gitlab.flawfinder.getpw-1

137

Download Count*

MIT

License

Use getpwuid() instead.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.getpw-1
    languages:
      - c
    message: |
      Use getpwuid() instead.
    metadata:
      cwe: "CWE-120: This function is dangerous; it may overflow the provided buffer.
        It extracts data from a 'protected' area, but most systems have many
        commands to let users modify the protected area, and it's not always
        clear what their limits are.  Best to avoid using this function
        altogether (CWE-676, CWE-120)"
      primary_identifier: flawfinder.getpw-1
      secondary_identifiers:
        - name: Flawfinder - getpw
          type: flawfinder_func_name
          value: getpw
      license: MIT
    pattern: getpw(...)
    severity: ERROR

Short Link: https://sg.run/EO08