gitlab.flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1
137
Download Count*
License
Use a constant for the format specification.
Run Locally
Run in CI
Defintion
rules:
- id: flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1
languages:
- c
message: |
Use a constant for the format specification.
metadata:
cwe: "CWE-134: If format strings can be influenced by an attacker, they can be
exploited (CWE-134)"
primary_identifier: flawfinder.printf-1.vprintf-1.vwprintf-1.vfwprintf-1._vtprintf-1.wprintf-1
secondary_identifiers:
- name: Flawfinder - printf
type: flawfinder_func_name
value: printf
- name: Flawfinder - vprintf
type: flawfinder_func_name
value: vprintf
- name: Flawfinder - vwprintf
type: flawfinder_func_name
value: vwprintf
- name: Flawfinder - vfwprintf
type: flawfinder_func_name
value: vfwprintf
- name: Flawfinder - _vtprintf
type: flawfinder_func_name
value: _vtprintf
- name: Flawfinder - wprintf
type: flawfinder_func_name
value: wprintf
license: MIT
pattern-either:
- patterns:
- pattern: printf(...)
- pattern-not: printf("...",...)
- patterns:
- pattern: vprintf($FMT, ...)
- pattern-not: vprintf("...", ...)
- patterns:
- pattern: vwprintf($FMT, ...)
- pattern-not: vwprintf("...", ...)
- patterns:
- pattern: vfwprintf($FILE, $FMT, ...)
- pattern-not: vfwprintf($FILE, "...", ...)
- patterns:
- pattern: _vtprintf($FILE, $FMT, ...)
- pattern-not: _vtprintf($FILE, "...", ...)
- patterns:
- pattern: wprintf($FMT, ...)
- pattern-not: wprintf("...", ...)
severity: ERROR
Short Link: https://sg.run/z9Oz