SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 46

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated parasoft

...

Failing to properly close files may allow an attacker to exhaust system resources and can increase the risk that data written into in-memory file buffers will not be flushed in the event of abnormal program termination.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO42-C

Medium

Unlikely

Medium

P4

L3

Automated Detection

This rule is stricter than rule [fileclose] in ISO/IEC TS 17961:2013. Analyzers that conform to the technical standard may not detect all violations of this rule.

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
ALLOC.LEAKLeak
Compass/ROSE
  
 



Coverity
Include Page
Coverity_V
Coverity_V

RESOURCE_LEAK (partial)

Partially implemented
Klocwork
Include Page
Klocwork_V
Klocwork_V

RH.LEAK

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V

49 D

Partially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
BD-RES-LEAKS
 
Implemented
Polyspace Bug FinderR2016aResource leak

File stream not closed before FILE pointer scope ends or pointer is reassigned

SonarQube C/C++ Plugin

Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V

S2095
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT CFIO51-CPP. Close files when they are no longer neededPrior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for JavaFIO04-J. Release resources when they are no longer neededPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Failing to close files or free dynamic memory when they are no longer needed [fileclose]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-404, Improper Resource Shutdown or Release2017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-4592017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-7722017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-7732017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-7752017-07-06: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

...

  • Failure to free resources besides files or memory chunks, such as mutexes)


Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, open

...


...