...
Fortify SCA Version 5.0 is able to detect violations of this rule.
The tool Compass/ROSE should detect violations of this rule, by ensuring that every fopen() call with a variable as the file name should be preceded by an lstat() call, and succeeded by an lstat() call. While that doesn't enforce the rule completely, that does indicate that the coder is aware of the lstat-fopen-fstat idiom. I don't think this applies to file opens where the filename is a constant.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...