CERT C++ Secure Coding Section 09 - Input Output (FIO)

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to rules in the Input Output (FIO) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.

Weaknesses

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be...

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...

Creation of Temporary File in Directory with Insecure Permissions

The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

Duplicate Operations on Resource

The product performs the same operation on a resource two or more times, when the operation should only be applied once.

Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descript...

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Improper Handling of Unexpected Data Type

The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

Improper Handling of Windows Device Names

The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This t...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but...

Improper Link Resolution Before File Access ('Link Following')

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an un...

Improper Resolution of Path Equivalence

The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file an...

Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

Improper Restriction of Operations within the Bounds of a Memory Buffer

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Incorrect Execution-Assigned Permissions

While it is executing, the software sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Path Traversal: '/absolute/pathname/here'

A software system that accepts input in the form of a slash absolute path ('/absolute/pathname/here') without appropriate validation can allow an attacker to traverse ...

Path Traversal: '\absolute\pathname\here'

A software system that accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation can allow an attacker to trave...

Path Traversal: 'C:dirname'

An attacker can inject a drive letter or Windows volume letter ('C:dirname') into a software system to potentially redirect access to an unintended location or arbitra...

Time-of-check Time-of-use (TOCTOU) Race Condition

The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the...

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

UNIX Hard Link

The software, when opening a file or directory, does not sufficiently account for when the name is associated with a hard link to a target that is outside of the inten...

Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

Use of Potentially Dangerous Function

The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Windows Hard Link

The software, when opening a file or directory, does not sufficiently handle when the name is associated with a hard link to a target that is outside of the intended c...

Windows Shortcut Following (.LNK)

The software, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control...

Concepts

Deprecated or Obsolete

Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016.

See Also

  1. 09. Input Output (FIO)

    CERT


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.