SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 53

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added Rose checker algorithm

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Compass/ROSE could detect some violations of this rule simply by collecting all environment variables referenced by a program and reporting if two variables differ only by capitalization (eg "TEST" vs "Test").

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYS Executing or Loading Untrusted Code"
\[[MSDN|AA. C References#MSDN]\] [{{getenv()}}|http://msdn.microsoft.com/en-us/library/tehxacec(VS.71).aspx]

...