Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT C Coding Standard
3 Recommendations
Rec. 07. Characters and Strings (STR)
STR02-C. Sanitize data passed to complex subsystems
Page Information
Title:
STR02-C. Sanitize data passed to complex subsystems
Author:
Robert Seacord
Aug 28, 2006
Last Changed by:
Jill Britton
Apr 27, 2022
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/GdcxBQ
Export As:
Word
·
PDF
Incoming Links
CERT Secure Coding (1)
Page:
Top 10 Secure Coding Practices
SEI CERT C Coding Standard (3)
Page:
ENV03-C. Sanitize the environment when invoking external programs
Page:
MSC09-C. Character encoding: Use subset of ASCII for safety
Page:
ENV33-C. Do not call system()
SEI CERT Oracle Coding Standard for Java (3)
Page:
IDS16-J. Prevent XML Injection
Page:
IDS00-J. Prevent SQL injection
Page:
IDS17-J. Prevent XML External Entity Attacks
SEI CERT Perl Coding Standard (1)
Page:
IDS33-PL. Sanitize untrusted data passed across a trust boundary
Hierarchy
Parent Page
Page:
Rec. 07. Characters and Strings (STR)
Labels
Global Labels (10)
fortify
rose-nonapplicable
android-applicable
sidebar
recommendation
str
cwe-78
cwe-116
klocwork
cwe-20
Recent Changes
Time
Editor
Apr 27, 2022 08:43
Jill Britton
View Changes
Aug 13, 2020 07:47
Joerg Herter
View Changes
Aug 30, 2019 17:41
Anirban Gangopadhyay
View Changes
Aug 09, 2018 16:36
Anirban Gangopadhyay
View Changes
Aug 06, 2018 06:27
Michal Rozenau
Parasoft C/C++test 10.4
View Page History
Outgoing Links
External Links (8)
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
cwe.mitre.org/data/definitions/88.html
cwe.mitre.org/data/definitions/78.html
cwe.mitre.org/
https://www.kb.cert.org/vulnotes/bymetric?searchview&query=…
https://www.mathworks.com/help/bugfinder/ref/certcrec.str02…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
SEI CERT C Coding Standard (18)
Page:
Parasoft
Page:
Klocwork
Page:
CodeSonar_V
Page:
Astrée
Page:
ENV33-C. Do not call system()
Page:
BB. Definitions
Page:
Klocwork_V
Page:
Parasoft_V
Page:
CodeSonar
Page:
Coverity
Page:
ENV03-C. Sanitize the environment when invoking external programs
Page:
LDRA_V
Home page:
SEI CERT C Coding Standard
Page:
Astrée_V
Page:
LDRA
Page:
Polyspace Bug Finder
Page:
AA. Bibliography
Page:
Polyspace Bug Finder_V
SEI CERT Oracle Coding Standard for Java (2)
Page:
IDS00-J. Prevent SQL injection
Home page:
SEI CERT Oracle Coding Standard for Java
SEI CERT C++ Coding Standard (2)
Home page:
SEI CERT C++ Coding Standard
Page:
VOID STR02-CPP. Sanitize data passed to complex subsystems
Overview
Content Tools
{"serverDuration": 132, "requestCorrelationId": "9ebc6b8c42ff2306"}
