walkero
/
flawfinder
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Clean up getenv text 

git-svn-id: svn+ssh://svn.code.sf.net/p/flawfinder/code/trunk@13 5c01084b-1f27-0410-9f85-80411afe95dc
This commit is contained in:
dwheeler 2007-01-16 23:10:13 +00:00
parent ed8a7b2a98
commit ec80c6eacd
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
flawfinder
View File

@ -1005,16 +1005,16 @@ c_ruleset = {
"chroot": "chroot":
(normal, 3, (normal, 3,
"chroot can be very helpful, but is hard to use correctly", "chroot can be very helpful, but is hard to use correctly",
"Make sure the program immediately chdir(\"/\"), closes file descriptors, " + "Make sure the program immediately chdir(\"/\")," +
"and drops root privileges, and that all necessary files (and no more!) are " + " closes file descriptors," +
"in the new root", " and drops root privileges, and that all necessary files" +
" (and no more!) are in the new root",
"misc", "", {}), "misc", "", {}),
"getenv|curl_getenv": "getenv|curl_getenv":
(normal, 3, "Environment variables are untrustable input if they can be" (normal, 3, "Environment variables are untrustable input if they can be" +
"it returns untrustable input if the environment can be" + " set by an attacker. They can have any content and" +
"set by an attacker. It can have any content and length, " + " length, and the same variable can be set more than once",
"and the same variable can be set more than once",
"Check environment variables carefully before using them", "Check environment variables carefully before using them",
"buffer", "", {'input' : 1}), "buffer", "", {'input' : 1}),