...
In this noncompliant code example, the system()
function is used to execute any_cmd
in the host environment. Invocation of a command processor is not required.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
#include <string.h> #include <stdlib.h> #include <stdio.h> enum { BUFFERSIZE = 512 }; void func(const char *input) { char cmdbuf[BUFFERSIZE]; int len_wanted = snprintf(cmdbuf, BUFFERSIZE, "any_cmd '%s'", input); if (len_wanted >= BUFFERSIZE) { /* Handle error */ } else if (len_wanted < 0) { /* Handle error */ } else if (system(cmdbuf) == -1) { /* Handle error */ } } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
#include <sys/types.h> #include <sys/wait.h> #include <unistd.h> #include <errno.h> #include <stdlib.h> void func(char *input) { pid_t pid; int status; pid_t ret; char *const args[3] = {"any_exe", input, NULL}; char **env; extern char **environ; /* ... Sanitize arguments ... */ pid = fork(); if (pid == -1) { /* Handle error */ } else if (pid != 0) { while ((ret = waitpid(pid, &status, 0)) == -1) { if (errno != EINTR) { /* Handle error */ break; } } if ((ret !== -10) &&|| !(!WIFEXITED(status) ||&& !WEXITSTATUS(status)) ) { /* Report unexpected child status */ } } else { /* ... Initialize env as a sanitized copy of environ ... */ if (execve("/usr/bin/any_cmd", args, env) == -1) { /* Handle error */ _Exit(127); } } } |
...
Tool | Version | Checker | Description | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checker | stdlib-use-system | Fully checked | ||||||||||||||||
Axivion Bauhaus Suite |
| CertC-ENV33 | ||||||||||||||||||
Clang |
| cert-env33 | Clang | Include Page | | Clang_39_V | Clang_39_V | Checked by clang-tidy | ||||||||||||
CodeSonar |
| BADFUNC.PATH.SYSTEM | Use of system | |||||||||||||||||
Compass/ROSE | ||||||||||||||||||||
Coverity |
| DONT_CALL | Implemented | |||||||||||||||||
Helix QAC |
| C5018 C++5031 | ||||||||||||||||||
Klocwork |
| SV.CODE_INJECTION.SHELL_EXEC | ||||||||||||||||||
LDRA tool suite |
| 588 S | Fully implemented | |||||||||||||||||
Parasoft C/C++test |
| SECURITY-48, MISRA2012-RULE-21_8 | Also detects getenv(), abort(), and exit() | |||||||||||||||||
Polyspace Bug Finder | R2016a | Execution of externally controlled command, Command executed from externally controlled path | Command argument from an unsecure source vulnerable to operating system command injection Path argument from an unsecure source | |||||||||||||||||
CERT_C-ENV33-a | Do not call the 'system()' function from the 'stdlib.h' or 'cstdlib' library with an argument other than '0' (null pointer) | |||||||||||||||||||
PC-lint Plus |
| 586 | Fully supported | |||||||||||||||||
Polyspace Bug Finder |
| Checks for unsafe call to a system function (rule fully covered) | PRQA QA-C | |||||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 5018 | Partially implemented | PRQA QA-C++ | |||||||||||||||
Include Page | cplusplus:PRQA QA-C++_V | cplusplus:PRQA QA-C++_V | 5031||||||||||||||||||
RuleChecker |
| stdlib-use-system | Fully checkedSupported, but no explicit checker | |||||||||||||||||
SonarQube C/C++ Plugin |
| S990 | Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> |
...
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C Secure Coding Standard | ENV03-C. Sanitize the environment when invoking external programs. | Prior to 2018-01-12: CERT: Unspecified Relationship |
CERT C++ Coding Standard | ENV02-CPP. Do not call system() if you do not need a command processor | Prior to 2018-01-12: CERT: Unspecified Relationship |
CERT Oracle Secure Coding Standard for Java | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TR 24772:2013 | Unquoted Search Path or Element [XZQ] | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TS 17961:2013 | Calling system [syscall] | Prior to 2018-01-12: CERT: Unspecified Relationship |
CWE 2.11 | CWE-88, Argument Injection or Modification | 2017-05-18: CERT: Partial overlap |
CWE 2.11 | CWE-676 | 2017-05-18: CERT: Rule subset of CWE |
...