2.4 – Check for Safe Alternatives to Banned C Functions

Here is the formal documentation for Section 2.4: Check for Safe Alternatives to Banned C Functions as per BIS compliance structure:

2.4 – Check for Safe Alternatives to Banned C Functions

Requirement Description

Verify that banned or unsafe C functions (such as gets(), strcpy(), strcat(), sprintf(), etc.) are not used in the firmware/application code, and are replaced with secure alternatives such as fgets(), strncpy(), strncat(), snprintf(), etc.

DUT Confirmation Details

(To be filled based on Device Under Test - model, serial number, version)

Software Details

(Firmware version, build number, OS/kernel details, etc.)

Hash Checksum Verification for DUT’s Software Image

(To ensure software integrity before analysis. Include SHA256/MD5)

DUT Configuration

(Any specific runtime configuration related to memory management or build flags used for the test)

Pre-Conditions

Vendor shall provide the following:

Complete firmware binaries used in production.
Source code, if available, for secure code review.
Internal code audit or review reports, if previously conducted.

Test Plan

Total Number of Test Cases: 4
Scope: Static code analysis + Manual inspection

Test-bed Diagram with Interfaces and IPs

(Include any debugging interface, source review tools, IPs used for scanning/testing)

PreviousTest 1-5 NextTest 1

Last updated 6 months ago

hashtag2.4 – Check for Safe Alternatives to Banned C Functions

hashtagRequirement Description

hashtagDUT Confirmation Details

hashtagSoftware Details

hashtagHash Checksum Verification for DUT’s Software Image

hashtagDUT Configuration

hashtagPre-Conditions

hashtagTest Plan

hashtagTest-bed Diagram with Interfaces and IPs