Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security checkers

CERT C Secure Coding Standard

BUFFER_SIZE

STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator, ARR33-C. Guarantee that copies are made into storage of sufficient size

CHROOT

Out of scope

OPEN_ARGS

FIO03-AC. Do not make assumptions about fopen() and file creation

READLINK

POS30-C. Use the readlink() function properly

SECURE_CODING

STR35-C. Do not copy data from an unbounded source to a fixed-length array, others?

SECURE_TEMP

FIO43-C. Do not create temporary files in shared directories, VOID TMP32-C. Temporary files must be opened with exclusive access, VOID TMP33-C. Temporary files must be removed before the program exits, TMPxx-C. Temporary file names must be unique when the file is created

STRING_OVERFLOW

STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator

STRING_NULL

STR32-C. Null-terminate byte strings as required

STRING_SIZE

STR31-C. Guarantee that storage for strings has sufficient space for character data and the NULL terminator

TAINTED_SCALAR

ARR30-C. Guarantee that array indices are within the valid range, INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data, INT32-C. Ensure that operations on signed integers do not result in overflow

TAINTED_STRING

STR02-C. Sanitize data passed to complex subsystems, FIO30-C. Exclude user input from format strings, FIO02-C. Canonicalize path names originating from untrusted sources

TOCTOU

FIO03-AC. Do not make assumptions about fopen() and file creation, FIO01-C. Be careful using functions that use file names for identification, FIO08-A. Take care when calling remove() on an open file, others?

USER_POINTER

No equivalent