SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 242

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Content by Label
showLabelsfalse
maxResults99
label+fio,+rule,-void
showSpacefalse
sorttitle
spacecom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
cqllabel = "fio" and label = "rule" and label != "void" and space = currentSpace()

Info

Information for Editors
To have a new guideline automatically listed above be sure to label it fio and rule.

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

FIO30-CHighLikelyYesNo

P18

L1

FIO32-CMediumUnlikelyNoNo

P2

L3

FIO34-CHighProbableYesYes

P18

L1

FIO37-CHighProbableYesYes

P18

L1

FIO38-CLowProbableYesNo

P4

L3

FIO39-CLowLikelyYesNo

P6

L2

FIO40-CLowProbableYesYes

P6

L2

FIO41-CLowUnlikelyYesYes

P3

L3

FIO42-CMediumUnlikelyNoNo

P2

L3

FIO44-CMediumUnlikelyNoNo

P2

L3

FIO45-CHighProbableNoNo

P6

L2

FIO46-CMediumUnlikelyNoNo

P2

L3

FIO47-CHighUnlikelyYesNo

P6

L2

Recommendations

FIO00-A. Take care when creating format strings

FIO01-A. Be careful using functions that use file names for identification

FIO02-A. Canonicalize path names originating from untrusted sources

FIO03-A. Do not make assumptions about fopen() and file creation

FIO04-A. Detect and handle input and output errors

FIO05-A. Identify files using multiple file attributes

FIO06-A. Create files with appropriate access permissions

FIO07-A. Prefer fseek() to rewind()

FIO08-A. Take care when calling remove() on an open file

FIO09-A. Be careful with binary data when transferring data across systems

FIO10-A. Take care when using the rename() function

FIO11-A. Take care when specifying the mode parameter of fopen()

FIO12-A. Prefer setvbuf() to setbuf()

FIO13-A. Never push back anything other than one read character.

FIO14-A. Understand the difference between text mode and binary mode with file streams

FIO15-A. Do not create temporary files in shared directories

FIO16-A. Limit access to files by creating a jail

Rules

FIO30-C. Exclude user input from format strings

FIO31-C. Do not simultaneously open the same file multiple times

FIO32-C. Do not perform operations on devices that are only appropriate for files

FIO33-C. Detect and handle input output errors resulting in undefined behavior

FIO34-C. Use int to capture the return value of character IO functions

FIO35-C. Use feof() and ferror() to detect end-of-file and file errors when sizeof(int) == sizeof(char)

FIO36-C. Do not assume a newline character is read when using fgets()

FIO37-C. Don't assume character data has been read

FIO38-C. Do not use a copy of a FILE object for input and output

FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call

FIO40-C. Reset strings on fgets() failure

FIO41-C. Do not call getc() or putc() with stream arguments that have side effects

FIO42-C. Ensure files are properly closed when they are no longer needed

FIO43-C. Handle temporary files securely

FIO44-C. Only use values for fsetpos() that are returned from fgetpos()

Risk Assessment Summary

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO00-A

low

unlikely

medium

P2

L3

FIO01-A

medium

probable

high

P4

L3

FIO02-A

medium

unlikely

high

P2

L3

FIO03-A

medium

probable

high

P4

L3

FIO04-A

medium

probable

high

P4

L3

FIO05-A

medium

probable

medium

P8

L2

FIO06-A

medium

unlikely

medium

P4

L3

FIO07-A

low

unlikely

medium

P2

L3

FIO08-A

medium

unlikely

medium

P4

L3

FIO09-A

low

unlikely

medium

P2

L3

FIO10-A

medium

probable

medium

P8

L2

FIO11-A

low

probable

low

P6

L2

FIO12-A

low

unlikely

medium

P2

L3

FIO13-A

medium

probable

high

P4

L3

FIO14-A

low

probable

medium

P4

L3

FIO15-A

high

probable

high

P6

L2

FIO16-A

medium

probable

high

P4

L3

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO30-C

high

likely

low

P27

L1

FIO31-C

medium

probable

medium

P8

L2

FIO32-C

medium

unlikely

medium

P4

L3

FIO33-C

high

unlikely

medium

P6

L2

FIO34-C

high

probable

medium

P12

L1

FIO35-C

low

unlikely

medium

P2

L3

FIO36-C

medium

unlikely

low

P6

L2

FIO37-C

high

unlikely

medium

P6

L2

FIO38-C

low

probable

medium

P4

L3

FIO39-C

medium

probable

medium

P8

L2

FIO40-C

low

unlikely

medium

P2

L3

FIO41-C

low

unlikely

medium

P2

L3

FIO42-C

medium

unlikely

medium

P4

L3

FIO43-C

high

probable

high

P6

L2

FIO44-C

medium

unlikely

medium

P4

L3

Related Rules and Recommendations

Navigation Map
fio
fio
cellWidth700
wrapAfter1
cellHeight15

...

Image Modified      08. Memory Management (MEM)       FIO00-A. Take care when creating format strings Image Added Image Added