rspec/rules/S5847/cfamily/rule.adoc

include::../common/description.adoc[]

== Why is this an issue?

include::../common/rationale.adoc[]

=== What is the potential impact?

include::../common/impact/rationale.adoc[]

include::../common/impact/code_execution.adoc[]

include::../common/impact/privilege_escalation.adoc[]

include::../common/impact/dos.adoc[]

== How to fix it

include::../common/how-to-fix/rationale.adoc[]

=== Code examples

==== Noncompliant code example

The following code sample is susceptible to a race condition attack because it
checks a file exists strictly before it opens it for writing.

[source,cpp,diff-id=1,diff-type=noncompliant]
----
FILE *fopen_if_not_exists(const char *file) {
  if (access(file, F_OK) == -1 && errno == ENOENT) {
    FILE *f = fopen(file, "w"); // Noncompliant

    return f;
  }

  return nullptr;
}
----

==== Compliant solution

[source,cpp,diff-id=1,diff-type=compliant]
----
FILE *fopen_if_not_exists(const char *file) {
  FILE *f = fopen(file, "wx");
  return f;
}
----

=== How does this work?

Here, the compliant code example uses an atomic operation to open the file and
check for its existence beforehand.

== Resources

=== Documentation

* Carnegie Mellon University Software Engineering Institure - https://wiki.sei.cmu.edu/confluence/display/c/FIO45-C.+Avoid+TOCTOU+race+conditions+while+accessing+files[FIO45-C. - Avoid TOCTOU race conditions while accessing files]

=== Standards

* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]
* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control]
* CWE - https://cwe.mitre.org/data/definitions/367[CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition]
* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions.


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/description.adoc[]`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/rationale.adoc[]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`=== What is the potential impact?`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/impact/rationale.adoc[]`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/impact/code_execution.adoc[]`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/impact/privilege_escalation.adoc[]`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/impact/dos.adoc[]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`== How to fix it`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`include::../common/how-to-fix/rationale.adoc[]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`=== Code examples`

			`==== Noncompliant code example`

			`The following code sample is susceptible to a race condition attack because it`
			`checks a file exists strictly before it opens it for writing.`

Fix asciidoc w.r.t. C++ (#3519) "C++" spelled as-is can result in unexpected rendering, such as C++20 was released before C++17 renders as C20 was released before C17 Make consistent use of `[source,cpp]`. 2023-12-21 15:51:41 +01:00			`[source,cpp,diff-id=1,diff-type=noncompliant]`
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`----`
			`FILE fopen_if_not_exists(const char file) {`
			`if (access(file, F_OK) == -1 && errno == ENOENT) {`
			`FILE *f = fopen(file, "w"); // Noncompliant`
Fix asciidoc w.r.t. C++ (#3519) "C++" spelled as-is can result in unexpected rendering, such as C++20 was released before C++17 renders as C20 was released before C17 Make consistent use of `[source,cpp]`. 2023-12-21 15:51:41 +01:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`return f;`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`}`
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00
			`return nullptr;`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`}`
			`----`

Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`==== Compliant solution`
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space 2020-06-30 14:49:38 +02:00
Fix asciidoc w.r.t. C++ (#3519) "C++" spelled as-is can result in unexpected rendering, such as C++20 was released before C++17 renders as C20 was released before C17 Make consistent use of `[source,cpp]`. 2023-12-21 15:51:41 +01:00			`[source,cpp,diff-id=1,diff-type=compliant]`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`----`
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`FILE fopen_if_not_exists(const char file) {`
			`FILE *f = fopen(file, "wx");`
			`return f;`
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`}`
			`----`

Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`=== How does this work?`

			`Here, the compliant code example uses an atomic operation to open the file and`
			`check for its existence beforehand.`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
RULEAPI-665: Remove security standards from the irrelevant language-specific rules (#362) 2021-09-21 15:40:35 +02:00
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00			`=== Documentation`

			`* Carnegie Mellon University Software Engineering Institure - https://wiki.sei.cmu.edu/confluence/display/c/FIO45-C.+Avoid+TOCTOU+race+conditions+while+accessing+files[FIO45-C. - Avoid TOCTOU race conditions while accessing files]`

			`=== Standards`

			`* OWASP - https://owasp.org/Top10/A01_2021-Broken_Access_Control/[Top 10 2021 Category A1 - Broken Access Control]`
			`* OWASP - https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[Top 10 2017 Category A5 - Broken Access Control]`
			`* CWE - https://cwe.mitre.org/data/definitions/367[CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition]`
Modify rules: Add STIG AS&D 2023-06-08 mappings (#3914) * Update JSON schema to include STIG ASD 2023-06-08 mapping * Update rules to add STIG metadata mappings --------- Co-authored-by: Loris Sierra <loris.sierra@sonarsource.com> 2024-05-06 07:56:31 +01:00			`* STIG Viewer - https://stigviewer.com/stig/application_security_and_development/2023-06-08/finding/V-222567[Application Security and Development: V-222567] - The application must not be vulnerable to race conditions.`

Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::../comments-and-links.adoc[]`
Make sure that includes are always surrounded by empty lines (#2270) When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again. 2023-06-22 10:38:01 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`
Modify S5847: Change text to LayC format (APPSEC-1214) (#3316) 2023-10-20 17:39:40 +02:00