SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 56

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.1 (sch jbop) (X_X)@==(Q_Q)@

...

The white listing approach to data sanitization is to define a list of acceptable characters and remove any character that is not acceptable. The list of valid input values is typically a predictable, well-defined set of manageable size. This example, based on the tcp_wrappers package written by Wietse Venema, illustrates shows the white listing approach.

...

Wiki Markup
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 88|http://cwe.mitre.org/data/definitions/88.html], "Argument Injection or Modification," and [CWE ID 78|http://cwe.mitre.org/data/definitions/78.html], "Failure to
Sanitize Data into an OS Command (aka 'OS Command Injection')"
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.4.6, "The system function"
\[[Viega 03|AA. C References#Viega 03]\]
\[[VU#881872|AA. C References#VU881872]\]

...

STR01-A. Adopt and implement a consistent plan for managing strings      07. Characters and Strings (STR)       STR03-A. Do not inadvertently truncate a NULLnull-terminated byte string