gitlab.flawfinder.g_get_tmp_dir-1

137

Download Count*

MIT

License

Check environment variables carefully before using them.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.g_get_tmp_dir-1
    languages:
      - c
    message: |
      Check environment variables carefully before using them.
    metadata:
      cwe: "CWE-20: This function is synonymous with 'getenv(\"TMP\")';it returns
        untrustable input if the environment can beset by an attacker.  It can
        have any content and length, and the same variable can be set more than
        once (CWE-807, CWE-20)"
      primary_identifier: flawfinder.g_get_tmp_dir-1
      secondary_identifiers:
        - name: Flawfinder - g_get_tmp_dir
          type: flawfinder_func_name
          value: g_get_tmp_dir
      license: MIT
    pattern: g_get_tmp_dir(...)
    severity: WARNING

Short Link: https://sg.run/v2NX