a0<\/span><span data-contrast=\"none\">VARIANT &#8216;var&#8217; was provided as an input or input\/output parameter but was not\u00a0initialized<\/span><span data-ccp-props=\"{&quot;134233279&quot;:true,&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/li>\n<\/ul>\n<p>While Visual Studio version 16.8 Preview 3 already has the VariantClear extension included, it is not yet enabled by default. To enable this extension, please add the following lines either to your project file or to the <code>Microsoft.CodeAnalysis.Extensions.props<\/code> file under <code>MSBuild\\Microsoft\\VC\\v160<\/code> folder in the Visual Studio installation location:<\/p>\n<p>If you want to add this to individual project file, add it after all other <code>&lt;PropertyGroup&gt;<\/code> elements:<\/p>\n<pre class=\"prettyprint\">&lt;PropertyGroup Condition=\"'$(ConfigurationType)'!='Utility' and '$(ConfigurationType)'!='Makefile'\"&gt;\r\n\u00a0\u00a0\u00a0 &lt;EspXtensions Condition=\"'$(EnableVariantClear)'!='false'\"&gt;VariantClear.dll;$(EspXtensions)&lt;\/EspXtensions&gt;\r\n&lt;\/PropertyGroup&gt;<\/pre>\n<p>If you want to modify your Visual Studio installation, you can add this to the <code>Microsoft.CodeAnalysis.Extensions.props<\/code> file, after the similar element for <code>HResultCheck<\/code>:<\/p>\n<pre class=\"prettyprint\">&lt;EspXtensions Condition=\"'$(EnableVariantClear)'!='false'\"&gt;VariantClear.dll;$(EspXtensions)&lt;\/EspXtensions&gt;<\/pre>\n<p>Please note that this will likely be overwritten if you repair or reinstall Visual Studio, or upgrade to a later release. Please stay tuned for update when we have this extension enabled in Visual Studio.<\/p>\n<h2><b><span data-contrast=\"none\">VariantClear\u00a0Rules<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\"><code>VARIANT<\/code> is a very convenient structure, allowing\u00a0exchange\u00a0of many different types of data using a single\u00a0struct\u00a0type. At any given time, it can hold either one of the alternative types, or no value. Type of the contained data or the fact that it contains no value is identified by the <code>VARIANT::vt<\/code>\u00a0member.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">A <code>VARIANT<\/code> object needs to be explicitly initialized before use or passed to some other code. Otherwise, this will cause random data to be accessed and used, causing different problems depending on what is accessed and how it is used.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">A <code>VARIANT<\/code> object also needs to be cleared when it is no longer needed. Otherwise, it can leave some resources behind, leaking resources or letting others mistakenly access and use the resource after its intended lifetime.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Initialization of a <code>VARIANT<\/code> object is usually done through calling <code>VariantInit<\/code> function. Clean up of a <code>VARIANT<\/code> object is mostly done through calling <code>VariantClear<\/code> function.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">There are some wrapper types for VARIANT struct to make it easier and safer to use, e.g. <code><a href=\"https:\/\/docs.microsoft.com\/en-us\/cpp\/atl\/reference\/ccomvariant-class?view=vs-2019\">CComVariant\u00a0<\/a> <\/code>and <code><a href=\"https:\/\/docs.microsoft.com\/en-us\/cpp\/cpp\/variant-t-class?view=vs-2019\">_variant_t<\/a><\/code>. Their default constructors initialize the instances being created and mark them as having no value, usually by calling <code>VariantInit<\/code>, passing the current instance. Their destructors clear the instances being destructed and mark them as having no value, usually by calling <code>VariantClear<\/code>, passing the current instance.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">VariantClear<\/span><span data-contrast=\"none\">\u00a0rules try to enforce the general rules of proper initialization of VARIANT instances before their use, including cleaning them up.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"none\">Warning C33001<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"none\">This warning is triggered when an uninitialized <code>VARIANT<\/code> is passed into an API that clears a <code>VARIANT<\/code> such as\u00a0<code>VariantClear<\/code>. These APIs expect the <code>VARIANT<\/code> is initialized before they can be cleared.