TECHNICAL ISO/IEC TR REPORT 24772-1 First edition 2019-12 Programming languages Guidance to avoiding vulnerabilities in programming languages - Part 1: Language-independent guidance Langages de programmation - Conduite pour éviter les vulnerabilites dans les langages de programmation Partie 1: Conduite indépendante du langage Reference number ISO/IEC TR24772-1:2019(E) TEC ISO @IS0/IEC2019 IS0/IEC TR 24772-1:2019(E) COPYRIGHTPROTECTEDDOCUMENT @ IS0/IEC 2019 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva Phone: +4122 749 0111 Fax: +41 22 749 09 47 Email: [email protected] Website: www.iso.org Published in Switzerland ii @ IS0/IEC 2019 - All rights reserved IS0/IEC TR24772-1:2019(E) Contents Page Foreword ..XV Introduction. .xvi 1 Scope. 2 Normative references 3 Terms and definitions. 3.1 Terms related to communication. .1 3.2 Terms related to execution model 3.3 Properties. 4 3.4 Safety 3.5 Vulnerabilities. .4 4 Applying this document .5 5 Vulnerability issues and general avoidance mechanisms .7 5.1 Predictableexecution 7 5.2 Sources of unpredictability in language specification .8 5.2.1 Incomplete or evolving specification ..8 5.2.2 Undefined behaviour. .8 5.2.3 Unspecified behaviour .8 5.2.4 Implementation-defined behaviour ..8 5.2.5 Difficult features. .8 5.2.6 Inadequate language support. 5.3 Sources of unpredictability in language usage .9 5.3.1 Porting and interoperation. 5.3.2 Compiler selection and usage .9 5.4 Top avoidance mechanisms. .9 6 Programming language vulnerabilities .11 6.1 General .11 6.2 Type system [IHN] .11 6.2.1 Description of application vulnerability ..11 6.2.2 Cross reference. .11 6.2.3 Mechanism of failure .11 6.2.4 Applicable language characteristics. .13 6.2.5 Avoiding the vulnerability or mitigating its effects. ..13 6.2.6 Implications for language design and evolution .14 6.3 Bit representations [STR] ..14 6.3.1 Description of application vulnerability ..14 6.3.2 Cross reference. .14 6.3.3 Mechanism of failure ..14 6.3.4 Applicable language characteristics. ..15 6.3.5 Avoiding the vulnerability or mitigating its effects. ..15 6.3.6 Implications for language design and evolution .15 6.4 Floating-point arithmetic [PLF] .15 6.4.1 Description of application vulnerability .15 6.4.2 Cross reference. ..16 6.4.3 Mechanism of failure. ..16 6.4.4 Applicable language characteristics .17 6.4.5 Avoiding the vulnerability or mitigating its effects. ..17 6.4.6 Implications for language design and evolution .17 6.5 Enumerator issues [CCB] .18 6.5.1 Description of application vulnerability ..18 6.5.2 Cross reference. ..18 6.5.3 Mechanism of failure. ..18 6.5.4 Applicable language characteristics. ..19 @ IS0/IEC 2019 - All rights reserved iii IS0/IECTR24772-1:2019(E) 6.5.5 Avoiding the vulnerability or mitigating its effects. 19 6.5.6 Implications for language design and evolution 19 6.6 Conversion errors[FLC] 19 6.6.1 Description of application vulnerability 19 6.6.2 Cross reference 20 6.6.3 Mechanismoffailure 20 6.6.4 Applicable language characteristics. 20 6.6.5 Avoiding the vulnerability or mitigating its effects 21 6.6.6 Implications for language design and evolution 21 6.7 String termination [CJM] 21 6.7.1 Description of application vulnerability 21 6.7.2 Cross reference. 21 6.7.3 Mechanism of failure. 22 6.7.4 Applicable language characteristics 22 6.7.5 Avoiding the vulnerability or mitigating its effects 22 6.7.6 Implications for language design and evolution 22 6.8 Buffer boundary violation (buffer overflow) [HCB] 22 6.8.1 Description of appl