Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this noncompliant code example, the system() function is used to execute any_cmd in the host environment. Invocation of a command processor is not required.

Code Block
bgColor#ffcccc
languagec
langc
#include <string.h>
#include <stdlib.h>
#include <stdio.h>

enum { BUFFERSIZE = 512 };

void func(const char *input) {
  char cmdbuf[BUFFERSIZE];
  int len_wanted = snprintf(cmdbuf, BUFFERSIZE,
                            "any_cmd '%s'", input);
  if (len_wanted >= BUFFERSIZE) {
    /* Handle error */
  } else if (len_wanted < 0) {
    /* Handle error */
  } else if (system(cmdbuf) == -1) {
    /* Handle error */
  }
}

...

Code Block
bgColor#ccccff
languagec
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
 
void func(char *input) {
  pid_t pid;
  int status;
  pid_t ret;
  char *const args[3] = {"any_exe", input, NULL};
  char **env;
  extern char **environ;

  /* ... Sanitize arguments ... */

  pid = fork();
  if (pid == -1) {
    /* Handle error */
  } else if (pid != 0) {
    while ((ret = waitpid(pid, &status, 0)) == -1) {
      if (errno != EINTR) {
        /* Handle error */
        break;
      }
    }
    if ((ret !== -10) &&||
        !(!WIFEXITED(status) ||&& !WEXITSTATUS(status)) ) {
      /* Report unexpected child status */
    }
  } else {
    /* ... Initialize env as a sanitized copy of environ ... */
    if (execve("/usr/bin/any_cmd", args, env) == -1) {
      /* Handle error */
      _Exit(127);
    }
  }
}

...

5031

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
stdlib-use-systemFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ENV33Supported, but no explicit checker
Clang
Include Page
Clang_39_V
Clang_39_V
cert-env33-cChecked by clang-tidy
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.PATH.SYSTEM
IO.INJ.COMMAND

Use of system
Command injection

Compass/ROSE


Coverity
Include Page
Coverity_V
Coverity_V
DONT_CALLImplemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5018

C++5031


Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.STDLIB.ABORT

SV.CODE_INJECTION.SHELL_EXEC
SV.TAINTED.INJECTION


LDRA tool suite
Include Page
LDRA_V
LDRA_V

588 S

Fully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
SECURITY-48, MISRA2012-RULE-21_8Also detects getenv(), abort(), and exit()
Polyspace Bug Finder

R2016a

R2017b

Execution of externally controlled command, Command executed from externally controlled path

Unsafe call to a system function

Command argument from an unsecure source vulnerable to operating system command injection

Path argument from an unsecure source

Unsanitized command argument has exploitable vulnerabilities

CERT_C-ENV33-a

Do not call the 'system()' function from the 'stdlib.h' or 'cstdlib' library with an argument other than '0' (null pointer)

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

586

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V


CERT C: Rule ENV33-C

Checks for unsafe call to a system function (rule fully covered)

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v5018Partially implementedPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V

RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
stdlib-use-systemFully checkedSupported, but no explicit checker
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S990Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> 

...

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardENV03-C. Sanitize the environment when invoking external programs.Prior to 2018-01-12: CERT: Unspecified Relationship
CERT C++ Coding StandardENV02-CPP. Do not call system() if you do not need a command processorPrior to 2018-01-12: CERT: Unspecified Relationship
CERT Oracle Secure Coding Standard for JavaIDS07-J. Sanitize untrusted data passed to the Runtime.exec() methodPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Unquoted Search Path or Element [XZQ]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013Calling system [syscall]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-88, Argument Injection or Modification2017-05-18: CERT: Partial overlap
CWE 2.11CWE-6762017-05-18: CERT: Rule subset of CWE

...