IO.UT.LIB : Untrusted Library Load

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Binaries

IO.UT.LIB : Untrusted Library Load

Summary

A library loading function is called with an untrusted library name argument.

A library name argument is considered to be untrusted if:

There is a set of applicable UNTRUSTED_LIB_WHITELIST rules (that is, a set of one or more UNTRUSTED_LIB_WHITELIST rules after which no UNTRUSTED_LIB_WHITELIST= or UNTRUSTED_LIB_BLACKLIST rules occur), and either
- the library name argument does not match one of the rules in that set,
  or
- CodeSonar cannot determine the value of the library name argument.
or
There is a set of applicable UNTRUSTED_LIB_BLACKLIST rules (that is, a set of one or more UNTRUSTED_LIB_BLACKLIST rules after which no UNTRUSTED_LIB_BLACKLIST= or UNTRUSTED_LIB_WHITELIST rules occur), and the library name argument matches one of the rules in that set.
or
The library name argument is a string constant that may have been obfuscated, where obfuscation determinations depend in part on the settings of configuration parameters MIN_B64_SCORE and MIN_ENC_SCORE.

Properties

Class Name

Untrusted Library Load

Significance

security

Mnemonic

IO.UT.LIB

Categories

MisraC2025	MisraC2025:D.4.14	The validity of values received from external sources shall be checked
MisraC2023	MisraC2023:D.4.14	The validity of values received from external sources shall be checked
Misra2012	Misra2012:D.4.14	The validity of values received from external sources shall be checked
AUTOSARC++14	AUTOSARC++14:A27-0-1	Inputs from independent components shall be validated.
MisraC++2023	MisraC++2023:0.3.2	A function call shall not violate the function's preconditions
CWE	CWE:114	Process Control
CERT-C	CERT-C:STR02-C	Sanitize data passed to complex subsystems
DISA-6r1	DISA-6r1:V-222604	The application must protect from command injection.
	DISA-6r1:V-222606	The application must validate all input.
	DISA-6r1:V-222609	The application must not be subject to input handling vulnerabilities.
DISA-5r3	DISA-5r3:V-70261	The application must protect from command injection.
	DISA-5r3:V-70265	The application must validate all input.
	DISA-5r3:V-70271	The application must not be subject to input handling vulnerabilities.
DISA-4r3	DISA-4r3:V-70261	The application must protect from command injection.
	DISA-4r3:V-70265	The application must validate all input.
	DISA-4r3:V-70271	The application must not be subject to input handling vulnerabilities.
OWASP-2017	OWASP-2017:A1	Injection
OWASP-2021	OWASP-2021:A3	Injection
OWASP-2025	OWASP-2025:A05	Injection

Availability

Available for C and C++.

Enabling

Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += allow class="Untrusted Library Load"

Triggers

CodeSonar ships with library models that allow it to recognize functions such as libc dlopen() that take a library name argument. If one of these functions is called with an untrusted value in the library name parameter position, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Untrusted Library Load warnings.

Example

Suppose the project configuration file includes the following rules.

WARNING_FILTER += allow class="Untrusted Library Load"
UNTRUSTED_LIB_BLACKLIST += ^.*hack.*$

Then CodeSonar will issue one Untrusted Library Load warning in the following code.

#include <dlfcn.h>

void * io_ut_lib_bad(void){
  return dlopen("./myhackylibrary.so", RTLD_LAZY); /* 'Untrusted Library Load' warning issued here */
}

void * io_ut_lib_ok(void){
  return dlopen("./myproperlibrary.so", RTLD_LAZY);           /* ok: does not include blacklisted substring "hack" */
}

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

To report problems with this documentation, please visit https://support.codesecure.com/.