walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Tweak mappings to CWE. strlen() better maps to CWE-126 (buffer over-read)

This commit is contained in:
David A. Wheeler 2014-07-19 18:58:55 -04:00
parent e0c0b9bc8e
commit cfe1a062fe
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flawfinder
View File

@ -764,7 +764,8 @@ c_ruleset = {
"buffer", "", {}), "buffer", "", {}),
"char|TCHAR|wchar_t": # This isn't really a function call, but it works. "char|TCHAR|wchar_t": # This isn't really a function call, but it works.
(c_static_array, 2, (c_static_array, 2,
"Statically-sized arrays can be overflowed (CWE-120)", "Statically-sized arrays can be overflowed or have other issues " +
"(CWE-119,CWE-120)",
("Perform bounds checking, use functions that limit length, " + ("Perform bounds checking, use functions that limit length, " +
"or ensure that the size is larger than the maximum possible length " + "or ensure that the size is larger than the maximum possible length " +
"(CWE-119)"), "(CWE-119)"),
@ -827,8 +828,9 @@ c_ruleset = {
(normal, (normal,
1, # Often this isn't really a risk, and even when, it usually at worst causes 1, # Often this isn't really a risk, and even when, it usually at worst causes
# program crash (and nothing worse). # program crash (and nothing worse).
"Does not handle strings that are not \\0-terminated (it could cause a crash " + "Does not handle strings that are not \\0-terminated; " +
"if unprotected) (CWE-119)", "if given one it may perform an over-read (it could cause a crash " +
"if unprotected) (CWE-126)",
"", "",
"buffer", "", {}), "buffer", "", {}),

10
flawfinder.1
View File

@ -575,9 +575,9 @@ Examine the current directory recursively, but only report lines
that were changed or added in recent.patch. that were changed or added in recent.patch.
.TP .TP
\fBflawfinder \-\-regex "CWE-119|CWE-120" src/\fR \fBflawfinder \-\-regex "CWE-120|CWE-126" src/\fR
Examine directory \fIsrc\fR recursively, but only report hits Examine directory \fIsrc\fR recursively, but only report hits
where CWE-119 or CWE-120 apply. where CWE-120 or CWE-126 apply.
.SS "Invoking from vim" .SS "Invoking from vim"
@ -732,6 +732,8 @@ CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
.IP \(bu .IP \(bu
CWE-120: Buffer Copy without Checking Size of Input (``Classic Buffer Overflow'')* CWE-120: Buffer Copy without Checking Size of Input (``Classic Buffer Overflow'')*
.IP \(bu .IP \(bu
CWE-126: Buffer Over-read
.IP \(bu
CWE-134: Uncontrolled Format String* CWE-134: Uncontrolled Format String*
.IP \(bu .IP \(bu
CWE-190: Integer Overflow or Wraparound* CWE-190: Integer Overflow or Wraparound*
@ -780,7 +782,7 @@ though certain obscure constructs can cause it to fail (see BUGS below).
You can select a specific subset of CWEs to report by using You can select a specific subset of CWEs to report by using
the ``\-\-regex'' (-e) option. the ``\-\-regex'' (-e) option.
This option accepts a regular expression, so you can select multiple CWEs, This option accepts a regular expression, so you can select multiple CWEs,
e.g., ``\-\-regex "CWE-119|CWE-120"''. e.g., ``\-\-regex "CWE-120|CWE-126"''.
If you select multiple CWEs with ``|'' on a command line If you select multiple CWEs with ``|'' on a command line
you will typically need to quote the parameters (since an you will typically need to quote the parameters (since an
unquoted ``|'' is the pipe symbol). unquoted ``|'' is the pipe symbol).
@ -793,7 +795,7 @@ The file must be in regular expression format.
For example, For example,
``flawfinder -e $(cat file1)'' would report only hits that matched ``flawfinder -e $(cat file1)'' would report only hits that matched
the pattern in ``file1''. the pattern in ``file1''.
If file1 contained ``CWE-119|CWE-120'' it If file1 contained ``CWE-120|CWE-126'' it
would only report hits matching those CWEs. would only report hits matching those CWEs.
.PP .PP
A list of all A list of all