Use of dangerous function

A dangerous function was called without adequate protection.

Some library and API functions can execute an arbitrary command. Care should be taken to ensure that this cannot lead to a security weakness. In particular, user input should never be used to form a command that is passed to the system function.

ID

Observation

Description

1

Call site

The place the function was called

Example

          
#include <stdlib.h>

int main (int argc, char **argv)
{
    // Don't pass unchecked string to system!
    system(argv[1]);
    return 0;
}
        

Copyright © 2010, Intel Corporation. All rights reserved.