Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search
Log in
Confluence
Spaces
Hit enter to search
Help
Online Help
Keyboard Shortcuts
Feed Builder
What’s new
Available Gadgets
About Confluence
Log in
SEI CERT C Coding Standard
Pages
Boards
Space shortcuts
Dashboard
Secure Coding Home
Android
C
C++
Java
Perl
Page tree
Browse pages
Configure
Space tools
View Page
A
t
tachments (0)
Page History
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Pages
…
SEI CERT C Coding Standard
3 Recommendations
Rec. 10. Environment (ENV)
ENV03-C. Sanitize the environment when invoking external programs
Page Information
Title:
ENV03-C. Sanitize the environment when invoking external programs
Author:
Robert Seacord
Feb 01, 2007
Last Changed by:
Jill Britton
Apr 20, 2023
Tiny Link:
(useful for email)
https://wiki.sei.cmu.edu/confluence/x/JNcxBQ
Export As:
Word
·
PDF
Incoming Links
SEI CERT C Coding Standard (2)
Page:
ENV33-C. Do not call system()
Page:
STR02-C. Sanitize data passed to complex subsystems
SEI CERT Oracle Coding Standard for Java (1)
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Hierarchy
Parent Page
Page:
Rec. 10. Environment (ENV)
Labels
Global Labels (10)
cwe-807
rose-nonapplicable
android-applicable
sidebar
env
posix
recommendation
cwe-426
cwe-78
cwe-20
Recent Changes
Time
Editor
Apr 20, 2023 05:54
Jill Britton
View Changes
Apr 26, 2021 04:24
Jill Britton
View Changes
Apr 21, 2021 05:30
Jill Britton
View Changes
Apr 20, 2021 06:47
Jill Britton
View Changes
Nov 16, 2017 14:40
Will Snavely
View Page History
Outgoing Links
External Links (14)
https://www.kb.cert.org/vulnotes/bymetric?searchview&query=…
cwe.mitre.org/data/definitions/88.html
cwe.mitre.org/data/definitions/807.html
https://www.securecoding.cert.org/confluence/display/seccod…
cwe.mitre.org/data/definitions/426.html
www.cert.org/advisories/CA-1995-14.html
www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/envi…
https://www.securecoding.cert.org/confluence/display/seccod…
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
cwe.mitre.org/data/definitions/78.html
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
cwe.mitre.org/
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?p…
https://cwe.mitre.org/data/definitions/471.html
SEI CERT C Coding Standard (10)
Page:
Helix QAC
Page:
POS02-C. Follow the principle of least privilege
Page:
Helix QAC_V
Page:
BB. Definitions
Page:
STR02-C. Sanitize data passed to complex subsystems
Home page:
SEI CERT C Coding Standard
Page:
LDRA
Page:
AA. Bibliography
Page:
ENV33-C. Do not call system()
Page:
LDRA_V
SEI CERT C++ Coding Standard (2)
Home page:
SEI CERT C++ Coding Standard
Page:
VOID ENV01-CPP. Sanitize the environment when invoking external programs
SEI CERT Oracle Coding Standard for Java (2)
Home page:
SEI CERT Oracle Coding Standard for Java
Page:
IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method
Overview
Content Tools
{"serverDuration": 77, "requestCorrelationId": "4cd0a473acec3071"}