GitHub
CERT Secure Coding

Environment (ENV)

Information for Editors
In order to have a new guideline automatically listed above be sure to label it env and recommendation .

Risk Assessment Summary

Rule Severity Likelihood Detectable Repairable Priority Level
ENV01-C High Likely No No P9 L2
ENV02-C Low Unlikely Yes No P2 L3
ENV03-C High Likely No No P9 L2
DUMMY ENV03-J
ENV00-J. Do not sign code that performs only unprivileged operations
ENV01-C. Do not make assumptions about the size of an environment variable
ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it
ENV02-C. Beware of multiple environment variables with the same effective name
ENV02-J. Do not trust the values of environment variables
ENV03-C. Sanitize the environment when invoking external programs
ENV03-J. Do not grant dangerous combinations of permissions
ENV04-J. Do not disable bytecode verification
ENV05-J. Do not deploy an application that can be remotely monitored
ENV06-J. Production code must not contain debugging entry points
ENV30-C. Do not modify the object referenced by the return value of certain functions
ENV31-C. Do not rely on an environment pointer following an operation that may invalidate it
ENV32-C. All exit handlers must return normally
ENV33-C. Do not call system()
ENV34-C. Do not store pointers returned by certain functions
Rec. 10. Environment (ENV)
Rec. 10. Environment (ENV)
Rule 10. Environment (ENV)
Rule 10. Environment (ENV)
Rule 16. Runtime Environment (ENV)
VOID Do not call the longjmp function to terminate a call to a function registered by atexit()
VOID ENV00-CPP. Beware of multiple environment variables with the same effective name
VOID ENV01-CPP. Sanitize the environment when invoking external programs
VOID ENV02-CPP. Do not call system() if you do not need a command processor
VOID Environment (ENV)
VOID Rec. 12. Environment (ENV)