...
Tool | Version | Checker | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported by stubbing/taint analysis | |||||||||||
CodeSonar |
| IO.INJ.COMMAND | Command injection | ||||||||||
Coverity | 6.5 | TAINTED_STRING | Fully implemented | ||||||||||
Klocwork |
| NNTS.TAINTED | |||||||||||
LDRA tool suite |
| 108 D, 109 D | Partially implemented | ||||||||||
Parasoft C/C++test |
| CERT_C-STR02-a | Protect against command injection | ||||||||||
Polyspace Bug Finder |
|
| Checks for: R2016a
Command argument from an unsecure source vulnerable to operating system command injection Path argument from an unsecure source Using a library argument from an externally controlled pathRec. partially covered. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...