walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Move CWE-119 report on char into warning instead of recommendation

This commit is contained in:
David A. Wheeler 2014-07-19 19:16:41 -04:00
parent dcf40ef8fd
commit 60948e8368
3 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
correct-results.html
View File

@ -196,7 +196,7 @@ Examining test2.c <br>
href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
bounds checking, use functions that limit length, or ensure that the size bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119). </i> is larger than the maximum possible length. </i>
<pre> <pre>
char d[20]; char d[20];
</pre> </pre>
@ -205,7 +205,7 @@ Examining test2.c <br>
href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a href="http://cwe.mitre.org/data/definitions/119.html">CWE-119</a>,<a
href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform href="http://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). Perform
bounds checking, use functions that limit length, or ensure that the size bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119). </i> is larger than the maximum possible length. </i>
<pre> <pre>
char s[20]; char s[20];
</pre> </pre>

6
correct-results.txt
View File

@ -88,13 +88,11 @@ test.c:19: [2] (buffer) sprintf:
test.c:45: [2] (buffer) char: test.c:45: [2] (buffer) char:
Statically-sized arrays can be overflowed or have other issues Statically-sized arrays can be overflowed or have other issues
(CWE-119,CWE-120). Perform bounds checking, use functions that limit (CWE-119,CWE-120). Perform bounds checking, use functions that limit
length, or ensure that the size is larger than the maximum possible length length, or ensure that the size is larger than the maximum possible length.
(CWE-119).
test.c:46: [2] (buffer) char: test.c:46: [2] (buffer) char:
Statically-sized arrays can be overflowed or have other issues Statically-sized arrays can be overflowed or have other issues
(CWE-119,CWE-120). Perform bounds checking, use functions that limit (CWE-119,CWE-120). Perform bounds checking, use functions that limit
length, or ensure that the size is larger than the maximum possible length length, or ensure that the size is larger than the maximum possible length.
(CWE-119).
test.c:50: [2] (buffer) memcpy: test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120). Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data. Make sure destination can always hold the source data.

7
flawfinder
View File

@ -765,10 +765,9 @@ c_ruleset = {
"char|TCHAR|wchar_t": # This isn't really a function call, but it works. "char|TCHAR|wchar_t": # This isn't really a function call, but it works.
(c_static_array, 2, (c_static_array, 2,
"Statically-sized arrays can be overflowed or have other issues " + "Statically-sized arrays can be overflowed or have other issues " +
"(CWE-119,CWE-120)", "(CWE-119,CWE-120)",
("Perform bounds checking, use functions that limit length, " + "Perform bounds checking, use functions that limit length, " +
"or ensure that the size is larger than the maximum possible length " + "or ensure that the size is larger than the maximum possible length",
"(CWE-119)"),
"buffer", "", {'extract_lookahead' : 1}), "buffer", "", {'extract_lookahead' : 1}),
"gets|_getts": "gets|_getts":