Query module TOCTOUFilesystemRace

name
Time-of-check time-of-use filesystem race condition
description
Separately checking the state of a file before operating on it may allow an attacker to modify the file between the two operations.
kind
problem
problem.severity
warning
precision
medium
id
cpp/toctou-race-condition
tags
security external/cwe/cwe-367

Imports

Guards
cpp

Provides classes and predicates for working with C/C++/ObjC/ObjC++ code.

Predicates

accessCheck

A use of access (or similar) on a filename.

filenameOperation

An operation on a filename.

referenceTo

Holds if use points to source, either by being the same or by one step of variable indirection.

stat

A use of stat (or similar) on a filename.