Input Output (FIO)
- FIO50-CPP. Do not alternately input and output from a file stream without an intervening positioning call
- FIO51-CPP. Close files when they are no longer needed
The following rules from the SEI CERT C Coding Standard also apply in C++:
- FIO30-C. Exclude user input from format strings
- FIO32-C. Do not perform operations on devices that are only appropriate for files
- FIO34-C. Distinguish between characters read from a file and EOF or WEOF
- FIO37-C. Do not assume that fgets() or fgetws() returns a nonempty string when successful
- FIO38-C. Do not copy a FILE object
- FIO39-C. Do not alternately input and output from a stream without an intervening flush or positioning call
- FIO40-C. Reset strings on fgets() or fgetws() failure
- FIO41-C. Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
- FIO42-C. Close files when they are no longer needed
- FIO44-C. Only use values for fsetpos() that are returned from fgetpos()
- FIO45-C. Avoid TOCTOU race conditions while accessing files
- FIO46-C. Do not access a closed file
- FIO47-C. Use valid format strings
Information for Editors
To have a new guideline automatically listed above be sure to label it fio and rule .
Risk Assessment Summary
| Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| FIO50-CPP | Low | Likely | Yes | No | P6 | L2 |
| FIO51-CPP | Medium | Unlikely | No | No | P2 | L3 |
