Skip to content

FIO32-C: enhance the query to support secure fopen usage pattern #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mbaluda opened this issue Jul 15, 2022 · 0 comments
Open

FIO32-C: enhance the query to support secure fopen usage pattern #12

mbaluda opened this issue Jul 15, 2022 · 0 comments
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address enhancement New feature or request Impact-Low Standard-CERT-C

Comments

@mbaluda
Copy link
Contributor

mbaluda commented Jul 15, 2022

Affected rules

  • FIO32-C

Description

Currently the implementation simply checks that the filename used in a call to fopen is not tainted.
However, the rule requires that certain OS-supported dynamic checks are present in the code.
We'd like to enhance this query to support some usage pattern that would allow it to be excluded from being checked.
@mbaluda mbaluda added enhancement New feature or request Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address Impact-Low labels Jul 15, 2022
@mbaluda mbaluda closed this as completed Mar 22, 2023
@mbaluda mbaluda reopened this Mar 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address enhancement New feature or request Impact-Low Standard-CERT-C
Projects
Coding Standards Public Development Board
Status: Reported
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichaelRFairhurst @mbaluda