Tweak mappings to CWE. strlen() better maps to CWE-126 (buffer over-read)
This commit is contained in:
David A. Wheeler
parent
e0c0b9bc8e
commit
cfe1a062fe
|
|
@ -764,7 +764,8 @@ c_ruleset = {
|
|||
"buffer", "", {}),
|
||||
"char|TCHAR|wchar_t": # This isn't really a function call, but it works.
|
||||
(c_static_array, 2,
|
||||
"Statically-sized arrays can be overflowed (CWE-120)",
|
||||
"Statically-sized arrays can be overflowed or have other issues " +
|
||||
"(CWE-119,CWE-120)",
|
||||
("Perform bounds checking, use functions that limit length, " +
|
||||
"or ensure that the size is larger than the maximum possible length " +
|
||||
"(CWE-119)"),
|
||||
|
|
@ -827,8 +828,9 @@ c_ruleset = {
|
|||
(normal,
|
||||
1, # Often this isn't really a risk, and even when, it usually at worst causes
|
||||
# program crash (and nothing worse).
|
||||
"Does not handle strings that are not \\0-terminated (it could cause a crash " +
|
||||
"if unprotected) (CWE-119)",
|
||||
"Does not handle strings that are not \\0-terminated; " +
|
||||
"if given one it may perform an over-read (it could cause a crash " +
|
||||
"if unprotected) (CWE-126)",
|
||||
"",
|
||||
"buffer", "", {}),
|
||||
|
||||
|
|
|
|||
10
flawfinder.1
10
flawfinder.1
|
|
@ -575,9 +575,9 @@ Examine the current directory recursively, but only report lines
|
|||
that were changed or added in recent.patch.
|
||||
|
||||
.TP
|
||||
\fBflawfinder \-\-regex "CWE-119|CWE-120" src/\fR
|
||||
\fBflawfinder \-\-regex "CWE-120|CWE-126" src/\fR
|
||||
Examine directory \fIsrc\fR recursively, but only report hits
|
||||
where CWE-119 or CWE-120 apply.
|
||||
where CWE-120 or CWE-126 apply.
|
||||
|
||||
.SS "Invoking from vim"
|
||||
|
||||
|
|
@ -732,6 +732,8 @@ CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
|
|||
.IP \(bu
|
||||
CWE-120: Buffer Copy without Checking Size of Input (``Classic Buffer Overflow'')*
|
||||
.IP \(bu
|
||||
CWE-126: Buffer Over-read
|
||||
.IP \(bu
|
||||
CWE-134: Uncontrolled Format String*
|
||||
.IP \(bu
|
||||
CWE-190: Integer Overflow or Wraparound*
|
||||
|
|
@ -780,7 +782,7 @@ though certain obscure constructs can cause it to fail (see BUGS below).
|
|||
You can select a specific subset of CWEs to report by using
|
||||
the ``\-\-regex'' (-e) option.
|
||||
This option accepts a regular expression, so you can select multiple CWEs,
|
||||
e.g., ``\-\-regex "CWE-119|CWE-120"''.
|
||||
e.g., ``\-\-regex "CWE-120|CWE-126"''.
|
||||
If you select multiple CWEs with ``|'' on a command line
|
||||
you will typically need to quote the parameters (since an
|
||||
unquoted ``|'' is the pipe symbol).
|
||||
|
|
@ -793,7 +795,7 @@ The file must be in regular expression format.
|
|||
For example,
|
||||
``flawfinder -e $(cat file1)'' would report only hits that matched
|
||||
the pattern in ``file1''.
|
||||
If file1 contained ``CWE-119|CWE-120'' it
|
||||
If file1 contained ``CWE-120|CWE-126'' it
|
||||
would only report hits matching those CWEs.
|
||||
.PP
|
||||
A list of all
|
||||
|
|
|
|||
Loading…
Reference in New Issue