Chapter 8. Carefully Call Out to Other Resources

 

Do not put your trust in princes, in mortal men, who cannot save.

 Psalms 146:3 (NIV)
Table of Contents
8.1. Call Only Safe Library Routines
8.2. Limit Call-outs to Valid Values
8.3. Handle Metacharacters
8.3.1. SQL injection
8.3.2. Shell injection
8.3.3. Problematic pathnames and filenames
8.3.4. Other injection issues
8.4. Call Only Interfaces Intended for Programmers
8.5. Check All System Call Returns
8.6. Avoid Using vfork(2)
8.7. Counter Web Bugs When Retrieving Embedded Content
8.8. Hide Sensitive Information

Practically no program is truly self-contained; nearly all programs call out to other programs for resources, such as programs provided by the operating system, software libraries, and so on. Sometimes this calling out to other resources isn’t obvious or involves a great deal of “hidden” infrastructure which must be depended on, e.g., the mechanisms to implement dynamic libraries. Clearly, you must be careful about what other resources your program trusts and you must make sure that the way you send requests to them.