-
Notifications
You must be signed in to change notification settings - Fork 114
Writing Rules
Josh Brown-White edited this page Dec 13, 2016
·
28 revisions
[
{
"id": "DS185832",
"name": "Banned C function detected (strcpy)",
"active": true,
"tags": [
"API.DangerousAPI.BannedFunction"
],
"applies_to": [
"c",
"cpp",
"objective-c"
],
"severity": "important",
"description": "strcpy is frequently dangerous, as it will cause a buffer overflow if the source is larger than the destination.",
"replacement": "Use strcpy_s or strlcpy if possible. If no safe function is viable, strcpy/strncpy should be proceeded by conditional checks to verify tha that the source string will fit in the destination with a null termnator.",
"rule_info": "https://github.com/microsoft/devskim/guidance/DS185832.md",
"patterns": [
{
"pattern": "\\bstrcpy\\(([^,]+),([^,\\)]+)\\)",
"type": "regex",
"subtype": [
"function-call"
]
}
],
"fix_it": [
{
"type": "regex_substitute",
"name": "Change to strcpy_s (Recommended for VC++)",
"search": "\\bstrcpy\\(([^,]+),([^,\\)]+)\\)",
"replace": "strcpy_s(\\1, <size of \\1>, \\2)"
},
{
"type": "regex_substitute",
"name": "Change to strlcpy",
"search": "\\bstrcpy\\(([^,]+),([^,\\)]+)\\)",
"replace": "strlcpy(\\1, \\2, <size of \\1>)"
}
]
}
]