gitlab.flawfinder.CreateProcess-1

137

Download Count*

License

Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.CreateProcess-1
    languages:
      - c
    message: >
      Specify the application path in the first argument, NOT as part of the
      second, or embedded

      spaces could allow an attacker to force a different program to run.
    metadata:
      cwe: "CWE-78: This causes a new process to execute and is difficult to use
        safely (CWE-78)"
      primary_identifier: flawfinder.CreateProcess-1
      secondary_identifiers:
        - name: Flawfinder - CreateProcess
          type: flawfinder_func_name
          value: CreateProcess
      license: MIT
    pattern: CreateProcess(...)
    severity: WARNING

Short Link: https://sg.run/Q4KD