gitlab.flawfinder.access-1

137

Download Count*

MIT

License

Set up the correct permissions (e.g., using setuid()) and try to open the file directly.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.access-1
    languages:
      - c
    message: >
      Set up the correct permissions (e.g., using setuid()) and try to open the
      file directly.
    metadata:
      cwe: "CWE-362: This usually indicates a security flaw.  If an attacker can
        change anything along the path between the call to access() and the
        file's actual use (e.g., by moving files), the attacker can exploit the
        race condition (CWE-362/CWE-367!)"
      primary_identifier: flawfinder.access-1
      secondary_identifiers:
        - name: Flawfinder - access
          type: flawfinder_func_name
          value: access
      license: MIT
    pattern: access(...)
    severity: ERROR

Short Link: https://sg.run/ZkX7