C programs often rely on file to load or store data needed during program execution. File operations, such as open, read, write, and close are built into the C programming language itself to simplify how C programs manipulate files and file data. However, irregularities and inconsistencies between C programs and the underlying file system have long been a source of vulnerabilities.
Recommendations
FIO001 Use file descriptors instead of filenames
FIO002 Translate filenames into canonical form before use
FIO003 Create temporary files in restricted directories
Rules
FIO30 Check file properties securely
FIO31 Detect and handle file operation errors
FIO032 Do not create tempory files with predictable names
FIO033 Verify path and filename parameters
FIO034 Do not make assumptions about the structure of the underlying filesystem