Remove/merge duplicate hash entries found by pylint
Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
This commit is contained in:
parent
6c49d39c61
commit
c4b28d916f
19
flawfinder
19
flawfinder
|
@ -1030,12 +1030,6 @@ c_ruleset = {
|
|||
"Check implementation on installation, or limit the size of all string inputs",
|
||||
"buffer", "dangers-c", {'input': 1}),
|
||||
|
||||
"getpass":
|
||||
(normal, 3,
|
||||
"Some implementations may overflow buffers (CWE-120, CWE-20)",
|
||||
"",
|
||||
"buffer", "dangers-c", {'input': 1}),
|
||||
|
||||
"getwd":
|
||||
(normal, 3,
|
||||
"This does not protect against buffer overflows "
|
||||
|
@ -1147,14 +1141,6 @@ c_ruleset = {
|
|||
"if available",
|
||||
"shell", "", {}),
|
||||
|
||||
# TODO: Need to detect varying levels of danger.
|
||||
"execl|execlp|execle|execv|execvp|system|popen|WinExec|ShellExecute":
|
||||
(normal, 4,
|
||||
"This causes a new program to execute and is difficult to use safely (CWE-78)",
|
||||
"try using a library call that implements the same functionality " +
|
||||
"if available",
|
||||
"shell", "", {}),
|
||||
|
||||
# TODO: Be more specific. The biggest problem involves "first" param NULL,
|
||||
# second param with embedded space. Windows.
|
||||
"CreateProcessAsUser|CreateProcessWithLogon":
|
||||
|
@ -1305,9 +1291,9 @@ c_ruleset = {
|
|||
|
||||
"getpass":
|
||||
(normal, 4,
|
||||
"This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.) (CWE-676)",
|
||||
"This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20)",
|
||||
"Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space",
|
||||
"misc", "", {}),
|
||||
"misc", "", {'input': 1}),
|
||||
|
||||
"gsignal|ssignal":
|
||||
(normal, 2,
|
||||
|
@ -1333,7 +1319,6 @@ c_ruleset = {
|
|||
"Use nanosleep(2) or setitimer(2) instead",
|
||||
"obsolete", "", {}),
|
||||
|
||||
|
||||
# Input functions, useful for -I
|
||||
"recv|recvfrom|recvmsg|fread|readv":
|
||||
(normal, 0, "Function accepts input from outside program (CWE-20)",
|
||||
|
|
Loading…
Reference in New Issue