...
Automated Detection
Compass/ROSE could can detect some violations of this rule simply by collecting all environment variables referenced by a program and reporting if two variables differ only by capitalization (eg "TEST" vs "Test"). To collect environment variables, one must scan the program looking for calls to getenv()
, setenv()
, etcrecommendation.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...