[metadata]
id = "STR05-C"
type = "recommendation"
category = "STR"
number = 5
title = "Use pointers to const when referring to string literals"
description = """
The type of a narrow string literal is an array ofchar, and the type of a wide
string literal is an array ofwchar_t. However, string literals (of both types)
are notionally constant and should consequently be protected
byconstqualification. This recommendation is a specialization ofDCL00-C. Const-
qualify immutable objectsand also supportsSTR30-C. Do not attempt to modify
string literals. Addingconstqualification may propagate through a program;
asconstqualifiers are added, still more become necessary. This phenomenon is
sometimes calledconst-poisoning. Const-poisoning can frequently lead to
violations ofEXP05-C. Do not cast away a const qualification.
Althoughconstqualification is a good idea, the costs may outweigh the value in
the remediation of existing code. In this noncompliant code example,
theconstkeyword has been omitted:
"""
severity = "Low"
likelihood = "Unlikely"
priority = "P3"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "Aug 31, 2025"
[rules.cert_c.STR05-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/STR05-C.+Use+pointers+to+const+when+referring+to+string+literals"