...
As a starting point, the I/O topic area describes the use of C99 standard functions. However, because these functions have been generalized to support multiple disparate operating and file systems, they cannot generally be used in a secure fashion. As a result, most of the rules and recommendations in this topic area recommend approaches that are specific to the operating system and file systems in use. Because of the inherent complexity, there may not exist compliant solutions for all operating system and file system combinations. Therefore, the applicability of the rules for the target operating system/file system combinations should be considered.
Recommendations
FIO00-A. ReservedTake care when creating format strings
FIO01-A. Prefer functions that do not rely on file names for identification
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | |||
|---|---|---|---|---|---|---|---|---|
FIO00-A |
|
|
| 1 (low) | 1 (unlikely) | 2 (medium) | P2 P0 | L3 |
FIO01-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 | |||
FIO02-A | 3 (high) | 1 (unlikely) | 1 (high) | P3 | L3 | |||
FIO03-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 | |||
FIO04-A | 2 (medium) | 2 (probable) | 1 (high) | P4 | L3 | |||
FIO05-A | 2 (medium) | 2 (probable) | 2 (medium) | P8 | L2 | |||
FIO06-A | 2 (medium) | 1 (unlikely) | 2 (medium) | P4 | L3 | |||
FIO07-A | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 | |||
FIO08-A | 2 (medium) | 1 (unlikely) | 2 (medium) | P4 | L3 | |||
FIO09-A | 2 (medium) | 1 (unlikely) | 2 (medium) | P4 | L3 | |||
FIO10-A | 2 (medium) | 3 (likely) | 2 (medium) | P12 | L1 | |||
FI011-A | 1 (low) | 2 (probable) | 3 (low) | P6 | L2 | |||
FIO12-A | 1 (low) | 2 (probable) | 2 (medium) | P4 | L3 | |||
FIO13-A | 1 (low) | 2 (probable) | 1 (high) | P2 | L3 |
...