SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 124

changes.mady.by.user Dario Necco

Saved on

compared with

New Version 125

changes.mady.by.user Dario Necco

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Compass/ROSE



Could detect some violations of this rule. This rule applies only to untrusted file name strings, and ROSE cannot tell which strings are trusted and which are not. The best heuristic is to note if there is any verification of the file name before or after the fopen() call. If there is any verification, then the file opening should be preceded by an lstat() call and succeeded by an fstat() call. Although that does not enforce the rule completely, it does indicate that the coder is aware of the lstat-fopen-fstat idiom

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO32-a

Protect against file name injection

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule FIO32-CChecks for inappropriate I/O operation on device files (rule partially covered)
PRQA QA-C

Include Page
PRQA QA-C_v
PRQA QA-C_v

4921, 4922, 4923Enforced by QAC
PRQA QA-C++
 

Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

4921, 4922, 4923


Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...