...
In this noncompliant code example, the system() function is used to execute any_cmd in the host environment. Invocation of a command processor is not required.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
enum { BUFFERSIZE = 512 };
void func(const char *input) {
char cmdbuf[BUFFERSIZE];
int len_wanted = snprintf(cmdbuf, BUFFERSIZE,
"any_cmd '%s'", input);
if (len_wanted >= BUFFERSIZE) {
/* Handle error */
} else if (len_wanted < 0) {
/* Handle error */
} else if (system(cmdbuf) == -1) {
/* Handle error */
}
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
void func(char *input) {
pid_t pid;
int status;
pid_t ret;
char *const args[3] = {"any_exe", input, NULL};
char **env;
extern char **environ;
/* ... Sanitize arguments ... */
pid = fork();
if (pid == -1) {
/* Handle error */
} else if (pid != 0) {
while ((ret = waitpid(pid, &status, 0)) == -1) {
if (errno != EINTR) {
/* Handle error */
break;
}
}
if ((ret !== -10) &&||
!(!WIFEXITED(status) ||&& !WEXITSTATUS(status)) ) {
/* Report unexpected child status */
}
} else {
/* ... Initialize env as a sanitized copy of environ ... */
if (execve("/usr/bin/any_cmd", args, env) == -1) {
/* Handle error */
_Exit(127);
}
}
}
|
...
Tool | Version | Checker | Description | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| stdlib-use-system | Fully checked | |||||||||||||||||
| Axivion Bauhaus Suite |
| CertC-ENV33 | ||||||||||||||||||
| Clang |
| cert-env33-c | Checked by clang-tidy | |||||||||||||||||
| CodeSonar |
| BADFUNC.PATH.SYSTEM | Use of system | |||||||||||||||||
| Compass/ROSE | ||||||||||||||||||||
| Coverity |
| DONT_CALL | Implemented | |||||||||||||||||
| Helix QAC |
| C5018 C++5031 | ||||||||||||||||||
| Klocwork |
| SV.CODE_INJECTION.SHELL_EXEC | ||||||||||||||||||
| LDRA tool suite |
| 588 S | Fully implemented | |||||||||||||||||
| Parasoft C/C++test |
| CERT_C-ENV33-aCERT_C-ENV33-b | Do Do not call the 'system() | |||||||||||||||||
| PC-lint Plus |
| 586 | Fully supported | |||||||||||||||||
| Polyspace Bug Finder |
| Checks for unsafe call to a system function (rule fully covered) | PRQA QA-C | |||||||||||||||||
| Include Page | PRQA QA-C_v | PRQA QA-C_v | 5018 | Partially implemented | PRQA QA-C++ | |||||||||||||||
| Include Page | cplusplus:PRQA QA-C++_V | cplusplus:PRQA QA-C++_V | 5031 | |||||||||||||||||
| RuleChecker |
| stdlib-use-system | Fully checked | |||||||||||||||||
| SonarQube C/C++ Plugin |
| S990 | Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> |
...
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C Secure Coding Standard | ENV03-C. Sanitize the environment when invoking external programs. | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CERT C++ Coding Standard | ENV02-CPP. Do not call system() if you do not need a command processor | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CERT Oracle Secure Coding Standard for Java | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TR 24772:2013 | Unquoted Search Path or Element [XZQ] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Calling system [syscall] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-88, Argument Injection or Modification | 2017-05-18: CERT: Partial overlap |
| CWE 2.11 | CWE-676 | 2017-05-18: CERT: Rule subset of CWE |
...