I've written about banned APIs before
- for security reasons
some C Runtime functions like strcpy should not be used, and instead you should use replacements like strcpy_s that perform some checking before trusting the strings they're handed. You might also know that I really like
the extension capabilities in Visual Studio 2010.
So how can I resist a Visual Studio extension that gives you wigglies if you use a banned API?
You even get a handy tooltip suggesting replacements. This is a must-install for any C++ developer. You can get zip of the source (you'll need the Visual Studio 2010 SDK to build it) with a prebuilt VSIX in it from the Security Development Lifecycle blog
. It doesn't seem to be on the Visual Studio Gallery yet, but it should be! If you haven't met the VSIX format yet, prepare to be pleasantly surprised - it's a self contained one step installation vehicle for a Visual Studio extension. Just double click it and Visual Studio does the rest.