| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| FIO30-C | High | Likely | Yes | No | P18 | L1 |
| FIO32-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO34-C | High | Probable | Yes | Yes | P18 | L1 |
| FIO37-C | High | Probable | Yes | Yes | P18 | L1 |
| FIO38-C | Low | Probable | Yes | No | P4 | L3 |
| FIO39-C | Low | Likely | Yes | No | P6 | L2 |
| FIO40-C | Low | Probable | Yes | Yes | P6 | L2 |
| FIO41-C | Low | Unlikely | Yes | Yes | P3 | L3 |
| FIO42-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO44-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO45-C | High | Probable | No | No | P6 | L2 |
| FIO46-C | Medium | Unlikely | No | No | P2 | L3 |
| FIO47-C | High | Unlikely | Yes | No | P6 | L2 |
Related Rules and Recommendations
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
Recommendations
FIO01-A. Prefer functions that do not rely on file names for identification
FIO02-A. Canonicalize file names originating from untrusted sources
FIO03-A. Do not make assumptions about fopen() and file creation
FIO04-A. Detect and handle input output errors
FIO05-A. Identify files using multiple file attributes
FIO06-A. Create files with appropriate access permissions
FIO06-A. Do not create temporary files in shared directories
Rules
FIO30-C. Exclude user input from format strings
FIO32-C. Temporary file names must be unique when the file is created
FIO33-C. Detect and handle input output errors resulting in undefined behavior
FIO34-C. Use int to capture the return value of character IO functions
FIO35-C. Use feof() and ferror() to detect end-of-file and file errors
FI036-C. Don't assume a newline character is read
FI037-C. Don't assume character data has been read
FI038-C. Do not use a copy of a FILE object for IO
FI039-C. Temporary file name generators must create unique file names
FI040-C. Temporary files must be opened with exclusive access
FI041-C. Temporary files must have an unpredictable name
FI042-C. Temporary files must be removed before the program exits
Risk Assessment Summary
Recommendations
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO01-A | 3 (high) | 2 (likely) | 1 (high) | P6 | L2 |
FIO02-A | 3 (high) | 1 (unlikely) | 1 (high) | P3 | L3 |
FIO03-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
FIO04-A | 2 (medium) | 2 (probable) | 1 (high) | P4 | L3 |
FIO05-A | 2 (medium) | 2 (probable) | 2 (medium) | P8 | L2 |
FIO06-A | 2 (high) | 2 (probable) | 2 (medium) | P8 | L2 |
Rules
...
Rule
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
FIO30-C
...
3 (high)
...
3 (probable)
...
3 (low)
...
P27
...
L1
...
FIO32-C
...
3 (high)
...
2 (probable)
...
1 (medium)
...
P6
...
L2
...
FIO33-C
...
1 (low)
...
1 (low)
...
3 (medium)
...
P3
...
L3
...
FIO34-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...
L2
...
FIO35-C
...
1 (low)
...
1 (unlikely)
...
2 (medium)
...
P2
...
L3
...
FIO36-A
...
1 (low)
...
1 (unlikely)
...
3 (low)
...
P3
...
L3
...
FIO38-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...
L2
...
FIO39-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...
L2
...
FIO40-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...
L2
...
FI041-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...
L2
...
FIO42-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...