SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 161

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 162

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated parasoft

...

If the command string passed to system(), popen(), or other function that invokes a command processor is not fully sanitized, the risk of exploitation is high. In the worst case scenario, an attacker can execute arbitrary system commands on the compromised machine with the privileges of the vulnerable process.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ENV33-C

High

Probable

Medium

P12

L1

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
Clang
Include Page
Clang_39_V
Clang_39_V
cert-env33-cChecked by clang-tidy
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.PATH.SYSTEM
IO.INJ.COMMAND

Use of system
Command injection

Compass/ROSE
   



Coverity
Include Page
Coverity_V
Coverity_V
DONT_CALLImplemented
Klocwork
Include Page
Klocwork_V
Klocwork_V

MISRA.STDLIB.ABORT
SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V

588 S

Fully implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
SECURITY-48, MISRA2012-RULE-21_8Also detects getenv(), abort(), and exit()
Polyspace Bug FinderR2016a

Execution of externally controlled command, Command executed from externally controlled path

Command argument from an unsecure source vulnerable to operating system command injection

Path argument from an unsecure source

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5018Partially implemented
PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

5031

 

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
 

Supported, but no explicit checker
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S990Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardENV03-C. Sanitize the environment when invoking external programs.Prior to 2018-01-12: CERT: Unspecified Relationship
CERT CENV02-CPP. Do not call system() if you do not need a command processorPrior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for JavaIDS07-J. Sanitize untrusted data passed to the Runtime.exec() methodPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Unquoted Search Path or Element [XZQ]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Calling system [syscall]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-88, Argument Injection or Modification2017-05-18: CERT: Partial overlap
CWE 2.11CWE-6762017-05-18: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

...

  • Invocation of other dangerous functions, besides system().


Bibliography

[IEEE Std 1003.1:2013]XSH, System Interfaces, exec
XSH, System Interfaces, popen
XSH, System Interfaces, unlink
[Wheeler 2004]
 

 



...