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\"> Unfortunately, developers often forget this step.<\/span><\/p>\n<p><span data-contrast=\"none\">Here is a simplified example:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><code><\/code><\/p>\n<pre class=\"prettyprint\">#include\u00a0&lt;Windows.h&gt;\u00a0\r\n\r\nHRESULT\u00a0foo(bool\u00a0some_condition)\u00a0\r\n{\r\n\u00a0\u00a0\u00a0\u00a0VARIANT\u00a0var;\u00a0\r\n\u00a0\u00a0\r\n\u00a0\u00a0\u00a0\u00a0if\u00a0(some_condition)\u00a0\r\n\u00a0\u00a0\u00a0 {\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/...\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0VariantInit(&amp;var);\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/...\u00a0\r\n\u00a0\u00a0\u00a0 }\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantClear(&amp;var);\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ C33001\u00a0\r\n}<\/pre>\n<p><span data-contrast=\"none\">This code will trigger a C33001 warning because the <code>VARIANT<\/code> <code>var<\/code> is conditionally initialized only if <code>some_condition<\/code> is <code>true<\/code>. If the condition is <code>false<\/code>, it will not be initialized when it is passed to <code>VariantClear<\/code> function. To fix this problem, we have to make sure that we are calling <code>VariantClear<\/code> only for the <code>VARIANT<\/code>s that have been initialized:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<pre class=\"prettyprint\">#include\u00a0&lt;Windows.h&gt;\u00a0\r\n\r\nHRESULT\u00a0foo(bool\u00a0some_condition)\u00a0\r\n{\u00a0\r\n\u00a0\u00a0\u00a0 VARIANT var;\u00a0\r\n\u00a0\u00a0\r\n\u00a0\u00a0\u00a0\u00a0if\u00a0(some_condition)\u00a0\r\n\u00a0\u00a0\u00a0 {\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/...\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0VariantInit(&amp;var);\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/...\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0VariantClear(&amp;var);\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ C33001\u00a0\r\n\u00a0\u00a0\u00a0 }\u00a0\r\n}<\/pre>\n<p><code><\/code><b style=\"color: inherit; font-family: inherit; font-size: 1.75rem;\"><span data-contrast=\"none\">Warning C33004<\/span><\/b><span style=\"color: inherit; font-family: inherit; font-size: 1.75rem;\" data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">This warning is triggered when a <code>VARIANT<\/code> parameter with <code>_Out_<\/code> SAL (<\/span><span data-contrast=\"none\">source-code annotation language<\/span><span data-contrast=\"auto\">) annotation, which may not be to be initialized on input, is passed to an API such as\u00a0<code>VariantClear\u00a0<\/code>that expects an initialized <code>VARIANT<\/code>.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:257}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">A parameter that is annotated as <code>_Out_<\/code> is not required to have been initialized when calling the function. It will be initialized upon return from the function. For more details of SAL annotations, please refer\u00a0to\u00a0<\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/cpp\/code-quality\/using-sal-annotations-to-reduce-c-cpp-code-defects\"><span data-contrast=\"none\">SAL Annotations<\/span><\/a><span data-contrast=\"none\">.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">During code analysis, an <code>_Out_ VARIANT<\/code> parameter is assumed to be uninitialized, to be on the safer side. If this parameter is passed to a function such as\u00a0<code>VariantClear\u00a0<\/code>that expects an initialized <code>VARIANT<\/code> object, it will try to clean up or use a random type of data, possibly at random memory location. Here is a simplified example:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<pre class=\"prettyprint\">#include\u00a0&lt;Windows.h&gt;\u00a0\r\n\u00a0\u00a0\r\nHRESULT\u00a0t2(_Out_\u00a0VARIANT*\u00a0pv)\u00a0\r\n{\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\/\/ ......\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantClear(pv);\u00a0\u00a0\u00a0\/\/ C33004.\u00a0pv\u00a0is\u00a0assumed\u00a0uninitialized.\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\/\/ ......