github · MichaelRFairhurst · Mar 29, 2025 · Mar 31, 2025 · Copilot · Mar 31, 2025
diff --git a/rules.csv b/rules.csv
@@ -515,6 +515,7 @@ c,CERT-C,ERR30-C,Yes,Rule,,,Take care when reading errno,M19-3-1,Contracts4,Hard
 c,CERT-C,ERR32-C,Yes,Rule,,,Do not rely on indeterminate values of errno,,Contracts5,Hard,
 c,CERT-C,ERR33-C,Yes,Rule,,,Detect and handle standard library errors,MEM52-CPP,Contracts5,Hard,
 c,CERT-C,ERR34-C,OutOfScope,Rule,,,Detect errors when converting a string to a number,,,,
+c,CERT-C,EXP16-C,Yes,Rule,,,Do not compare function pointers to constant values,,Expressions2,Medium,
 c,CERT-C,EXP30-C,Yes,Rule,,,Do not depend on the order of evaluation for side effects,EXP50-CPP,SideEffects1,Easy,
 c,CERT-C,EXP32-C,Yes,Rule,,,Do not access a volatile object through a nonvolatile reference,,Pointers3,Easy,
 c,CERT-C,EXP33-C,Yes,Rule,,,Do not read uninitialized memory,EXP53-CPP,InvalidMemory1,Import,
@@ -530,6 +531,8 @@ c,CERT-C,EXP44-C,Yes,Rule,,,"Do not rely on side effects in operands to sizeof,
 c,CERT-C,EXP45-C,Yes,Rule,,,Do not perform assignments in selection statements,M6-2-1,SideEffects1,Medium,
 c,CERT-C,EXP46-C,Yes,Rule,,,Do not use a bitwise operator with a Boolean-like operand,,Expressions,Easy,
 c,CERT-C,EXP47-C,OutOfScope,Rule,,,Do not call va_arg with an argument of the incorrect type,,,,
+c,CERT-C,FIO03-C,Yes,Rule,,,Do not make assumptions about fopen() and file creation,,IO5,Hard,
+c,CERT-C,FIO21-C,Yes,Rule,,,Do not create temporary files in shared directories,,IO5,Easy,
 c,CERT-C,FIO30-C,Yes,Rule,,,Exclude user input from format strings,A27-0-1,IO1,Import,
 c,CERT-C,FIO32-C,Yes,Rule,,,Do not perform operations on devices that are only appropriate for files,,IO3,Medium,
 c,CERT-C,FIO34-C,Yes,Rule,,,Distinguish between characters read from a file and EOF or WEOF,,IO1,Hard,
@@ -569,7 +572,7 @@ c,CERT-C,MSC38-C,Yes,Rule,,,Do not treat a predefined identifier as an object if
 c,CERT-C,MSC39-C,Yes,Rule,,,Do not call va_arg() on a va_list that has an indeterminate value,,Contracts7,Hard,
 c,CERT-C,MSC40-C,Yes,Rule,,,Do not violate constraints,,Contracts,Very Hard,
 c,CERT-C,MSC41-C,OutOfScope,Rule,,,Never hard code sensitive information,,,,
-c,CERT-C,POS30-C,OutOfScope,Rule,,,Use the readlink() function properly,,,,
+c,CERT-C,POS30-C,Yes,Rule,,,Use the readlink() function properly,,IO5,Hard,
 c,CERT-C,POS34-C,OutOfScope,Rule,,,Do not call putenv() with a pointer to an automatic variable as the argument,,,,
 c,CERT-C,POS35-C,OutOfScope,Rule,,,Avoid race conditions while checking for the existence of a symbolic link,,,,
 c,CERT-C,POS36-C,OutOfScope,Rule,,,Observe correct revocation order while relinquishing privileges,,,,

diff --git a/scripts/help/cert-help-extraction.py b/scripts/help/cert-help-extraction.py
@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 from argparse import ArgumentParser
+from typing import Generator
 import tempfile
 import re
 import urllib.request
@@ -23,6 +24,7 @@
 
 CERT_WIKI = "https://wiki.sei.cmu.edu"
 RULES_LIST_C = "/confluence/display/c/2+Rules"
+RECOMMENDED_LIST_C = "/confluence/display/c/3+Recommendations"
 RULES_LIST_CPP = "/confluence/display/cplusplus/2+Rules"
 
 cache_path = script_path.parent / '.cache'
@@ -47,16 +49,22 @@ def soupify(url: str) -> BeautifulSoup:
 
     return BeautifulSoup(content, 'html.parser')
 
-
-def get_rules():
-    rules = []
-    for soup in [soupify(f"{CERT_WIKI}{RULES_LIST_C}"), soupify(f"{CERT_WIKI}{RULES_LIST_CPP}")]:
+def get_rule_listings() -> Generator[Tag, None, None]:
+    for rule_list_id in [RULES_LIST_C, RULES_LIST_CPP]:
+        soup = soupify(f"{CERT_WIKI}{rule_list_id}")
         if soup == None:
-            return None
-
-        rule_listing_start = soup.find(
+            continue
+    
+        yield soup.find(
             "h1", string="Rule Listing")
 
+    soup = soupify(f"{CERT_WIKI}{RECOMMENDED_LIST_C}")
+    if soup != None:
+        yield soup.find("h1", string="Recommendation Listing")
+
+def get_rules():
+    rules = []
+    for rule_listing_start in get_rule_listings():
         for link in rule_listing_start.next_element.next_element.find_all('a'):
             if '-C' in link.string:
                 rule, title = map(str.strip, link.string.split('.', 1))
@@ -214,6 +222,8 @@ def helper(node):
                 # Fix a broken url present in many CERT-C pages
                 if node.name == 'a' and 'href' in node.attrs and node['href'] == "http://BB. Definitions#vulnerability":
                     node['href'] = "https://wiki.sei.cmu.edu/confluence/display/c/BB.+Definitions#BB.Definitions-vulnerability"
+                elif node.name == 'a' and 'href' in node.attrs and node['href'] == "http://BB. Definitions#unexpected behavior":
+                    node['href'] = "https://wiki.sei.cmu.edu/confluence/display/c/BB.+Definitions#BB.Definitions-unexpectedbehavior"
                 # Turn relative URLs into absolute URLS
                 elif node.name == 'a' and 'href' in node.attrs and node['href'].startswith("/confluence"):
                     node['href'] = f"{CERT_WIKI}{node['href']}"