CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE CATEGORY: CERT C Secure Coding (2008 Version) Section 09 - Input Output (FIO)

Category ID: 743
Status: Incomplete
+ Summary
Weaknesses in this category are related to rules in the input/output section of the CERT C Secure Coding Standard, as published in 2008. Since not all rules map to specific weaknesses, this category may be incomplete.
+ Membership
NatureTypeIDName
MemberOfViewView734Weaknesses Addressed by the CERT C Secure Coding Standard (2008 Version)
HasMemberClassClass22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberVariantVariant37Path Traversal: '/absolute/pathname/here'
HasMemberVariantVariant38Path Traversal: '\absolute\pathname\here'
HasMemberVariantVariant39Path Traversal: 'C:dirname'
HasMemberBaseBase41Improper Resolution of Path Equivalence
HasMemberBaseBase59Improper Link Resolution Before File Access ('Link Following')
HasMemberVariantVariant62UNIX Hard Link
HasMemberVariantVariant64Windows Shortcut Following (.LNK)
HasMemberVariantVariant65Windows Hard Link
HasMemberVariantVariant67Improper Handling of Windows Device Names
HasMemberClassClass119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberBaseBase134Use of Externally-Controlled Format String
HasMemberBaseBase241Improper Handling of Unexpected Data Type
HasMemberVariantVariant276Incorrect Default Permissions
HasMemberVariantVariant279Incorrect Execution-Assigned Permissions
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberBaseBase379Creation of Temporary File in Directory with Incorrect Permissions
HasMemberBaseBase391Unchecked Error Condition
HasMemberBaseBase403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
HasMemberBaseBase404Improper Resource Shutdown or Release
HasMemberBaseBase552Files or Directories Accessible to External Parties
HasMemberClassClass675Duplicate Operations on Resource
HasMemberBaseBase676Use of Potentially Dangerous Function
HasMemberVariantVariant686Function Call With Incorrect Argument Type
HasMemberClassClass732Incorrect Permission Assignment for Critical Resource
+ Notes

Relationship

In the 2008 version of the CERT C Secure Coding standard, the following rules were mapped to the following CWE IDs:

  • CWE-22 FIO02-C Canonicalize path names originating from untrusted sources
  • CWE-37 FIO05-C Identify files using multiple file attributes
  • CWE-38 FIO05-C Identify files using multiple file attributes
  • CWE-39 FIO05-C Identify files using multiple file attributes
  • CWE-41 FIO02-C Canonicalize path names originating from untrusted sources
  • CWE-59 FIO02-C Canonicalize path names originating from untrusted sources
  • CWE-62 FIO05-C Identify files using multiple file attributes
  • CWE-64 FIO05-C Identify files using multiple file attributes
  • CWE-65 FIO05-C Identify files using multiple file attributes
  • CWE-67 FIO32-C Do not perform operations on devices that are only appropriate for files
  • CWE-119 FIO37-C Do not assume character data has been read
  • CWE-134 FIO30-C Exclude user input from format strings
  • CWE-134 FIO30-C Exclude user input from format strings
  • CWE-241 FIO37-C Do not assume character data has been read
  • CWE-276 FIO06-C Create files with appropriate access permissions
  • CWE-279 FIO06-C Create files with appropriate access permissions
  • CWE-362 FIO31-C Do not simultaneously open the same file multiple times
  • CWE-367 FIO01-C Be careful using functions that use file names for identification
  • CWE-379 FIO15-C Ensure that file operations are performed in a secure directory
  • CWE-379 FIO43-C Do not create temporary files in shared directories
  • CWE-391 FIO04-C Detect and handle input and output errors
  • CWE-391 FIO33-C Detect and handle input output errors resulting in undefined behavior
  • CWE-403 FIO42-C Ensure files are properly closed when they are no longer needed
  • CWE-404 FIO42-C Ensure files are properly closed when they are no longer needed
  • CWE-552 FIO15-C Ensure that file operations are performed in a secure directory
  • CWE-675 FIO31-C Do not simultaneously open the same file multiple times
  • CWE-676 FIO01-C Be careful using functions that use file names for identification
  • CWE-686 FIO00-C Take care when creating format strings
  • CWE-732 FIO06-C Create files with appropriate access permissions
+ References
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-11-24CWE Content TeamMITRE
Modifications
Modification DateModifierOrganizationSource
2011-09-13CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Description, Name, Relationship_Notes
Previous Entry Names
Change DatePrevious Entry Name
2017-11-08CERT C Secure Coding Section 09 - Input Output (FIO)

More information is available — Please select a different filter.
Page Last Updated: November 15, 2017