Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Comment: added links to ENV rules wrt system()

...

command processor via a call to system() or similar function.
This is also addressed in ENV03-A. Sanitize the environment when running with elevated privilegesinvoking external programs.
external programs
relational databases
third-party COTS components (e.g., an enterprise resource planning subsystem)

...

For more info on the system() call, see ENV03-A. Sanitize the environment when running with elevated privilegesinvoking external programs and ENV04-A. Do not call system() if you do not need a command processor.

...