#c
Rulesets (7)
r2cScan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.
r2cScan code for potential security issues that require additional review. Recommended for teams looking to set up guardrails or to flag troublesome spots for further review.
r2cDefault ruleset for C, curated by r2c.
Use Semgrep as a universal linter to identify vulnerabilities in your code base with the flawfinder (https://dwheeler.com/flawfinder/) rule pack.
Leverage all Gitlab provided rules with the gitlab rulepack.
r2cRuleset by r2c
Rules (86)
returntocorpUsing == on char* performs pointer comparison, use strcmp instead
returntocorpThe second goto statement will always be executed.
returntocorpAvoid the 'ato*()' family of functions. Their use can lead to undefined behavior, integer overflows, and lack of appropriate error handling. Instead prefer the 'strtol*()' family of functions.
returntocorpAvoid 'sscanf()' for number conversions. Its use can lead to undefined behavior, slow processing, and integer overflows. Instead prefer the 'strto*()' family of functions.
returntocorpVariable '$VAR' was freed twice. This can lead to undefined behavior.
returntocorpUse %s, %d, %c... to format your variables, otherwise this could leak information.
returntocorpAvoid using 'scanf()'. This function, when used improperly, does not consider buffer boundaries and can lead to buffer overflows. Use 'fgets()' instead for reading input.
returntocorpFinding triggers whenever there is a strcat or strncat used. This is an issue because strcat or strncat can lead to buffer overflow vulns. Fix this by using strcat_s instead.
returntocorpFinding triggers whenever there is a strcpy or strncpy used. This is an issue because strcpy does not affirm the size of the destination array and strncpy will not automatically NULL-terminate strings. This can lead to buffer overflows, which can cause program crashes and potentially let an attacker inject code in the program. Fix this by using strcpy_s instead (although note that strcpy_s is an optional part of the C11 standard, and so may not be available).
returntocorpAvoid using 'strtok()'. This function directly modifies the first argument buffer, permanently erasing the delimiter character. Use 'strtok_r()' instead.
returntocorpCall to 'read()' without error checking is susceptible to file descriptor exhaustion. Consider using the 'getrandom()' function.
returntocorpThis code contains bidirectional (bidi) characters. While this is useful for support of right-to-left languages such as Arabic or Hebrew, it can also be used to trick language parsers into executing code in a manner that is different from how it is displayed in code editing and review tools. If this is not what you were expecting, please review this code in an editor that can reveal hidden Unicode characters.
returntocorpAvoid 'gets()'. This function does not consider buffer boundaries and can lead to buffer overflows. Use 'fgets()' or 'gets_s()' instead.
returntocorpVariable '$VAR' was used after being freed. This can lead to undefined behavior.
Especially watch out for embedded spaces.
returntocorpAvoid using user-controlled format strings passed into 'sprintf', 'printf' and 'vsprintf'. These functions put you at risk of buffer overflow vulnerabilities through the use of format string exploits. Instead, use 'snprintf' and 'vsnprintf'.
Buffer overflows is not checked
Consider strcat_s, strlcat, or automatically resizing strings.
Use a constant format string for syslog.
Make sure the return value is checked, and do not continue if a failure is reported.
Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)
The software does not properly handle when an input contains Unicode encoding.
Buffer overflow is not checked.
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it.
Specify a limit to %s, or use a different input function.
Check environment variables carefully before using them.
Check environment variables carefully before using them.
CWE-20: Check buffer boundaries if used in a loop including recursive loops
Check environment variables carefully before using them.
Check implementation on installation, or limit the size of all string inputs.
Use getpwuid() instead.
Use fgets() instead.
Use getcwd instead.
Consider using a function version that stops copying at the end of the buffer.
Easily used incorrectly
Make sure destination can always hold the source data.
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN.
Specify a limit to %s, or use a different input function.
Use sprintf_s, snprintf, or vsnprintf.
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused).
Ensure that destination buffer is sufficiently large.
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
Ensure the destination has 4 times the size of the source, to leave room for expansion.
Does not handle strings that are not \\0-terminated.
Consider strcat_s, strlcat, snprintf, or automatically resizing strings.
Easily used incorrectly
Ensure that destination is at least as long as the source.
Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES.
Use a different patent-free encryption algorithm with a larger keysize, such as 3DES or AES.
Use a different algorithm, such as SHA-256, with a larger, non-repeating salt.
Use a constant for the format specification.
Use a constant for the format specification.
Use a constant for the format specification.
Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient.
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended).
Make sure that you set inheritance by hand if you wish it to inherit.
Use InitializeCriticalSectionAndSpinCount instead.
Use LoadLibraryEx with one of the search flags, or call SetSearchPathMode to use a safe search path, or pass a full path to the library.
Use a flag like LOAD_LIBRARY_SEARCH_SYSTEM32 or LOAD_LIBRARY_SEARCH_APPLICATION_DIR to search only desired folders.
Never create NULL ACLs; an attacker can set it to Everyone (Deny All Access)
Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root.
Use getpwuid(geteuid()) and extract the desired information instead.
Check when opening files - can an attacker redirect it (via symlinks).
Use getpwuid(geteuid()) and extract the desired information instead.
Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run.
Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space.
Switch to raise/signal, or some other signalling approach.
Use getrlimit(2), setrlimit(2), and sysconf(3) instead.
Use nanosleep(2) or setitimer(2) instead.
Set up the correct permissions (e.g., using setuid()) and try to open the file directly.
Use fchgrp( ) instead.
Use fchmod( ) instead.
Use fchown( ) instead.
Reconsider approach.
Use fork() instead.
Use a more secure technique for acquiring random values.
try using a library call that implements the same functionality if available.
try using a library call that implements the same functionality if available.
Temporary file race condition in certain cases.
Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library.
Creating and using insecure temporary files can leave application and system data vulnerable to attack (CWE-377).
Creating and using insecure temporary files can leave application and system data vulnerable to attack
Creating and using insecure temporary files can leave application and system data vulnerable to attack.
returntocorpUsing memset and then deleting that data can cause sensitive information to still be in the buffer. Use **memset_s()** instead.