 
                            ...
The improper use of strtok() is likely to result in truncated data, producing unexpected results later in program execution.
| Recommendation | Severity | Likelihood | 
|---|
| Detectable | Repairable | Priority | Level | 
|---|---|---|---|
| STR06-C | 
| Medium | Likely | 
| No | 
| No | 
| P6 | 
| L2 | 
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar | 
 | (customization) | Users who wish to avoid using  strtok()entirely can add a custom check for all uses ofstrtok(). | ||||||
| Compass/ROSE | 
Fortify SCA
5.0
Can detect violations of this rule with CERT C Rule Pack
| Helix QAC | 
| 
 | C5007 | 
| LDRA tool suite | 
 | 602 S | 
| Enhanced Enforcement | |||||||||
| Polyspace Bug Finder | 
 | Checks for string passed to strok() without copying. | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ | 
| Coding Standard | VOID STR06-CPP. Do not assume that strtok() leaves the parse string unchanged | 
| MITRE CWE | CWE-464, Addition of data structure sentinel | 
Bibliography
...
...