...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| PRQA QA-C |
| warncall -wc system | Partially implemented |
...
Related Guidelines
| CERT C++ Secure Coding Standard | ENV03ENV01-CPP. Sanitize the environment when invoking external programs |
| CERT Oracle Secure Coding Standard for Java | IDS07-J. Do not pass Sanitize untrusted , unsanitized data passed to the Runtime.exec() method |
| ISO/IEC TR 24772:2013 | Executing or Loading Untrusted Code [XYS] |
| MITRE CWE | CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") CWE-88, Argument injection or modification CWE-426, Untrusted search path CWE-807, Reliance on intrusted inputs in a security decision |
...