gitlab.flawfinder.syslog-1

137

Download Count*

MIT

License

Use a constant format string for syslog.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.syslog-1
    languages:
      - c
    message: |
      Use a constant format string for syslog.
    metadata:
      cwe: "CWE-134: If syslog's format strings can be influenced by an attacker, they
        can be exploited (CWE-134)"
      primary_identifier: flawfinder.syslog-1
      secondary_identifiers:
        - name: Flawfinder - syslog
          type: flawfinder_func_name
          value: syslog
      license: MIT
    pattern-either:
      - patterns:
          - pattern: syslog($FUNC,...)
          - pattern-not: syslog($FUNC,"...",...)
    severity: ERROR

Short Link: https://sg.run/2R7z