gitlab.flawfinder.g_get_tmp_dir-1
137
Download Count*
License
Check environment variables carefully before using them.
Run Locally
Run in CI
Defintion
rules:
- id: flawfinder.g_get_tmp_dir-1
languages:
- c
message: |
Check environment variables carefully before using them.
metadata:
cwe: "CWE-20: This function is synonymous with 'getenv(\"TMP\")';it returns
untrustable input if the environment can beset by an attacker. It can
have any content and length, and the same variable can be set more than
once (CWE-807, CWE-20)"
primary_identifier: flawfinder.g_get_tmp_dir-1
secondary_identifiers:
- name: Flawfinder - g_get_tmp_dir
type: flawfinder_func_name
value: g_get_tmp_dir
license: MIT
pattern: g_get_tmp_dir(...)
severity: WARNING
Short Link: https://sg.run/v2NX