gitlab.flawfinder.fopen-1.open-1

rules:
  - id: flawfinder.fopen-1.open-1
    languages:
      - c
    message: |
      Check when opening files - can an attacker redirect it (via symlinks).
    metadata:
      cwe: "CWE-362: Check when opening files - can an attacker redirect it (via
        symlinks), force the opening of special file type (e.g., device files),
        move things around to create a race condition, control its ancestors, or
        change its contents? (CWE-362)"
      primary_identifier: flawfinder.fopen-1.open-1
      secondary_identifiers:
        - name: Flawfinder - fopen
          type: flawfinder_func_name
          value: fopen
        - name: Flawfinder - open
          type: flawfinder_func_name
          value: open
      license: MIT
    pattern-either:
      - pattern: fopen(...)
      - pattern: open(...)
    severity: INFO