Recommendations
FIO00-AC. Take care when creating format strings
FIO01-AC. Be careful using functions that use file names for identification
FIO02-AC. Canonicalize path names originating from untrusted sources
FIO03-AC. Do not make assumptions about fopen() and file creation
FIO04-AC. Detect and handle input and output errors
FIO05-AC. Identify files using multiple file attributes
FIO06-AC. Create files with appropriate access permissions
FIO07-AC. Prefer fseek() to rewind()
FIO08-AC. Take care when calling remove() on an open file
FIO09-AC. Be careful with binary data when transferring data across systems
FIO10-AC. Take care when using the rename() function
FIO11-AC. Take care when specifying the mode parameter of fopen()
FIO12-AC. Prefer setvbuf() to setbuf()
FIO13-AC. Never push back anything other than one read character
FIO14-AC. Understand the difference between text mode and binary mode with file streams
FIO15-AC. Ensure that file operations are performed in a secure directory
FIO16-AC. Limit access to files by creating a jail
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO00-A C | high | unlikely | medium | P6 | L2 |
FIO01-A C | medium | likely | medium | P12 | L1 |
FIO02-A C | medium | probable | medium | P8 | L2 |
FIO03-A C | medium | probable | high | P4 | L3 |
FIO04-A C | medium | probable | high | P4 | L3 |
FIO05-A C | medium | probable | medium | P8 | L2 |
FIO06-A C | medium | probable | high | P4 | L3 |
FIO07-A C | low | unlikely | low | P3 | L3 |
FIO08-A C | medium | probable | high | P4 | L3 |
FIO09-A C | medium | probable | high | P4 | L3 |
FIO10-A C | medium | probable | medium | P8 | L2 |
FIO11-A C | medium | probable | medium | P8 | L2 |
FIO12-A C | low | unlikely | medium | P2 | L3 |
FIO13-A C | medium | probable | high | P4 | L3 |
FIO14-A C | low | probable | high | P2 | L3 |
FIO15-A C | high | probable | high | P6 | L2 |
FIO16-A C | medium | probable | high | P4 | L3 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO30-C | high | likely | medium | P18 | L1 |
FIO31-C | medium | probable | high | P4 | L3 |
FIO32-C | medium | unlikely | medium | P4 | L3 |
FIO33-C | high | probable | medium | P12 | L1 |
FIO34-C | high | probable | medium | P12 | L1 |
FIO35-C | low | unlikely | medium | P2 | L3 |
FIO36-C | medium | likely | medium | P12 | L1 |
FIO37-C | high | probable | medium | P12 | L1 |
FIO38-C | low | probable | medium | P4 | L3 |
FIO39-C | low | likely | medium | P6 | L2 |
FIO40-C | low | probable | medium | P4 | L3 |
FIO41-C | low | unlikely | medium | P2 | L3 |
FIO42-C | medium | unlikely | medium | P4 | L3 |
FIO43-C | high | probable | medium | P12 | L1 |
FIO44-C | medium | unlikely | medium | P4 | L3 |
...
08. Memory Management (MEM) FIO00-AC. Take care when creating format strings