Page History

Content by Label

showLabels	false
maxResults	99
label	+fio,+rule,-void
showSpace	false
sort	title
space	com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
cql	label = "fio" and label = "rule" and label != "void" and space = currentSpace()

Info
Information for Editors To have a new guideline automatically listed above be sure to label it fio and rule.

Risk Assessment Summary

Rule	Severity	Likelihood	Detectable	Repairable	Priority	Level
FIO30-C	High	Likely	Yes	No	P18	L1
FIO32-C	Medium	Unlikely	No	No	P2	L3
FIO34-C	High	Probable	Yes	Yes	P18	L1
FIO37-C	High	Probable	Yes	Yes	P18	L1
FIO38-C	Low	Probable	Yes	No	P4	L3
FIO39-C	Low	Likely	Yes	No	P6	L2
FIO40-C	Low	Probable	Yes	Yes	P6	L2
FIO41-C	Low	Unlikely	Yes	Yes	P3	L3
FIO42-C	Medium	Unlikely	No	No	P2	L3
FIO44-C	Medium	Unlikely	No	No	P2	L3
FIO45-C	High	Probable	No	No	P6	L2
FIO46-C	Medium	Unlikely	No	No	P2	L3
FIO47-C	High	Unlikely	Yes	No	P6	L2

Recommendations

FIO00-C. Take care when creating format strings

FIO01-C. Be careful using functions that use file names for identification

FIO02-C. Canonicalize path names originating from untrusted sources

FIO03-C. Do not make assumptions about fopen() and file creation

FIO04-C. Detect and handle input and output errors

FIO05-C. Identify files using multiple file attributes

FIO06-C. Create files with appropriate access permissions

FIO07-C. Prefer fseek() to rewind()

FIO08-C. Take care when calling remove() on an open file

FIO09-C. Be careful with binary data when transferring data across systems

FIO10-C. Take care when using the rename() function

FIO11-C. Take care when specifying the mode parameter of fopen()

FIO12-C. Prefer setvbuf() to setbuf()

FIO13-C. Never push back anything other than one read character

FIO14-C. Understand the difference between text mode and binary mode with file streams

FIO15-C. Ensure that file operations are performed in a secure directory

FIO16-C. Limit access to files by creating a jail

FIO17-C. Be aware of unspecified behavior when using the %a or %A conversion specifiers

Rules

FIO30-C. Exclude user input from format strings

FIO31-C. Do not simultaneously open the same file multiple times

FIO32-C. Do not perform operations on devices that are only appropriate for files

FIO33-C. Detect and handle input output errors resulting in undefined behavior

FIO34-C. Use int to capture the return value of character IO functions

FIO35-C. Use feof() and ferror() to detect end-of-file and file errors when sizeof(int) == sizeof(char)

FIO36-C. Do not assume a new-line character is read when using fgets()

FIO37-C. Do not assume character data has been read

FIO38-C. Do not use a copy of a FILE object for input and output

FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call

FIO40-C. Reset strings on fgets() failure

FIO41-C. Do not call getc() or putc() with stream arguments that have side effects

FIO42-C. Ensure files are properly closed when they are no longer needed

FIO43-C. Do not create temporary files in shared directories

FIO44-C. Only use values for fsetpos() that are returned from fgetpos()

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
FIO00-C	high	unlikely	medium	P6	L2
FIO01-C	medium	likely	medium	P12	L1
FIO02-C	medium	probable	medium	P8	L2
FIO03-C	medium	probable	high	P4	L3
FIO04-C	medium	probable	high	P4	L3
FIO05-C	medium	probable	medium	P8	L2
FIO06-C	medium	probable	high	P4	L3
FIO07-C	low	unlikely	low	P3	L3
FIO08-C	medium	probable	high	P4	L3
FIO09-C	medium	probable	high	P4	L3
FIO10-C	medium	probable	medium	P8	L2
FIO11-C	medium	probable	medium	P8	L2
FIO12-C	low	unlikely	medium	P2	L3
FIO13-C	medium	probable	high	P4	L3
FIO14-C	low	probable	high	P2	L3
FIO15-C	high	probable	high	P6	L2
FIO16-C	medium	probable	high	P4	L3

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
FIO30-C	high	likely	medium	P18	L1
FIO31-C	medium	probable	high	P4	L3
FIO32-C	medium	unlikely	medium	P4	L3
FIO33-C	high	probable	medium	P12	L1
FIO34-C	high	probable	medium	P12	L1
FIO35-C	low	unlikely	medium	P2	L3
FIO36-C	medium	likely	medium	P12	L1
FIO37-C	high	probable	medium	P12	L1
FIO38-C	low	probable	medium	P4	L3
FIO39-C	low	likely	medium	P6	L2
FIO40-C	low	probable	medium	P4	L3
FIO41-C	low	unlikely	medium	P2	L3
FIO42-C	medium	unlikely	medium	P4	L3
FIO43-C	high	probable	medium	P12	L1
FIO44-C	medium	unlikely	medium	P4	L3

Related Rules and Recommendations

Navigation Map

	fio
	fio
cellWidth	700
wrapAfter	1
cellHeight	15

...

Image Modified CERT C Secure Coding Standard FIO00-C. Take care when creating format strings Image Added Image Added

Space shortcuts

Page tree

Versions Compared

Old Version 257

New Version Current

Key

Risk Assessment Summary

Recommendations

Rules

Risk Assessment Summary

Related Rules and Recommendations