gitlab.flawfinder.char-1.TCHAR-1.wchar_t-1

137
Download Count*
License

Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.

Run Locally

Run in CI

Defintion

rules:
  - id: flawfinder.char-1.TCHAR-1.wchar_t-1
    languages:
      - c
    message: >
      Perform bounds checking, use functions that limit length, or ensure that
      the size is larger

      than the maximum possible length.
    metadata:
      cwe: "CWE-120: Statically-sized arrays can be improperly restricted, leading to
        potential overflows or other issues (CWE-119!/CWE-120)"
      primary_identifier: flawfinder.char-1.TCHAR-1.wchar_t-1
      secondary_identifiers:
        - name: Flawfinder - char
          type: flawfinder_func_name
          value: char
        - name: Flawfinder - TCHAR
          type: flawfinder_func_name
          value: TCHAR
        - name: Flawfinder - wchar_t
          type: flawfinder_func_name
          value: wchar_t
      license: MIT
    pattern-either:
      - patterns:
          - pattern-regex: (wchar_t) *[a-zA-Z0-9_]+\[.*\]
          - pattern-not-regex: (wchar_t) *[a-zA-Z0-9_]+\[\](\s|)\= *([a-zA-Z]|)(\s|)("|{)(.*)
      - patterns:
          - pattern-regex: (char) *[a-zA-Z0-9_]+\[.*\]
          - pattern-not-regex: (char) *[a-zA-Z0-9_]+\[\](\s|)\= *([a-zA-Z]|)(\s|)("|{)(.*)
      - patterns:
          - pattern-regex: (TCHAR) *[a-zA-Z0-9_]+\[.*\]
          - pattern-not-regex: (TCHAR) *[a-zA-Z0-9_]+\[\](\s|)\= *([a-zA-Z]|)(\s|)("|{)(.*)
      - patterns:
          - pattern-regex: static *(const)? *(wchar_t|char|TCHAR) *[a-zA-Z0-9_]+
              *\[.*\]\*(={.*})?
      - patterns:
          - pattern-regex: (.*|)(\s|)\=(\s|)\((char.*) (malloc)\(.*\[[0-9]+\].*\)
    severity: INFO