Static Analysis Problem Type Reference
A dangerous function was called without adequate protection.
Some library and API functions can execute an arbitrary command. Care should be taken to ensure that this cannot lead to a security weakness. In particular, user input should never be used to form a command that is passed to the system function.
|
ID |
Code Location |
Description |
|---|---|---|
|
1 |
Call site |
The place where the function was called |
#include <stdlib.h>
int main (int argc, char **argv)
{
// Don't pass unchecked string to system!
system(argv[1]);
return 0;
}