The rule about TOCTOU mainly check POSIX function calls. On windows, similar functions exist, with other names (access -> _access & _waccess). Additionally, variants flagged as "secure" also exist (_access_s & _waccess_s).
Those functions should be checked too.
Note: Since some of these functions deal with wide string literals, in the rule implementation we should remove all mentions of StringLiteral::getString that only work with narrow strings, and use StringTools.h instead.