diff --git a/src/lib/instream.cc b/src/lib/instream.cc index 576a661f..3380e649 100644 --- a/src/lib/instream.cc +++ b/src/lib/instream.cc @@ -57,21 +57,37 @@ void InStream::handleError(const std::string &msg, const unsigned long line) InStreamLookAhead::InStreamLookAhead( InStream &input, const unsigned size, + const bool skipBOM, bool skipWhiteSpaces) { std::istream &inStr = input.str(); - // read `size` chars from input - while (buf_.size() < size) { - const int c = inStr.get(); - if (skipWhiteSpaces && isspace(c) && !!inStr) + int c = inStr.get(); + if (skipBOM + // try to read BOM ... [0xEF, 0xBB, 0xBF] + && (0xEF == c) + && (0xBB == (c = inStr.get())) + && (0xBF == (c = inStr.get()))) + // BOM successfully read -> read the next char + c = inStr.get(); + + // read chars from input + for (;;) { + if (skipWhiteSpaces && isspace(c)) // skip a white-space - continue; + goto next; // only the leading white-spaces are skipped skipWhiteSpaces = false; + // append one char to the buffer buf_.push_back(c); + if (size <= buf_.size()) + // the requested number of chars have been read + break; +next: + // read the next char + c = inStr.get(); } // put the chars back to the input stream diff --git a/src/lib/instream.hh b/src/lib/instream.hh index 8abf8229..a842bcee 100644 --- a/src/lib/instream.hh +++ b/src/lib/instream.hh @@ -62,7 +62,8 @@ class InStreamLookAhead { InStreamLookAhead( InStream &input, unsigned size, - bool skipWhiteSpaces = false); + bool skipBOM, + bool skipWhiteSpaces); char operator[](const unsigned idx) const { return buf_.at(idx); diff --git a/src/lib/parser.cc b/src/lib/parser.cc index 81d7d18e..0689cfb2 100644 --- a/src/lib/parser.cc +++ b/src/lib/parser.cc @@ -34,7 +34,9 @@ static inline std::unique_ptr make_unique(InStream &input) { AbstractParserPtr createParser(InStream &input) { // skip all white-spaces and sniff the first two chars from the input - InStreamLookAhead head(input, 2U, /* skipWhiteSpaces */ true); + InStreamLookAhead head(input, 2U, + /* skipBOM */ true, + /* skipWhiteSpaces */ true); switch (head[0]) { case '{': diff --git a/tests/csgrep/0125-sarif-parser-bom-args.txt b/tests/csgrep/0125-sarif-parser-bom-args.txt new file mode 100644 index 00000000..7df3c951 --- /dev/null +++ b/tests/csgrep/0125-sarif-parser-bom-args.txt @@ -0,0 +1 @@ +--mode=json diff --git a/tests/csgrep/0125-sarif-parser-bom-stdin.txt b/tests/csgrep/0125-sarif-parser-bom-stdin.txt new file mode 100644 index 00000000..bf8d66ba --- /dev/null +++ b/tests/csgrep/0125-sarif-parser-bom-stdin.txt @@ -0,0 +1,10604 @@ +{ + "$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json", + "version": "2.1.0", + "runs": [ + { + "tool": { + "driver": { + "name": "SnykCode", + "semanticVersion": "1.0.0", + "version": "1.0.0", + "rules": [ + { + "id": "cpp/WeakGuard", + "name": "WeakGuard", + "shortDescription": { + "text": "Authentication Bypass by Spoofing" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nIf an application uses IP address or domain name checks for implementing authentication logic to authenticate services, hosts or other applications, they can be prone to bypasses since IP addresses or domain names, under certain conditions, can potentially be spoofed or manipulated by an attacker.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "WeakGuard", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-290" + ] + } + }, + { + "id": "cpp/IntegerOverflow/test", + "name": "IntegerOverflow/test", + "shortDescription": { + "text": "Integer Overflow" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nAn integer overflow is a type of an arithmetic overflow error when the result of an integer operation does not fit within the allocated memory space. Instead of an error in the program, it usually causes the result to be unexpected. In the context of application security, this could lead to bypass of application logic or validation, and in some cases may lead to buffer overflow vulnerabilities.\n\nExample:\n\n```\nnresp = packet_get_int();\nif (nresp > 0) {\n response = xmalloc(nresp*sizeof(char*));\n for (i = 0; i < nresp; i++)\n response[i] = packet_get_string(NULL);\n}\n```\n\nIf `nresp` is 1073741824 and `sizeof(char*)` is 4 (which is typical), then `nresp*sizeof(char*)` results in an overflow. Therefore, `xmalloc()` receives and allocates a 0-byte buffer. The subsequent loop causes a heap buffer overflow, which may, in turn, be used by an attacker to execute arbitrary code.\n\n## Best practices for prevention\n\nInteger overflow can be hard to detect and prevent, especially in large and complex codebases. Developers should perform checks as appropriate to determine that arithmetic operations do not result in an overflow. This could be as simple as ensuring the result of the additive operation is not less than the operands themselves (and the inverse for subtractive operations). Libraries and processes can help to prevent such issues too - in the case of the GCC compiler, for example, there are built-in functions that check for integer overflows. In the case of C++ programs, there is a library called SafeInt that performs safe operations.