Recommendations
ENV00-AC. Do not store the pointer to the string returned by getenv()
ENV01-AC. Do not make assumptions about the size of an environment variable
ENV02-AC. Beware of multiple environment variables with the same effective name
ENV03-AC. Sanitize the environment when invoking external programs
ENV04-AC. Do not call system() if you do not need a command processor
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV00-A C | low | probable | medium | P4 | L3 |
ENV01-A C | high | likely | medium | P18 | L1 |
ENV02-A C | low | unlikely | medium | P2 | L3 |
ENV03-A C | high | likely | high | P9 | L2 |
ENV04-A C | high | probable | medium | P12 | L1 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV30-C | low | probable | medium | P4 | L3 |
ENV31-C | low | probable | medium | P4 | L3 |
ENV32-C | medium | likely | medium | P12 | L1 |
...
09. Input Output (FIO) ENV00-AC. Do not store the pointer to the string returned by getenv()