...
Tool | Version | Checker | Description | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported by stubbing/taint analysis | ||||||||||||||
CodeSonar |
| IO.INJ.COMMAND | Command injection | |||||||||||||
Coverity | 6.5 | TAINTED_STRING | Fully implemented | |||||||||||||
Klocwork |
| NNTS.TAINTED | ||||||||||||||
LDRA tool suite |
| 108 D, 109 D | Partially implemented | |||||||||||||
Parasoft C/C++test |
| CERT_C-STR02-a | Protect against command injection | |||||||||||||
Polyspace Bug Finder |
| 9.5 | BD-SECURITY-{TDCMD,TDFNAMES,TDSQL}
|
| Checks for: R2016a
Command argument from an unsecure source vulnerable to operating system command injection Path argument from an unsecure source Using a library argument from an externally controlled pathRec. partially covered. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...