Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
incomplete-cleanup High
This principle underscores the detection of occurrences within code where resources, such as file descriptors, aren't adequately released or closed, especially prevalent in C programming. These situations arise when files remain unclosed after being opened or when other system resources aren't appropriately handled. To prevent potential problems, it's crucial to prioritize proper resource management and cleanup throughout the codebase.
Noncompliant example
1#include <stdio.h>
2#include <stdlib.h>
3
4FILE *incompleteCleanupNonCompliant() {
5 FILE *f;
6 f = fopen("example.txt", "r");
7 if (f == NULL) {
8 perror("Failed to open file");
9 }
10 // Noncompliant: File not closed
11 return f;
12}
Compliant example
1#include <stdio.h>
2#include <stdlib.h>
3
4FILE *incompleteCleanupCompliant() {
5 FILE *f = fopen("example.txt", "r");
6 if (f == NULL) {
7 perror("Failed to open file");
8 }
9 // Compliant: File closed before returning
10 fclose(f);
11 return f;
12}