SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Content by Label
showLabelsfalse
maxResults99
label+env,+rule,-void
showSpacefalse
sorttitle
spacecom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
cqllabel = "rule" and label = "env" and label != "void" and space = currentSpace()

Info

Information for Editors
In order to have a new guideline automatically listed above be sure to label it env and rule.

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

ENV30-CLowProbableNoNo

P2

L3

ENV31-CLowProbableYesNo

P4

L3

ENV32-CMediumLikelyYesNo

P12

L1

ENV33-CHighProbableYesNo

P12

L1

ENV34-CLowProbableYesNo

P4

L3

Related Rules and Recommendations

Navigation Map
env
env
cellWidth700
wrapAfter1
cellHeight15

...

Image Added Image Added Image Added

This section identifies rules and recommendations related to the functions defined in C99 Section 7.20.4, "Communication with the environment".

Recommendations

ENV00-A. Do not store the pointer to the string returned by getenv()

ENV01-A. Do not make assumptions about the size or value of an environment variable

ENV02-A. Beware of multiple environment variables with the same name

ENV03-A. Sanitize the environment before invoking external programs

ENV04-A. Do not call the system() function

Rules

ENV30-C. Do not modify the string returned by getenv()

ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it

ENV32-C. Do not call the exit() function more than once

ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit()

POSIX

ENV80-C. Don't call putenv() with an automatic variable as the argument

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV01-A

3 (high)

2 (probable)

1 (high)

P6

L2

ENV02-A

3 (high)

1 (unlikely)

1 (high)

P3

L3

ENV03-A

3 (high)

2 (probable)

1 (high)

P6

L2

ENV04-A

2 (medium)

2 (probable)

1 (high)

P4

L3

ENV05-A

2 (medium)

2 (probable)

2 (medium)

P8

L2

ENV06-A

2 (high)

2 (probable)

2 (medium)

P8

L2

Rules

...

Rule

...

Severity

...

Likelihood

...

Remediation Cost

...

Priority

...

Level

...

ENV30-C

...

3 (high)

...

3 (probable)

...

3 (low)

...

P27

...

L1

...

ENV32-C

...

3 (high)

...

2 (probable)

...

1 (high)

...

P6

...

L2

...

ENV33-C

...

1 (low)

...

1 (unlikely)

...

3 (medium)

...

P3

...

L3

...

ENV34-C

...

2 (medium)

...

2 (probable)

...

2 (medium)

...

P8

...

L2

...

ENV35-C

...

1 (low)

...

1 (unlikely)

...

2 (medium)

...

P2

...

L3

...

ENV36-A

...

1 (low)

...

1 (unlikely)

...

3 (low)

...

P3

...