gitlab.flawfinder.getenv-1.curl_getenv-1
137
Download Count*
License
Check environment variables carefully before using them.
Run Locally
Run in CI
Defintion
rules:
- id: flawfinder.getenv-1.curl_getenv-1
languages:
- c
message: |
Check environment variables carefully before using them.
metadata:
cwe: "CWE-20: Environment variables are untrustable input if they can be set by
an attacker. They can have any content and length, and the same
variable can be set more than once (CWE-807, CWE-20)"
primary_identifier: flawfinder.getenv-1.curl_getenv-1
secondary_identifiers:
- name: Flawfinder - getenv
type: flawfinder_func_name
value: getenv
- name: Flawfinder - curl_getenv
type: flawfinder_func_name
value: curl_getenv
license: MIT
pattern-either:
- pattern: getenv(...)
- pattern: curl_getenv(...)
severity: WARNING
Short Link: https://sg.run/ZkO7