...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR02-C | highHigh | likelyLikely | mediumMedium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Coverity | 6.5 | TAINTED_STRING | Fully Implemented | ||||||
5.0 |
|
| |||||||
| NNTS.TAINTED SV.TAINTED.INJECTION |
|
...
| CERT C++ Secure Coding Standard | STR02-CPP. Sanitize data passed to complex subsystems |
| CERT Oracle Secure Coding Standard for Java | IDS00-J. Sanitize untrusted data passed across a trust boundary |
| MITRE CWE | CWE-88, Argument injection or modification CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
Bibliography
...
...