SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 136

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version 137

changes.mady.by.user Will Snavely

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardENV03-C. Sanitize the environment when invoking external programs.
SEI CERT C++ Coding StandardENV02-CPP. Do not call system() if you do not need a command processor
CERT Oracle Secure Coding Standard for JavaIDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
ISO/IEC TR 24772:2013Unquoted Search Path or Element [XZQ]
ISO/IEC TS 17961:2013Calling system [syscall]
MITRE CWECWE-78, Improper Neutralization of Special Elements Used in an OS Command (aka "OS Command Injection")
CWE-88, Argument Injection or Modification

...