The code uses a function that has inconsistent implementations across operating systems and versions.
The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases. The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include: - Slight differences in the way parameters are interpreted leading to inconsistent results. - Some implementations of the function carry significant security risks. - The function might not be defined on all platforms. - The function might change which return codes it can provide, or change the meaning of its return codes.
Do not accept inconsistent behavior from the API specifications when the deviant behavior increase the risk level.
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness: High