 
                            | Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 
 | 
| Info | 
|---|
| Information for Editors | 
Risk Assessment Summary
| Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level | 
|---|---|---|---|---|---|---|
| ENV30-C | Low | Probable | No | No | P2 | L3 | 
| ENV31-C | Low | Probable | Yes | No | P4 | L3 | 
| ENV32-C | Medium | Likely | Yes | No | P12 | L1 | 
| ENV33-C | High | Probable | Yes | No | P12 | L1 | 
| ENV34-C | Low | Probable | Yes | No | P4 | L3 | 
Related Rules and Recommendations
| Navigation Map | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| 
 | 
...
This section identifies rules and recommendations related to the functions defined in C99 Section 7.20.4, "Communication with the environment".
Recommendations
ENV00-A. Do not store the pointer to the string returned by getenv()
ENV01-A. Do not make assumptions about the size of an environment variable
ENV02-A. Beware of multiple environment variables with the same name
ENV03-A. Sanitize the environment before invoking external programs
ENV04-A. Do not call the system() or popen() functions
Rules
ENV30-C. Do not modify the string returned by getenv()
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV32-C. Do not call the exit() function more than once
ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit()
POSIX
ENV80-C. Do not call putenv() with an automatic variable as the argument (POSIX)
Risk Assessment Summary
Recommendations
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| ENV01-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 | 
| ENV02-A | 3 (high) | 1 (unlikely) | 1 (high) | P3 | L3 | 
| ENV03-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 | 
| ENV04-A | 2 (medium) | 2 (probable) | 1 (high) | P4 | L3 | 
| ENV05-A | 2 (medium) | 2 (probable) | 2 (medium) | P8 | L2 | 
| ENV06-A | 2 (high) | 2 (probable) | 2 (medium) | P8 | L2 | 
Rules
...
Rule
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
ENV30-C
...
3 (high)
...
3 (probable)
...
3 (low)
...
P27
...
L1
...
ENV32-C
...
3 (high)
...
2 (probable)
...
1 (high)
...
P6
...
L2
...
ENV33-C
...
1 (low)
...
1 (unlikely)
...
3 (medium)
...
P3
...
L3
...
ENV34-C
...
2 (medium)
...
2 (probable)
...
2 (medium)
...
P8
...
L2
...
ENV35-C
...
1 (low)
...
1 (unlikely)
...
2 (medium)
...
P2
...
L3
...
ENV36-A
...
1 (low)
...
1 (unlikely)
...
3 (low)
...
P3
...
L3
...
ENV80-C
...
3 (high)
...
1 (unlikely)
...
1 (high)
...
P3
...