gitlab.flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1
137
Download Count*
License
Specify a limit to %s, or use a different input function.
Run Locally
Run in CI
Defintion
rules:
- id: flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1
languages:
- c
message: |
Specify a limit to %s, or use a different input function.
metadata:
cwe: "CWE-120: The scanf() family's %s operation, without a limit specification,
permits buffer overflows (CWE-120, CWE-20)"
primary_identifier: flawfinder.scanf-1.vscanf-1.wscanf-1._tscanf-1.vwscanf-1
secondary_identifiers:
- name: Flawfinder - scanf
type: flawfinder_func_name
value: scanf
- name: Flawfinder - vscanf
type: flawfinder_func_name
value: vscanf
- name: Flawfinder - wscanf
type: flawfinder_func_name
value: wscanf
- name: Flawfinder - _tscanf
type: flawfinder_func_name
value: _tscanf
- name: Flawfinder - vwscanf
type: flawfinder_func_name
value: vwscanf
license: MIT
pattern-either:
- patterns:
- pattern: scanf($FMT, ...)
- pattern-not: scanf("...", ...)
- patterns:
- pattern: vscanf($FMT, ...)
- pattern-not: vscanf("...", ...)
- patterns:
- pattern: wscanf($FMT, ...)
- pattern-not: wscanf("...", ...)
- patterns:
- pattern: _tscanf($FMT, ...)
- pattern-not: _tscanf("...", ...)
- patterns:
- pattern: vwscanf(FMT, ...)
- pattern-not: vwscanf("...", ...)
severity: ERROR
Short Link: https://sg.run/Jj6o