CWE-242

Use of Inherently Dangerous Function

The product calls a function that can never be guaranteed to work safely.

Mitigation ID: MIT-58

Phases: Build and Compilation, Implementation

Description:

  • Identify a list of prohibited API functions and prohibit developers from using these functions, providing safer alternatives. In some cases, automatic code analysis tools or the compiler can be instructed to spot use of prohibited functions, such as the "banned.h" include file from Microsoft's SDL. [REF-554] [REF-1009] [REF-7]
Mitigation

Phase: Testing

Description:

  • Use grep or static analysis tools to spot usage of dangerous functions.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page