2.4 – Check for Safe Alternatives to Banned C Functions

Here is the formal documentation for Section 2.4: Check for Safe Alternatives to Banned C Functions as per BIS compliance structure:


2.4 – Check for Safe Alternatives to Banned C Functions


Requirement Description

Verify that banned or unsafe C functions (such as gets(), strcpy(), strcat(), sprintf(), etc.) are not used in the firmware/application code, and are replaced with secure alternatives such as fgets(), strncpy(), strncat(), snprintf(), etc.


DUT Confirmation Details

(To be filled based on Device Under Test - model, serial number, version)


Software Details

(Firmware version, build number, OS/kernel details, etc.)


Hash Checksum Verification for DUT’s Software Image

(To ensure software integrity before analysis. Include SHA256/MD5)


DUT Configuration

(Any specific runtime configuration related to memory management or build flags used for the test)


Pre-Conditions

Vendor shall provide the following:

  • Complete firmware binaries used in production.

  • Source code, if available, for secure code review.

  • Internal code audit or review reports, if previously conducted.


Test Plan

  • Total Number of Test Cases: 4

  • Scope: Static code analysis + Manual inspection


Test-bed Diagram with Interfaces and IPs

(Include any debugging interface, source review tools, IPs used for scanning/testing)


Last updated

Was this helpful?