...
| CERT C Secure Coding Standard | FIO01-C. Be careful using functions that use file names for identification FIO07-C. Prefer fseek() to rewind() FIO12-C. Prefer setvbuf() to setbuf() INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs INT06-C. Use strtol() or a related function to convert a string token to an integer MSC34-C. Do not use deprecated or obsolete functions STR06-C. Do not assume that strtok() leaves the parse string unchanged STR07-C. Use TR 24731 for remediation of existing string manipulation code |
| ISO/IEC TR 24772 | Use of Libraries [TRJ] |
| ISO/IEC TR 24731-1:2007 | |
| MISRA-C | Rule 20.4 |
| MITRE CWE | CWE-20, Insufficient input validation CWE-73, External control of file name or path CWE-192, Integer coercion error CWE-197, Numeric truncation error CWE-367, Time-of-check, time-of-use race condition CWE-464, Addition of data structure sentinel CWE-676, Use of potentially dangerous function |
...