gitlab.flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1
137
Download Count*
License
Use a constant for the format specification.
Run Locally
Run in CI
Defintion
rules:
- id: flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1
languages:
- c
message: |
Use a constant for the format specification.
metadata:
cwe: "CWE-134: If format strings can be influenced by an attacker, they can be
exploited, and note that sprintf variations do not always \\0-terminate
(CWE-134)"
primary_identifier: flawfinder.snprintf-1.vsnprintf-1._snprintf-1._sntprintf-1._vsntprintf-1
secondary_identifiers:
- name: Flawfinder - snprintf
type: flawfinder_func_name
value: snprintf
- name: Flawfinder - vsnprintf
type: flawfinder_func_name
value: vsnprintf
- name: Flawfinder - _snprintf
type: flawfinder_func_name
value: _snprintf
- name: Flawfinder - _sntprintf
type: flawfinder_func_name
value: _sntprintf
- name: Flawfinder - _vsntprintf
type: flawfinder_func_name
value: _vsntprintf
license: MIT
pattern-either:
- patterns:
- pattern: snprintf($BUF,$SIZ,$FMT,...)
- pattern-not: snprintf($BUF,$SIZ,"...",...)
- patterns:
- pattern: vsnprintf($BUF,$SIZ,$FMT)
- pattern-not: vsnprintf($BUF,$SIZ,"...",...)
- patterns:
- pattern: _snprintf($BUF,$SIZ,$FMT,...)
- pattern-not: _snprintf($BUF,$SIZ,$FMT,"...",...)
- patterns:
- pattern: _sntprintf($VAR,$FMT,...)
- pattern-not: sntprintf($VAR,"...",...)
- patterns:
- pattern: _vsntprintf($VAR,$FMT,...)
- pattern-not: _vsntprintf($VAR,"...",...)
severity: ERROR
Short Link: https://sg.run/pkj3