gitlab.flawfinder.g_get_home_dir-1

137
Download Count*
License

Check environment variables carefully before using them.

Run Locally

Run in CI

Defintion

rules:
  - id: flawfinder.g_get_home_dir-1
    languages:
      - c
    message: |
      Check environment variables carefully before using them.
    metadata:
      cwe: "CWE-20: This function is synonymous with 'getenv(\"HOME\")';it returns
        untrustable input if the environment can beset by an attacker.  It can
        have any content and length, and the same variable can be set more than
        once (CWE-807, CWE-20)"
      primary_identifier: flawfinder.g_get_home_dir-1
      secondary_identifiers:
        - name: Flawfinder - g_get_home_dir
          type: flawfinder_func_name
          value: g_get_home_dir
      license: MIT
    pattern: g_get_home_dir(...)
    severity: WARNING