...
Tool | Version | Checker | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| stdlib-use-system | Fully checked | ||||||||||||
Axivion Bauhaus Suite |
| CertC-ENV33 | |||||||||||||
Clang |
| cert-env33-c | Checked by clang-tidy | ||||||||||||
CodeSonar |
| BADFUNC.PATH.SYSTEM | Use of system | ||||||||||||
Compass/ROSE | |||||||||||||||
Coverity |
| DONT_CALL | Implemented | ||||||||||||
Helix QAC |
| C5018 C++5031 | |||||||||||||
Klocwork |
| SV.CODE_INJECTION.SHELL_EXEC | |||||||||||||
LDRA tool suite |
| 588 S | Fully implemented | ||||||||||||
Parasoft C/C++test |
| CERT_C-ENV33-a | Do not call the 'system()' function from the 'stdlib.h' or 'cstdlib' library with an argument other than '0' (null pointer) | ||||||||||||
PC-lint Plus |
| 586 | Fully supported | ||||||||||||
Polyspace Bug Finder |
| Checks for unsafe call to a system function (rule fully covered) | PRQA QA-C | Include Page | | PRQA QA-C_v | 5018 | Partially implemented | |||||||
RuleChecker |
| stdlib-use-system | Fully checked | ||||||||||||
SonarQube C/C++ Plugin |
| S990 | Detects uses of "abort", "exit", "getenv" and "system" from <stdlib.h> |
...
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C Secure Coding Standard | ENV03-C. Sanitize the environment when invoking external programs. | Prior to 2018-01-12: CERT: Unspecified Relationship |
CERT C++ Coding Standard | ENV02-CPP. Do not call system() if you do not need a command processor | Prior to 2018-01-12: CERT: Unspecified Relationship |
CERT Oracle Secure Coding Standard for Java | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TR 24772:2013 | Unquoted Search Path or Element [XZQ] | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TS 17961:2013 | Calling system [syscall] | Prior to 2018-01-12: CERT: Unspecified Relationship |
CWE 2.11 | CWE-88, Argument Injection or Modification | 2017-05-18: CERT: Partial overlap |
CWE 2.11 | CWE-676 | 2017-05-18: CERT: Rule subset of CWE |
...