2.4 – Check for Safe Alternatives to Banned C Functions
Here is the formal documentation for Section 2.4: Check for Safe Alternatives to Banned C Functions as per BIS compliance structure:
2.4 – Check for Safe Alternatives to Banned C Functions
Requirement Description
Verify that banned or unsafe C functions (such as gets()
, strcpy()
, strcat()
, sprintf()
, etc.) are not used in the firmware/application code, and are replaced with secure alternatives such as fgets()
, strncpy()
, strncat()
, snprintf()
, etc.
DUT Confirmation Details
(To be filled based on Device Under Test - model, serial number, version)
Software Details
(Firmware version, build number, OS/kernel details, etc.)
Hash Checksum Verification for DUT’s Software Image
(To ensure software integrity before analysis. Include SHA256/MD5)
DUT Configuration
(Any specific runtime configuration related to memory management or build flags used for the test)
Pre-Conditions
Vendor shall provide the following:
Complete firmware binaries used in production.
Source code, if available, for secure code review.
Internal code audit or review reports, if previously conducted.
Test Plan
Total Number of Test Cases: 4
Scope: Static code analysis + Manual inspection
Test-bed Diagram with Interfaces and IPs
(Include any debugging interface, source review tools, IPs used for scanning/testing)
Last updated
Was this helpful?