Check environment variables carefully before using them.
Run in CI
rules: - id: flawfinder.g_get_tmp_dir-1 languages: - c message: | Check environment variables carefully before using them. metadata: cwe: "CWE-20: This function is synonymous with 'getenv(\"TMP\")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20)" primary_identifier: flawfinder.g_get_tmp_dir-1 secondary_identifiers: - name: Flawfinder - g_get_tmp_dir type: flawfinder_func_name value: g_get_tmp_dir license: MIT pattern: g_get_tmp_dir(...) severity: WARNING
Short Link: https://sg.run/v2NX