...
Automated Detection
Compass/ROSE could can detect violations of this rule by noting attempts to modify any variable that holds the result of getenv(). A stronger approach would be to report if . In particular, it ensures that the result of getenv() is assigned to a (non-const) char*stored into a const variable.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...