Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT C Coding Standard
3 Recommendations
Rec. 09. Input Output (FIO)
Page Information
Title:
Rec. 09. Input Output (FIO)
Author:
Barbara White
Mar 05, 2015
Last Changed by:
David Svoboda
Mar 15, 2022
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/PNUxBQ
Export As:
Word
·
PDF
Hierarchy
Parent Page
Page:
3 Recommendations
Children (20)
Page:
FIO01-C. Be careful using functions that use file names for identification
Page:
FIO02-C. Canonicalize path names originating from tainted sources
Page:
FIO03-C. Do not make assumptions about fopen() and file creation
Page:
FIO05-C. Identify files using multiple file attributes
Page:
FIO06-C. Create files with appropriate access permissions
Page:
FIO08-C. Take care when calling remove() on an open file
Page:
FIO09-C. Be careful with binary data when transferring data across systems
Page:
FIO10-C. Take care when using the rename() function
Page:
FIO11-C. Take care when specifying the mode parameter of fopen()
Page:
FIO13-C. Never push back anything other than one read character
Show all...
Page:
FIO14-C. Understand the difference between text mode and binary mode with file streams
Page:
FIO15-C. Ensure that file operations are performed in a secure directory
Page:
FIO17-C. Do not rely on an ending null character when using fread()
Page:
FIO18-C. Never expect fwrite() to terminate the writing process at a null character
Page:
FIO19-C. Do not use fseek() and ftell() to compute the size of a regular file
Page:
FIO20-C. Avoid unintentional truncation when using fgets() or fgetws()
Page:
FIO21-C. Do not create temporary files in shared directories
Page:
FIO22-C. Close files before spawning processes
Page:
FIO23-C. Do not exit with unflushed data in stdout or stderr
Page:
FIO24-C. Do not open a file that is already open
Hide...
Labels
Global Labels (3)
fio
recommendation-list
section
Recent Changes
Time
Editor
Mar 15, 2022 09:44
David Svoboda
View Changes
Dec 03, 2018 15:24
Derek Leung
View Changes
Mar 12, 2018 19:50
Arthur Hicken
View Changes
wrong ID, correct risk
Nov 16, 2017 14:41
Will Snavely
View Changes
Nov 16, 2017 14:16
Will Snavely
View Page History
Outgoing Links
External Links (5)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://confluence/label/seccode/fio
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://confluence/label/seccode/recommendation
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT C Coding Standard (1)
Home page:
SEI CERT C Coding Standard
Overview
Content Tools
{"serverDuration": 73, "requestCorrelationId": "8eff57e3b8e9b3c1"}