Synopsis

Do not call system().

Enabled by default

Yes

Severity/Certainty

High/Medium

Full description

Use of the system() function can result in exploitable vulnerabilities, in the worst case allowing execution of arbitrary system commands. Do not invoke a command processor via system() or equivalent functions to execute a command.

Coding standards

This check does not correspond to any coding standard rules.

Code examples

The following code example fails the check and will give a warning:

#include <stdlib.h>

void func(char *input) {
    system(input);
}

The following code example passes the check and will not give a warning about this issue:

void func() {
}