Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

Comment: added taint mode enforcement properties

...

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
IDS34-PL	high	probable	medium	P18	L1

Automated Detection

Tool	Diagnostic
Taint mode	Insecure dependency in (system\|piped open)

Related Guidelines

CERT C Secure Coding Standard: ENV04-C. Do not call system() if you do not need a command processor
CERT C++ Secure Coding Standard: ENV04-CPP. Do not call system() if you do not need a command processor
The CERT Oracle Secure Coding Standard for Java: IDS07-J. Do not pass untrusted, unsanitized data to the Runtime.exec() method

...