-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathincorrect-use-of-strncpy-stpncpy-strlcpy.yaml
49 lines (49 loc) · 1.72 KB
/
incorrect-use-of-strncpy-stpncpy-strlcpy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
rules:
- id: raptor-incorrect-use-of-strncpy-stpncpy-strlcpy
metadata:
author: Marco Ivaldi <[email protected]>
references:
- https://cwe.mitre.org/data/definitions/806
- https://github.com/0xdea/advisories/blob/master/2020-07-solaris-whodo-w.txt
- https://dustri.org/b/playing-with-weggli.html
confidence: MEDIUM
# NOTE: some copy functions such as snprintf() and memcpy() are not covered.
# NOTE: strlen() before the copy function is not covered.
# NOTE: structures are not covered.
# NOTE: see also cpp.strings.snprintf-source-size.snprintf-source-size.
message: >-
The software uses the size of a source buffer when reading from or
writing to a destination buffer, which may cause it to access memory
that is outside of the bounds of the buffer.
severity: ERROR
languages:
- c
- cpp
pattern-either:
# size of array
- patterns:
- pattern: $FUN($DST, $SRC, $LEN)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
- pattern: strncpy
- pattern: stpncpy
- pattern: strlcpy
- pattern: strscpy
- pattern-either:
- pattern-inside: |
$TYPE $SRC[$LEN];
...
- pattern-inside: |
$TYPE $SRC[$LEN] = $EXPR;
...
# sizeof operator, strlen, and similar
- patterns:
- pattern: $FUN($DST, $SRC, <... $SRC ...>)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
- pattern: strncpy
- pattern: stpncpy
- pattern: strlcpy
- pattern: strscpy