SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

Vulnerability14

Security Hotspot19

Tags

Impact

Clean code attribute

The library function "system" from "<cstdlib>" shall not be used

responsibility - trustworthy

security

Vulnerability

Why is this an issue?

More Info

This rule is part of MISRA C++:2023.

Usage of this content is governed by Sonar’s terms and conditions. Redistribution is prohibited.

Rule 21.2.3 - The library function `system` from `<cstdlib>` shall not be used

[C11] / 7.22.4.8; Undefined 2; Implementation 2, 3

Category: Required

Analysis: Decidable,Single Translation Unit

Amplification

This function shall not be called or have its address taken, and no macro having this name shall be expanded.

Note: this rule also applies to system from <stdlib.h>.

Rationale

The system function has undefined and implementation-defined behaviour associated with it.

Errors related to its use are a common cause of security vulnerabilities.

Copyright The MISRA Consortium Limited © 2023

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI