Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Recommendations

FIO00-A. Blah blah blah

FIO01-A. Prefer functions that do not rely on file names for identification

FIO02-A. Canonicalize file names originating from untrusted sources

FIO03-A. Do not make assumptions about fopen() and file creation

Rules

FIO30-C. Exclude user input from format strings

FIO32-C. Temporary file names must be unique when the file is created

FIO33-C. Detect and handle input output errors resulting in undefined behavior

Risk Assessment Summary

Recommendations

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO01-A

3 (high)

2 (likely)

1 (high)

P6

L2

FIO02-A

3 (high)

1 (unlikely)

1 (high)

P3

L3

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO30-C

3 (high)

3 (probable)

3 (low)

P27

L1

FIO32-C

3 (high)

2 (probable)

1 (medium)

P6

L2

  • No labels