gitlab.flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1

137
Download Count*
MIT
License

Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1
    languages:
      - c
    message: >
      Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily
      misused).
    metadata:
      cwe: "CWE-120: Does not check for buffer overflows when copying to destination
        [MS-banned] (CWE-120)"
      primary_identifier: flawfinder.strcpyA-1.strcpyW-1.StrCpy-1.StrCpyA-1.lstrcpyA-1.lstrcpyW-1._tccpy-1._mbccpy-1._ftcscpy-1._mbsncpy-1.StrCpyN-1.StrCpyNA-1.StrCpyNW-1.StrNCpy-1.strcpynA-1.StrNCpyA-1.StrNCpyW-1.lstrcpynA-1.lstrcpynW-1
      secondary_identifiers:
        - name: Flawfinder - strcpyA
          type: flawfinder_func_name
          value: strcpyA
        - name: Flawfinder - strcpyW
          type: flawfinder_func_name
          value: strcpyW
        - name: Flawfinder - StrCpy
          type: flawfinder_func_name
          value: StrCpy
        - name: Flawfinder - StrCpyA
          type: flawfinder_func_name
          value: StrCpyA
        - name: Flawfinder - lstrcpyA
          type: flawfinder_func_name
          value: lstrcpyA
        - name: Flawfinder - lstrcpyW
          type: flawfinder_func_name
          value: lstrcpyW
        - name: Flawfinder - _tccpy
          type: flawfinder_func_name
          value: _tccpy
        - name: Flawfinder - _mbccpy
          type: flawfinder_func_name
          value: _mbccpy
        - name: Flawfinder - _ftcscpy
          type: flawfinder_func_name
          value: _ftcscpy
        - name: Flawfinder - _mbsncpy
          type: flawfinder_func_name
          value: _mbsncpy
        - name: Flawfinder - StrCpyN
          type: flawfinder_func_name
          value: StrCpyN
        - name: Flawfinder - StrCpyNA
          type: flawfinder_func_name
          value: StrCpyNA
        - name: Flawfinder - StrCpyNW
          type: flawfinder_func_name
          value: StrCpyNW
        - name: Flawfinder - StrNCpy
          type: flawfinder_func_name
          value: StrNCpy
        - name: Flawfinder - strcpynA
          type: flawfinder_func_name
          value: strcpynA
        - name: Flawfinder - StrNCpyA
          type: flawfinder_func_name
          value: StrNCpyA
        - name: Flawfinder - StrNCpyW
          type: flawfinder_func_name
          value: StrNCpyW
        - name: Flawfinder - lstrcpynA
          type: flawfinder_func_name
          value: lstrcpynA
        - name: Flawfinder - lstrcpynW
          type: flawfinder_func_name
          value: lstrcpynW
      license: MIT
    pattern-either:
      - pattern: strcpyA(...)
      - pattern: strcpyW(...)
      - pattern: StrCpy(...)
      - pattern: StrCpyA(...)
      - pattern: lstrcpyA(...)
      - pattern: lstrcpyW(...)
      - pattern: _tccpy(...)
      - pattern: _mbccpy(...)
      - pattern: _ftcscpy(...)
      - pattern: _mbsncpy(...)
      - pattern: StrCpyN(...)
      - pattern: StrCpyNA(...)
      - pattern: StrCpyNW(...)
      - pattern: StrNCpy(...)
      - pattern: strcpynA(...)
      - pattern: StrNCpyA(...)
      - pattern: StrNCpyW(...)
      - pattern: lstrcpynA(...)
      - pattern: lstrcpynW(...)
    severity: ERROR