Recommendations
FIO01-A. Prefer functions that do not rely on file names for identification
FIO02-A. Canonicalize file names originating from untrusted sources
FIO03-A. Do not make assumptions about fopen() and file creation
Rules
FIO30-C. Exclude user input from format strings
FIO32-C. Temporary file names must be unique when the file is created
FIO33-C. Detect and handle input output errors resulting in undefined behavior
Risk Assessment Summary
Recommendations
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO01-A |
3 (high) |
2 (likely) |
1 (high) |
P6 |
L2 |
FIO02-A |
3 (high) |
1 (unlikely) |
1 (high) |
P3 |
L3 |
Rules
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
FIO30-C |
3 (high) |
3 (probable) |
3 (low) |
P27 |
L1 |
FIO32-C |
3 (high) |
2 (probable) |
1 (medium) |
P6 |
L2 |