Skip to content

Language Specific Security Skills Base on Intel Secure Coding Standards #1328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
saratpoluri merged 6 commits into from
Apr 30, 2026
Merged

Language Specific Security Skills Base on Intel Secure Coding Standards #1328

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5a900c0
initial version of security related language specific skills for copilot
ltalarcz Apr 24, 2026
2e97261
Merge branch 'main' into copilot-security-skills-language-specific
ltalarcz Apr 24, 2026
aebb265
Reference to language specific secutiry guidelines
ltalarcz Apr 24, 2026
3ea785d
prettier
ltalarcz Apr 24, 2026
d2eca4c
No external links in skills
ltalarcz Apr 24, 2026
24594ee
Merge branch 'main' into copilot-security-skills-language-specific
saratpoluri Apr 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
246 changes: 246 additions & 0 deletions .github/skills/intel-secure-cpp-specifics.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,246 @@
<!-- SPDX-License-Identifier: Apache-2.0 -->
Copy link
Copy Markdown
Contributor

@saratpoluri saratpoluri Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will need to set the proper hierarchy for what is auto discoverable and what will be hierarchically loaded as part of security guidelines. I will make that change across the repo later. For now, this looks good to me.

<!-- SPDX-FileCopyrightText: (C) 2026 Intel Corporation -->

# Intel Secure C++ Specifics

## Purpose

This skill provides guidance for secure C++ coding in SceneScape's geometry and vision components, grounded in Intel Secure Coding Standards - C++ Specifics.

**Applies to:**

- `scene_common/src/fast_geometry/` (C++ geometry extension)
- `controller/src/robot_vision/` (C++ vision processing)
- `tracker/` (C++ tracking component)
- Any new C++ modules

---

## Core Principles

### Memory Management (RAII)

βœ… **DO:**

```cpp
// Use RAII: Resource Acquisition Is Initialization
class CameraMatrix {
std::unique_ptr<float[]> data_;
size_t size_;
public:
CameraMatrix(size_t n) : data_(new float[n]), size_(n) {}
~CameraMatrix() { /* automatically freed by unique_ptr */ }
};

// Use smart pointers
std::unique_ptr<Geometry> geom(new Geometry()); // Prefer unique_ptr
std::shared_ptr<Camera> cam(new Camera()); // Use shared_ptr only if needed
```

❌ **DON'T:**

```cpp
// Raw new/delete
float* data = new float[1024];
// ... risk of memory leak if exception or early return ...
delete[] data;

// malloc/free (C-style)
float* data = (float*)malloc(1024 * sizeof(float));
free(data);
```

### String Handling

βœ… **DO:**

```cpp
std::string camera_name = "camera_1";
std::string full_path = camera_name + "_calibration.json";

// Use std::string_view for non-owning references
void process_camera(std::string_view name) {
// read-only access without copying
}

// Use std::format (C++20) or fmt::format
std::string message = std::format("Camera {} position: {}", id, pos);
```

❌ **DON'T:**

```cpp
// C-style strings and unsafe functions
char name[255];
strcpy(name, user_input); // Buffer overflow risk
strcat(name, ".json"); // Dangerous

// printf family
printf("Position: %d %d\n", x, y); // Prone to format string attacks
sprintf(buffer, "Name: %s", name); // No bounds checking
```

### Type Safety & Const Correctness

βœ… **DO:**

```cpp
// Use strong typing
struct Point { float x, y, z; };
struct Camera { float focal_length; };

// Explicit casts
int size = static_cast<int>(data.size());

// Const for read-only
const Point& get_position() const { return position_; }
void set_position(const Point& p) { position_ = p; }

// nullptr for null pointers
Point* position = nullptr; // Strongly typed
if (position != nullptr) { /* ... */ }
```

❌ **DON'T:**

```cpp
// Weak typing (void*)
void* data = geometry_data; // What type is this?

// Implicit casting
int size = data.size(); // May lose precision

// NULL macro (C-style)
Point* position = NULL;

// Uninitialized pointers
Point* position; // May contain garbage
```

### Integer Arithmetic

βœ… **DO:**

```cpp
// Check for overflow before operations
size_t total_size = num_cameras * points_per_camera;
if (num_cameras > SIZE_MAX / points_per_camera) {
throw std::overflow_error("Size calculation overflow");
}

// Guard division by zero
if (divisor != 0) {
result = numerator / divisor;
} else {
throw std::runtime_error("Division by zero");
}

// Check INT_MIN/-1 for signed division
if (!(value == INT_MIN && divisor == -1)) {
result = value / divisor;
}
```

❌ **DON'T:**

```cpp
// Unsigned/signed mix
int signed_val = -10;
unsigned int unsigned_val = 20;
int result = signed_val + unsigned_val; // Unexpected conversion

// Unguarded division
result = a / b; // May crash if b == 0

// Integer overflow
int overflow = INT_MAX + 1; // Undefined behavior
```

### Error Handling

βœ… **DO:**

```cpp
// Check return values
int result = calibrate_camera(cam);
if (result != SUCCESS) {
log_error("Camera calibration failed");
throw std::runtime_error("Calibration error");
}

// Use exceptions, not assert for security
if (!validate_matrix(M)) {
throw std::invalid_argument("Invalid matrix");
}

// Use std::optional for optional results
std::optional<Point> find_feature(const Image& img) {
if (/* found */) return Point{x, y};
return std::nullopt;
}
```

❌ **DON'T:**

```cpp
// Ignore return values
calibrate_camera(cam); // Result ignored; may fail silently

// Use assert for runtime validation
assert(validate_matrix(M)); // Removed in release builds!

// Silent failures
if (load_config(file)) { /* continue */ } // What failed?
```

### Function Design

βœ… **DO:**

```cpp
// Limit parameters (ideally ≀6)
Point apply_transform(const Point& p, const Matrix& M, const Vector& t) {
return M * p + t;
}

// Clear error handling
[[nodiscard]] bool validate_image(const Image& img);

// Pure functions where possible
float distance(const Point& a, const Point& b) {
return std::sqrt((a.x - b.x) * (a.x - b.x) +
(a.y - b.y) * (a.y - b.y));
}
```

❌ **DON'T:**

```cpp
// Too many parameters
Point complex_op(int a, int b, int c, int d, int e, int f, int g) { /* ... */ }

// Variadic functions (error-prone)
void log_message(const char* fmt, ...); // Use std::format instead

// Functions with hidden side effects
Point get_position(); // Modifies global state? Unclear
```

---

## Review Checklist

When reviewing or generating C++ code:

- [ ] All heap allocations use `std::unique_ptr<T>` or `std::shared_ptr<T>` (no raw `new`/`delete`)
- [ ] No `malloc`/`free` (C-style memory management)
- [ ] All pointers initialized to `nullptr` (not `NULL`)
- [ ] All strings use `std::string` (not C-style char arrays)
- [ ] No `printf` family functions (use `std::format` or `fmt::format`)
- [ ] Return values checked for all functions that may fail
- [ ] Integer arithmetic guarded against overflow/underflow
- [ ] Division by zero prevented (checked divisor)
- [ ] Const-correctness enforced (const members, const references)
- [ ] Assert not used for security validation (use exceptions)
- [ ] Type casts use `static_cast<T>`, `const_cast<T>` explicitly (never C-style casts)
- [ ] No `void*` for type safety
Loading
Loading