FIO00-C. Take care when creating format strings
FIO01-C. Be careful using functions that use file names for identification
FIO02-C. Canonicalize path names originating from untrusted sources
FIO03-C. Do not make assumptions about fopen() and file creation
FIO04-C. Detect and handle input and output errors
FIO05-C. Identify files using multiple file attributes
FIO06-C. Create files with appropriate access permissions
FIO07-C. Prefer fseek() to rewind()
FIO08-C. Take care when calling remove() on an open file
FIO09-C. Be careful with binary data when transferring data across systems
FIO10-C. Take care when using the rename() function
FIO11-C. Take care when specifying the mode parameter of fopen()
FIO12-C. Prefer setvbuf() to setbuf()
FIO13-C. Never push back anything other than one read character
FIO14-C. Understand the difference between text mode and binary mode with file streams
FIO15-C. Ensure that file operations are performed in a secure directory
FIO16-C. Limit access to files by creating a jail
FIO17-C. Do not rely on an ending null character when using fread()
FIO18-C. Never expect fwrite() to terminate the writing process at a NULL character
FIO30-C. Exclude user input from format strings
FIO31-C. Do not simultaneously open the same file multiple times
FIO32-C. Do not perform operations on devices that are only appropriate for files
FIO33-C. Detect and handle input output errors resulting in undefined behavior
FIO34-C. Use int to capture the return value of character IO functions
FIO36-C. Do not assume a new-line character is read when using fgets()
FIO37-C. Do not assume character data has been read
FIO38-C. Do not use a copy of a FILE object for input and output
FIO40-C. Reset strings on fgets() failure
FIO41-C. Do not call getc() or putc() with stream arguments that have side effects
FIO42-C. Ensure files are properly closed when they are no longer needed
FIO43-C. Do not create temporary files in shared directories
FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO00-C |
high |
unlikely |
medium |
P6 |
L2 |
FIO01-C |
medium |
likely |
medium |
P12 |
L1 |
FIO02-C |
medium |
probable |
medium |
P8 |
L2 |
FIO03-C |
medium |
probable |
high |
P4 |
L3 |
FIO04-C |
medium |
probable |
high |
P4 |
L3 |
FIO05-C |
medium |
probable |
medium |
P8 |
L2 |
FIO06-C |
medium |
probable |
high |
P4 |
L3 |
FIO07-C |
low |
unlikely |
low |
P3 |
L3 |
FIO08-C |
medium |
probable |
high |
P4 |
L3 |
FIO09-C |
medium |
probable |
high |
P4 |
L3 |
FIO10-C |
medium |
probable |
medium |
P8 |
L2 |
FIO11-C |
medium |
probable |
medium |
P8 |
L2 |
FIO12-C |
low |
unlikely |
medium |
P2 |
L3 |
FIO13-C |
medium |
probable |
high |
P4 |
L3 |
FIO14-C |
low |
probable |
high |
P2 |
L3 |
FIO15-C |
high |
probable |
high |
P6 |
L2 |
FIO16-C |
medium |
probable |
high |
P4 |
L3 |
FIO17-C |
low |
likely |
medium |
P6 |
L2 |
FIO18-C |
low |
likely |
medium |
P6 |
L2 |
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
FIO30-C |
high |
likely |
medium |
P18 |
L1 |
FIO31-C |
medium |
probable |
high |
P4 |
L3 |
FIO32-C |
medium |
unlikely |
medium |
P4 |
L3 |
FIO33-C |
high |
probable |
medium |
P12 |
L1 |
FIO34-C |
high |
probable |
medium |
P12 |
L1 |
FIO35-C |
low |
unlikely |
medium |
P2 |
L3 |
FIO36-C |
medium |
likely |
medium |
P12 |
L1 |
FIO37-C |
high |
probable |
medium |
P12 |
L1 |
FIO38-C |
low |
probable |
medium |
P4 |
L3 |
FIO39-C |
low |
likely |
medium |
P6 |
L2 |
FIO40-C |
low |
probable |
medium |
P4 |
L3 |
FIO41-C |
low |
unlikely |
medium |
P2 |
L3 |
FIO42-C |
medium |
unlikely |
medium |
P4 |
L3 |
FIO43-C |
high |
probable |
medium |
P12 |
L1 |
FIO44-C |
medium |
unlikely |
medium |
P4 |
L3 |
CERT C Secure Coding Standard FIO00-C. Take care when creating format strings