mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-03-30 21:53:28 +08:00
b6595974c2
- agents: cpp-build-resolver, cpp-reviewer - commands: cpp-build, cpp-review, cpp-test - rules: cpp/ (coding-style, hooks, patterns, security, testing) - tests: 9 new hook test files with comprehensive coverage Cherry-picked from PR #436.
52 lines
1.2 KiB
Markdown
52 lines
1.2 KiB
Markdown
---
|
|
paths:
|
|
- "**/*.cpp"
|
|
- "**/*.hpp"
|
|
- "**/*.cc"
|
|
- "**/*.hh"
|
|
- "**/*.cxx"
|
|
- "**/*.h"
|
|
- "**/CMakeLists.txt"
|
|
---
|
|
# C++ Security
|
|
|
|
> This file extends [common/security.md](../common/security.md) with C++ specific content.
|
|
|
|
## Memory Safety
|
|
|
|
- Never use raw `new`/`delete` — use smart pointers
|
|
- Never use C-style arrays — use `std::array` or `std::vector`
|
|
- Never use `malloc`/`free` — use C++ allocation
|
|
- Avoid `reinterpret_cast` unless absolutely necessary
|
|
|
|
## Buffer Overflows
|
|
|
|
- Use `std::string` over `char*`
|
|
- Use `.at()` for bounds-checked access when safety matters
|
|
- Never use `strcpy`, `strcat`, `sprintf` — use `std::string` or `fmt::format`
|
|
|
|
## Undefined Behavior
|
|
|
|
- Always initialize variables
|
|
- Avoid signed integer overflow
|
|
- Never dereference null or dangling pointers
|
|
- Use sanitizers in CI:
|
|
```bash
|
|
cmake -DCMAKE_CXX_FLAGS="-fsanitize=address,undefined" ..
|
|
```
|
|
|
|
## Static Analysis
|
|
|
|
- Use **clang-tidy** for automated checks:
|
|
```bash
|
|
clang-tidy --checks='*' src/*.cpp
|
|
```
|
|
- Use **cppcheck** for additional analysis:
|
|
```bash
|
|
cppcheck --enable=all src/
|
|
```
|
|
|
|
## Reference
|
|
|
|
See skill: `cpp-coding-standards` for detailed security guidelines.
|