#c

Rulesets (12)

Semgrep

Default ruleset for C and C++, curated by Semgrep.

Semgrep

Scan code for uses of functions listed on Microsoft's list of banned functions. These functions are error-prone and typically have a safer replacement function.

Semgrep

Alpha ruleset for C/C++. Scan code for potential security issues that require additional review. Recommended for security engineers or consultants who don't mind false positives and are looking to flag troublesome spots for further review.

Semgrep

Alpha ruleset for C/C++. Scan code for uses of functions listed on Microsoft's list of banned functions. These functions are error-prone and typically have a safer replacement function.

Semgrep

Alpha ruleset for C/C++. This ruleset is intended to produce low false positives, and safe for use in CI/CD pipelines.

Semgrep

Scan C++ code for potential security issues that require additional review. Recommended for security engineers or consultants who don't mind false positives and are looking to flag troublesome spots for further review.

Gitlab

Use Semgrep as a universal linter to identify vulnerabilities in your code base with the flawfinder (https://dwheeler.com/flawfinder/) rule pack.

Gitlab

Leverage all Gitlab provided rules with the gitlab rulepack.

Rules (169)

profile photo of semgrepsemgrep

Avoid using user-controlled format strings passed into 'sprintf', 'printf' and 'vsprintf'. These functions put you at risk of buffer overflow vulnerabilities through the use of format string exploits. Instead, use 'snprintf' and 'vsnprintf'.

profile photo of semgrepsemgrep

Finding triggers whenever there is a strcpy or strncpy used. This is an issue because strcpy does not affirm the size of the destination array and strncpy will not automatically NULL-terminate strings. This can lead to buffer overflows, which can cause program crashes and potentially let an attacker inject code in the program. Fix this by using strcpy_s instead (although note that strcpy_s is an optional part of the C11 standard, and so may not be available).

profile photo of semgrepsemgrep

This code contains bidirectional (bidi) characters. While this is useful for support of right-to-left languages such as Arabic or Hebrew, it can also be used to trick language parsers into executing code in a manner that is different from how it is displayed in code editing and review tools. If this is not what you were expecting, please review this code in an editor that can reveal hidden Unicode characters.

profile photo of semgrepsemgrep

When handling sensitive information in a buffer, it's important to ensure that the data is securely erased before the buffer is deleted or reused. While `memset()` is commonly used for this purpose, it can leave sensitive information behind due to compiler optimizations or other factors. To avoid this potential vulnerability, it's recommended to use the `memset_s()` function instead. `memset_s()` is a standardized function that securely overwrites the memory with a specified value, making it more difficult for an attacker to recover any sensitive data that was stored in the buffer. By using `memset_s()` instead of `memset()`, you can help to ensure that your application is more secure and less vulnerable to exploits that rely on residual data in memory.