\n\n## References\n\n* [CWE-190: Integer Overflow or Wraparound](https://cwe.mitre.org/data/definitions/190.html)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "IntegerOverflow", + "Security", + "InTest", + "SourceResourceAccess", + "SourceFile", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-190" + ] + } + }, + { + "id": "cpp/TooSmallKeySize/test", + "name": "TooSmallKeySize/test", + "shortDescription": { + "text": "Inadequate Encryption Strength" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nImplementing encryption for the transmission and storage of sensitive information is essential. But encryption standards are constantly changing since attackers have more and more powerful resources at their disposal-along with more sophisticated attack algorithms. This means that encryption is only useful if it meets current standards appropriate for the type of data being transmitted or stored.\nWhen organizations use weakly encoded passwords or weak hashes (especially when they also utilize single-factor authentication, which places too much emphasis on passwords), attackers can potentially gain unauthorized access through a brute-force attack.\n\n## Best practices for prevention\n* Understand best practices of contemporary encryption algorithms and techniques.\n* Avoid encryption algorithms and techniques that are widely known to be outdated (for example, DES).\n* Implement multi-factor authentication to minimize reliance on a single factor, such as a password, that is too susceptible to brute-force attacks.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "TooSmallKeySize", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-326" + ] + } + }, + { + "id": "cpp/DoubleFree", + "name": "DoubleFree", + "shortDescription": { + "text": "Double Free" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nThe same memory address is released more than once, (ie - `free()` or `delete` is called on the same value multiple times).\n\nThis can corrupt the program's memory management data structures, and subsequently cause the program to crash, or lead to undefined behaviour, such as allowing two separate calls to `malloc()` to return the same address.\n\nThis in turn can lead to buffer overflow vulnerabilities, as well as undefined behaviour.\n\n## Best practices for prevention\n* Store a new value in pointers immediately after `free()`\n * The new value can be:\n * a constant that can be checked (ie, `NULL`), or\n * a reference to another valid object.\n\n\n## References\n\n* [CERT MEM01-C](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152148)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "DoubleFree", + "Security", + "FreeResource" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/cvxgrp/qcml/commit/148b45fbab9f797b3679506dbd156059d015e546?diff=split#diff-73f629e733c4fe4ae4aa9228e87de2e9c994e46da7967e5d034db487a21227caL-1", + "lines": [ + { + "line": "if (data->Ai) free(data->Ai);\n", + "lineNumber": 11, + "lineChange": "removed" + }, + { + "line": "if (data->Ax) free(data->Ax);\n", + "lineNumber": 11, + "lineChange": "added" + }, + { + "line": "if (data->Ap) free(data->Ap);\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "if (data->Ai) free(data->Ai);\n", + "lineNumber": 13, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/hturner08/pystructures/commit/045533563d1d2cf533f71cd3c4a8fc8e24208661?diff=split#diff-626f2ad883e97e722829bc18581b68f8f1a394e5ec5a1c72b5e28f55f0870026L-1", + "lines": [ + { + "line": "free(stack);\r\n", + "lineNumber": 11, + "lineChange": "removed" + }, + { + "line": "free(tree);\r\n", + "lineNumber": 12, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/mmuman/NetSurf/commit/541b87ec9b05d9af565bac54a4089b2b1b5ca34e?diff=split#diff-f0ebd69c70b716d69525c2c80ebe90e435183cf5f0c23a89dc149715ecfee910L-1", + "lines": [ + { + "line": "free(charset);\n", + "lineNumber": 113, + "lineChange": "removed" + }, + { + "line": "free(target);\n", + "lineNumber": 113, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 37, + "cwe": [ + "CWE-415" + ] + } + }, + { + "id": "python/PT", + "name": "PT", + "shortDescription": { + "text": "Path Traversal" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nBeing able to access and manipulate an arbitrary path leads to vulnerabilities when a program is being run with privileges that the user providing the path should not have. A website with a path traversal vulnerability would allow users access to sensitive files on the server hosting it. CLI programs may also be vulnerable to path traversal if they are being ran with elevated privileges (such as with the setuid or setgid flags in Unix systems).\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`.