 
                            Recommendations
ENV00-A. Do not store the pointer to the string returned by getenv()
ENV01-A. Do not make assumptions about the size of an environment variable
ENV02-A. Beware of multiple environment variables with the same name
ENV03-A. Sanitize the environment before invoking external programs
ENV04-A. Do not call system() if you do not need a command processor
Rules
ENV30-C. Do not modify the string returned by getenv()
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV32-C. Do not call the exit() function more than once
ENV33-C. Do not call the longjmp function to terminate a call to a function registered by atexit()
Risk Assessment Summary
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| ENV00-A | low | unlikely | medium | P2 | L3 | 
| ENV01-A | high | unlikely | low | P27 |  L1 | 
| ENV02-A | medium | unlikely | low | P6 | L2 | 
| ENV03-A | medium | probable | medium | P8 | L2 | 
| ENV04-A | high | probable | medium | P12 | L1 | 
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| ENV30-C | low | unlikely | low | P3 | L3 | 
| ENV31-C | low | unlikely | low | P3 | L3 | 
| ENV32-C | low | unlikely | low | P3 | L3 | 
| ENV33-C | low | unlikely | low | P3 | L3 | 
Related Rules and Recommendations
09. Input Output (FIO) ENV00-A. Do not store the pointer to the string returned by getenv()