gitlab.flawfinder.readlink-1

137

Download Count*

MIT

License

Reconsider approach.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.readlink-1
    languages:
      - c
    message: |
      Reconsider approach.
    metadata:
      cwe: "CWE-20: This accepts filename arguments; if an attacker can move those
        files or change the link content, a race condition results.  Also, it
        does not terminate with ASCII NUL. (CWE-362, CWE-20)"
      primary_identifier: flawfinder.readlink-1
      secondary_identifiers:
        - name: Flawfinder - readlink
          type: flawfinder_func_name
          value: readlink
      license: MIT
    pattern: readlink(...)
    severity: ERROR

Short Link: https://sg.run/L8AL