...
Failure to sanitize data passed to a complex subsystem can lead to an injection attack, data integrity issues, and a loss of sensitive data.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR02-C | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported by stubbing/taint analysis | |||||||
CodeSonar |
| IO.INJ.COMMAND | Command injection | ||||||
Coverity | 6.5 | TAINTED_STRING | Fully implemented |
5.0
Klocwork |
| NNTS.TAINTED |
LDRA tool suite |
| 108 D, 109 D | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_C-STR02-a | Protect against command injection | |||||||
Polyspace Bug Finder |
|
|
| Checks for:
|
Command argument from an unsecure source vulnerable to operating system command injection
Path argument from an unsecure source
Using a library argument from an externally controlled path
Rec. partially covered. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID STR02-CPP. Sanitize data passed to complex subsystems |
CERT Oracle Secure Coding Standard for Java | IDS00-J. Prevent SQL injection |
MITRE CWE | CWE-88, Argument injection or modification CWE-78, Failure to sanitize data into an OS command (aka "OS command injection") |
Bibliography
...
...