SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 164

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 165

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The ability to determine whether an existing file has been opened or a new file has been created provides greater assurance that a file other than the intended file is not acted upon.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

FIO03-C

Medium

Probable

High

P4

L3

Automated Detection

Tool

Version

Checker

Description

Coverity6.5OPEN_ARGSFully implemented
LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Polyspace Bug Finder
R2016a

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Use of non-secure temporary file

Temporary generated file name not secure

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5012Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID FIO03-CPP. Do not make assumptions about fopen() and file creation
ISO/IEC TR 24731-1:2007Section 6.5.2.1, "The fopen_s Function"

Bibliography

[Callaghan 1995]IETF RFC 1813 NFS Version 3 Protocol Specification
[IEEE Std 1003.1:2013]System Interfaces: open
[ISO/IEC 9899:2011]Subclause 7.21.5.3, "The fopen Function"
Subclause K.3.5.2.1, "The fopen_s Function"
[Loosemore 2007]Section 12.3, "Opening Streams"
[Seacord 2013]Chapter 8, "File I/O"

...


...