\u00a0\r\n\u00a0\u00a0\r\n\u00a0\u00a0\u00a0\u00a0return\u00a0S_OK;\u00a0\r\n}<\/pre>\n<p><span data-contrast=\"none\">To fix this problem, we\u00a0have to\u00a0make sure to initialize the <code>_Out_ VARIANT<\/code> parameter before using it or passing it to another function that expects an initialized <code>VARIANT<\/code> instance:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<pre class=\"prettyprint\">#include\u00a0&lt;Windows.h&gt;\u00a0\r\n\u00a0\u00a0\r\nvoid\u00a0t2(_Out_\u00a0VARIANT*\u00a0pv)\u00a0\r\n{\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantInit(pv);\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\/\/ ......\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantClear(pv);\u00a0\u00a0\u00a0\/\/ OK\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\/\/ ......\u00a0\r\n}<\/pre>\n<h3><b><span data-contrast=\"none\">Warning C33005<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"none\">This warning is triggered when an uninitialized <code>VARIANT<\/code> is passed to a function as input only or input\/output parameter &#8211; for example, a parameter of <code>const VARIANT*<\/code> type.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><span data-contrast=\"none\">Here is an example:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<pre class=\"prettyprint\">#include\u00a0&lt;Windows.h&gt;\u00a0\r\n\u00a0\u00a0\r\nvoid\u00a0bar(VARIANT*\u00a0v);\u00a0\u00a0\u00a0\/\/ v is assumed to be input\/output\u00a0\r\n\u00a0\u00a0\r\nvoid\u00a0foo()\u00a0\r\n{\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VARIANT\u00a0v;\u00a0\r\n\u00a0\u00a0\u00a0 bar(&amp;v);\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ C33005\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\/\/ ......\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantClear(&amp;v);\u00a0\u00a0\u00a0\/\/ OK, assumed to be initialized by\u00a0bar\u00a0\r\n}<\/pre>\n<p><span data-contrast=\"none\">Please note that the checker assumes a function that takes a non-const <code>VARIANT*<\/code> parameter would initialize the <code>VARIANT<\/code> object upon return from the function, to avoid generating noisy warnings.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"none\">Again, to fix this problem, we simply need to make sure to initialize the <code>VARIANT<\/code> object before passing it to another function as an input-only or input-output parameter:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<pre class=\"prettyprint\">#include\u00a0&lt;Windows.h&gt;\u00a0\r\n\u00a0\u00a0\r\nvoid\u00a0bar(VARIANT*\u00a0v);\u00a0\u00a0\u00a0\/\/ v is assumed to be input\/output\u00a0\r\n\u00a0\u00a0\r\nvoid\u00a0foo()\u00a0\r\n{\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VARIANT\u00a0v;\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantInit(&amp;v);\u00a0\r\n\u00a0\u00a0\u00a0 bar(&amp;v);\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ OK\u00a0\r\n\u00a0\u00a0\u00a0\u00a0\/\/ ......\u00a0\r\n\u00a0\u00a0\u00a0\u00a0VariantClear(&amp;v);\u00a0\u00a0\u00a0\/\/ OK, assumed to be initialized by\u00a0bar\u00a0\r\n}\u00a0\r\n<\/pre>\n<p><span data-contrast=\"none\">With the understanding of C33005 rule, it should be clearer why C33004 is reported only for an output-only (that is, annotated with <code>_Out_<\/code> SAL annotation)<\/span><span data-contrast=\"none\">\u00a0parameter<\/span><span data-contrast=\"none\">. For\u00a0<\/span><span data-contrast=\"none\">an\u00a0<\/span><span data-contrast=\"none\">input-only\u00a0<\/span><span data-contrast=\"none\">or<\/span><span data-contrast=\"none\">\u00a0input-output<\/span><span data-contrast=\"none\">\u00a0parameter<\/span><span data-contrast=\"none\">, passing\u00a0<\/span><span data-contrast=\"none\">a<\/span><span data-contrast=\"none\">n<\/span><span data-contrast=\"none\">\u00a0uninitialized <code>VARIANT<\/code> will be a violation of rule C33005.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"none\">Enabling new rules in Visual Studio<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"none\">You can enable these rules in Visual Studio as follows by selecting different ruleset for your project:<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<table data-tablestyle=\"MsoTableGrid\" data-tablelook=\"1184\">\n<tbody>\n<tr>\n<td data-celllook=\"69905\"><span data-contrast=\"none\">Rule ID<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"none\">Extension<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"none\">Native Minimum Rules<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"none\">Native Recommended