walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix some warning text (CWE reference was in wrong place)

This commit is contained in:
David A. Wheeler 2014-08-02 21:59:28 -04:00
parent f05aa1270e
commit 16ac21ca1f
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
flawfinder
View File

@ -1036,10 +1036,11 @@ c_ruleset = {
"atoi|atol|_wtoi|_wtoi64": "atoi|atol|_wtoi|_wtoi64":
(normal, 2, (normal, 2,
"Unless checked, the resulting number can exceed the expected range", "Unless checked, the resulting number can exceed the expected range " +
" If source untrusted, check both minimum and maximum, even if the" + "(CWE-190)",
"If source untrusted, check both minimum and maximum, even if the" +
" input had no minus sign (large numbers can roll over into negative" + " input had no minus sign (large numbers can roll over into negative" +
" number; consider saving to an unsigned value if that is intended) (CWE-190)", " number; consider saving to an unsigned value if that is intended)",
"integer", "dangers-c", {}), "integer", "dangers-c", {}),
# Random values. Don't trigger on "initstate", it's too common a term. # Random values. Don't trigger on "initstate", it's too common a term.
@ -1195,8 +1196,8 @@ c_ruleset = {
# Input functions, useful for -I # Input functions, useful for -I
"recv|recvfrom|recvmsg|fread|readv": "recv|recvfrom|recvmsg|fread|readv":
(normal, 0, "Function accepts input from outside program", (normal, 0, "Function accepts input from outside program (CWE-20)",
"Make sure input data is filtered, especially if an attacker could manipulate it (CWE-20)", "Make sure input data is filtered, especially if an attacker could manipulate it",
"input", "", {'input' : 1}), "input", "", {'input' : 1}),