Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The ability to determine whether an existing file has been opened or a new file has been created provides greater assurance that a file other than the intended file is not acted upon.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO03-C

Medium

Probable

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

Coverity6.5OPEN_ARGSFully implemented
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Polyspace Bug Finder
R2016a

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Use of non-secure temporary file

Temporary generated file name not secure

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5012Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[Callaghan 1995]IETF RFC 1813 NFS Version 3 Protocol Specification
[IEEE Std 1003.1:2013]System Interfaces: open
[ISO/IEC 9899:2011]Subclause 7.21.5.3, "The fopen Function"
Subclause K.3.5.2.1, "The fopen_s Function"
[Loosemore 2007]Section 12.3, "Opening Streams"
[Seacord 2013]Chapter 8, "File I/O"

 


...