Avoid possible symlinks in C++ when using ofstream

Asked Jul 25 '20 at 17:14

Active Jul 25 '20 at 17:15

Viewed 435 times

I have this code

    ofstream file;
    file.open(filePath, std::ios::app);    
    file << content;
    file.close();

When I run Flawfinder it says:

[2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).

My question: is there any better/safer way to write the same code above to deal with files in order to avoid such possible security vulnerabilities?

edited Jul 25 '20 at 17:15

Weather Vane

33,872
7
36
56

asked Jul 25 '20 at 17:14

Mazen Ak

Note that you should ask this **c++** realted question in [**c++ section**](https://stackoverflow.com/questions/tagged/c%2b%2b) instead of [**c section**](https://stackoverflow.com/questions/tagged/c) – Saadi Toumi Fouad Jul 25 '20 at 17:23
Things like `lstat()` and `std::filesystem::symlink_status()` can tell you if the filename refers to a symlink before you try to open it. – Remy Lebeau Jul 25 '20 at 17:54

Avoid possible symlinks in C++ when using ofstream

0 Answers0