SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 220

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Recommendation

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

FIO01-C

Medium

Likely

Yes

NoMedium

P12

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.RACE

IO.TAINT.FNAME

BADFUNC.TEMP.*

BADFUNC.TMPFILE_S

BADFUNC.TMPNAM_S

File System Race Condition

Tainted Filename

A collection of warning classes that report uses of library functions associated with temporary file vulnerabilities (including name issues).

Use of tmpfile_s

Use of tmpnam_s

Compass/ROSE



Can detect some violations of this recommendation. In particular, it warns when chown(), stat(), or chmod() are called on an open file

Coverity6.5TOCTOUFully implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5011
Klocwork
Include Page
Klocwork_V
Klocwork_V

SV.TOCTOU.FILE_ACCESS


LDRA tool suite
Include Page
LDRA_V
LDRA_V

592 S

Fully implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-FIO01-a
CERT_C-FIO01-c

Don't use chmod(), chown(), chgrp()
Be careful using functions that use file names for identification

...