Rules<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"69905\"><span data-contrast=\"none\">All Rules<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335551550&quot;:2,&quot;335551620&quot;:2,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">C33001<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">VariantClear<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">C33004<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">VariantClear<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<\/tr>\n<tr>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">C33005<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">VariantClear<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">\u00a0<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<td data-celllook=\"4369\"><span data-contrast=\"none\">X<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559740&quot;:259}\">\u00a0<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"none\">Give us your\u00a0feedback<\/span><\/b><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Check out these newly added rules and let us know if they help you write safer C++. Stay tuned as we add more safety rules in future releases of Visual Studio.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:257}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Download\u202f<\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/visualstudio\/releases\/2019\/release-notes-preview\"><span data-contrast=\"none\">Visual Studio 2019 version 16.8 Preview 3<\/span><\/a> <span data-contrast=\"auto\">today\u00a0and give it a try. We would love to hear from you to help us prioritize and build the right features for you. We can be reached via the comments below,\u202f<\/span><a href=\"https:\/\/developercommunity.visualstudio.com\/spaces\/8\/index.html\"><span data-contrast=\"none\">Developer Community<\/span><\/a><span data-contrast=\"auto\">,\u202fand\u00a0Twitter (<\/span><a href=\"https:\/\/twitter.com\/visualc\"><span data-contrast=\"none\">@VisualC<\/span><\/a><span data-contrast=\"auto\">). The best way to file a bug or suggest a feature is via Developer Community.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:257}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In\u00a0Visual Studio version 16.8 Preview 3,\u00a0 we\u00a0are\u00a0adding\u00a0a\u00a0few\u00a0safety rules to C++ Code Analysis\u00a0that can\u00a0find\u00a0some common mistakes, which can lead to\u00a0bugs ranging\u00a0from simple broken features to\u00a0costly security vulnerabilities.\u00a0These new rules are developed around issues discovered in production\u00a0software via\u00a0security reviews and incidents\u00a0requiring\u00a0costly\u00a0servicing.\u00a0Every shipping piece of software in Microsoft runs these rules as part of security and compliance requirements. [&hellip;]<\/p>\n","protected":false},"author":39446,"featured_media":35994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1,239,230,277],"tags":[119,163],"class_list":["post-26688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cplusplus","category-diagnostics","category-new-feature","category-writing-code","tag-code-analysis","tag-static-analysis"],"acf":[],"blog_post_summary":"<p>In\u00a0Visual Studio version 16.8 Preview 3,\u00a0 we\u00a0are\u00a0adding\u00a0a\u00a0few\u00a0safety rules to C++ Code Analysis\u00a0that can\u00a0find\u00a0some common mistakes, which can lead to\u00a0bugs ranging\u00a0from simple broken features to\u00a0costly security vulnerabilities.\u00a0These new rules are developed around issues discovered in production\u00a0software via\u00a0security reviews and incidents\u00a0requiring\u00a0costly\u00a0servicing.\u00a0Every shipping piece of software in Microsoft runs these rules as part of security and compliance requirements. [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/26688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/users\/39446"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/comments?post=26688"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/26688\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media\/35994"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media?parent=26688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/categories?post=26688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/tags?post=26688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}