walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Move CWE-119 report on char into warning instead of recommendation

This commit is contained in:
David A. Wheeler 2014-07-19 19:16:41 -04:00
parent dcf40ef8fd
commit 60948e8368
3 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
correct-results.html
View File

@ -196,7 +196,7 @@ Examining test2.c <br>
href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119). </i>
is larger than the maximum possible length. </i>
<pre>
char d[20];
</pre>
@ -205,7 +205,7 @@ Examining test2.c <br>
href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119). </i>
is larger than the maximum possible length. </i>
<pre>
char s[20];
</pre>

6
correct-results.txt
View File

@ -88,13 +88,11 @@ test.c:19: [2] (buffer) sprintf:
test.c:45: [2] (buffer) char:
Statically-sized arrays can be overflowed or have other issues
(CWE-119,CWE-120). Perform bounds checking, use functions that limit
length, or ensure that the size is larger than the maximum possible length
(CWE-119).
length, or ensure that the size is larger than the maximum possible length.
test.c:46: [2] (buffer) char:
Statically-sized arrays can be overflowed or have other issues
(CWE-119,CWE-120). Perform bounds checking, use functions that limit
length, or ensure that the size is larger than the maximum possible length
(CWE-119).
length, or ensure that the size is larger than the maximum possible length.
test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.

7
flawfinder
View File

@ -765,10 +765,9 @@ c_ruleset = {
"char|TCHAR|wchar_t": # This isn't really a function call, but it works.
(c_static_array, 2,
"Statically-sized arrays can be overflowed or have other issues " +
"(CWE-119,CWE-120)",
("Perform bounds checking, use functions that limit length, " +
"or ensure that the size is larger than the maximum possible length " +
"(CWE-119)"),
"(CWE-119,CWE-120)",
"Perform bounds checking, use functions that limit length, " +
"or ensure that the size is larger than the maximum possible length",
"buffer", "", {'extract_lookahead' : 1}),
"gets|_getts":