SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 53

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 54

changes.mady.by.user Alex Volkovitsky

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ENV02-C

low

unlikely

medium

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Compass/ROSE could detect some violations of this rule simply by collecting all environment variables referenced by a program and reporting if two variables differ only by capitalization (eg "TEST" vs "Test").

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4, "Communication with the environment"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYS Executing or Loading Untrusted Code"
\[[MSDN|AA. C References#MSDN]\] [{{getenv()}}|http://msdn.microsoft.com/en-us/library/tehxacec(VS.71).aspx]

...