gitlab.flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1

137
Download Count*
MIT
License

Use a constant for the format specification.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1
    languages:
      - c
    message: |
      Use a constant for the format specification.
    metadata:
      cwe: "CWE-134: If format strings can be influenced by an attacker, they can be
        exploited (CWE-134)"
      primary_identifier: flawfinder.fprintf-1.vfprintf-1._ftprintf-1._vftprintf-1.fwprintf-1.fvwprintf-1
      secondary_identifiers:
        - name: Flawfinder - fprintf
          type: flawfinder_func_name
          value: fprintf
        - name: Flawfinder - vfprintf
          type: flawfinder_func_name
          value: vfprintf
        - name: Flawfinder - _ftprintf
          type: flawfinder_func_name
          value: _ftprintf
        - name: Flawfinder - _vftprintf
          type: flawfinder_func_name
          value: _vftprintf
        - name: Flawfinder - fwprintf
          type: flawfinder_func_name
          value: fwprintf
        - name: Flawfinder - fvwprintf
          type: flawfinder_func_name
          value: fvwprintf
      license: MIT
    pattern-either:
      - patterns:
          - pattern: fprintf($FD, $FMT, ...)
          - pattern-not: fprintf($FD, "...", ...)
      - patterns:
          - pattern: vfprintf($FMT, $ARGS, ...)
          - pattern-not: vfprintf("...", $ARGS, ...)
      - patterns:
          - pattern: _ftprintf($FD, $FMT, ...)
          - pattern-not: _ftprintf($FD, "...", ...)
      - patterns:
          - pattern: fwprintf($FD, $FMT, ...)
          - pattern-not: fwprintf($FD, "...", ...)
      - patterns:
          - pattern: fvwprintf($FD, $FMT, ...)
          - pattern-not: fvwprintf($FD, "...", ...)
    severity: ERROR