gitlab.flawfinder.getlogin-1

137
Download Count*
License

Use getpwuid(geteuid()) and extract the desired information instead.

Run Locally

Run in CI

Defintion

rules:
  - id: flawfinder.getlogin-1
    languages:
      - c
    message: |
      Use getpwuid(geteuid()) and extract the desired information instead.
    metadata:
      cwe: "CWE-807: It's often easy to fool getlogin.  Sometimes it does not work at
        all, because some program messed up the utmp file.  Often, it gives only
        the first 8 characters of the login name. The user currently logged in
        on the controlling tty of our program need not be the user who started
        it.  Avoid getlogin() for security-related purposes (CWE-807)"
      primary_identifier: flawfinder.getlogin-1
      secondary_identifiers:
        - name: Flawfinder - getlogin
          type: flawfinder_func_name
          value: getlogin
      license: MIT
    pattern: getlogin(...)
    severity: ERROR