\n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```", + "text": "" + }, + "properties": { + "tags": [ + "python", + "PT", + "Security", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/Guad/fuwa/commit/955baf1c0e8824f08a96e48a350ee3cd0e3c5493?diff=split#diff-568470d013cd12e4f388206520da39ab9a4e4c3c6b95846cbc281abc1ba3c959L-1", + "lines": [ + { + "line": "import string, random\n", + "lineNumber": 1, + "lineChange": "removed" + }, + { + "line": "import string, random, hashlib, os\n", + "lineNumber": 1, + "lineChange": "added" + }, + { + "line": "from werkzeug import secure_filename\n", + "lineNumber": 2, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 3, + "lineChange": "added" + }, + { + "line": "#Load config file\n", + "lineNumber": 4, + "lineChange": "added" + }, + { + "line": "config = {}\n", + "lineNumber": 5, + "lineChange": "added" + }, + { + "line": "with open('config.ini', 'r') as file:\n", + "lineNumber": 6, + "lineChange": "added" + }, + { + "line": "\tfor line in file.read().splitlines():\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": "\t\tline = line.split('==')\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": "\t\tconfig[line[0]] = line[1]\n", + "lineNumber": 9, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": "app = flask.Flask(__name__) #Initialize our application\n", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": "app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024 #Set the upload limit to 10MiB\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": "def genHash(seed): #Generate five letter filenames for our files\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": " base = string.ascii_lowercase+string.digits \n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": " random.seed(seed)\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " hash_value = \"\"\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " for i in range(5):\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": " hash_value += random.choice(base)\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": " return hash_value\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "@app.route('/', methods=['GET', 'POST'])\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "def index():\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "\tif flask.request.method == 'POST':\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "\t\t\"\"\"\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "\t\t\tFile upload happens here.\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\t\t\tWe get your filename and convert it to our hash with your extension.\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "\t\t\tThen we redirect to the file itself.\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "\t\t\"\"\"\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "\t\tf = flask.request.files['file']\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "\t\textension = f.filename.split('.')[-1]\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "\t\tfilename = genHash(f.filename) + '.' + extension\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": "\t\tf.save('static/files/%s' % filename)\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\t\tprint 'Uploaded file \\'%s\\'' % filename #Log what file was uploaded\n", + "lineNumber": 27, + "lineChange": "removed" + }, + { + "line": "\t\treturn flask.redirect(flask.url_for('getFile', filename=filename))\n", + "lineNumber": 28, + "lineChange": "removed" + }, + { + "line": "\t\t\n", + "lineNumber": 33, + "lineChange": "added" + }, + { + "line": "\t\thasher = hashlib.md5() \t\t\n", + "lineNumber": 34, + "lineChange": "added" + }, + { + "line": "\t\tbuf = f.read()\t\t \t\t\n", + "lineNumber": 35, + "lineChange": "added" + }, + { + "line": "\t\tf.seek(0) #Set cursor back to position 0 so we can read it again in the save function.\n", + "lineNumber": 36, + "lineChange": "added" + }, + { + "line": "\t\t\t\t\t\t\t\t\t# We hash the file to get its filename.\t \t\t\n", + "lineNumber": 37, + "lineChange": "added" + }, + { + "line": "\t\t\t\t\t\t\t\t\t# So that we can upload two different images with the same filename,\n", + "lineNumber": 38, + "lineChange": "added" + }, + { + "line": "\t\thasher.update(buf)\t \t\t# But not two same images with different filenames.\n", + "lineNumber": 39, + "lineChange": "added" + }, + { + "line": "\t\tdirname = genHash(hasher.hexdigest())\n", + "lineNumber": 40, + "lineChange": "added" + }, + { + "line": "\t\tif not os.path.exists(\"static/files/%s\" % dirname): # Check if the folder already exists\n", + "lineNumber": 41, + "lineChange": "added" + }, + { + "line": "\t\t\tos.mkdir('static/files/%s' % dirname) #Make it\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\t\t\tf.save('static/files/%s/%s' % (dirname, secure_filename(f.filename)))\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": "\t\t\tprint 'Uploaded file \\'%s\\'' % secure_filename(f.filename) #Log what file was uploaded\n", + "lineNumber": 44, + "lineChange": "added" + }, + { + "line": "\t\t\treturn flask.redirect(flask.url_for('getFile', dirname=dirname,filename=secure_filename(f.filename)))\n", + "lineNumber": 45, + "lineChange": "added" + }, + { + "line": "\t\telse:\n", + "lineNumber": 46, + "lineChange": "added" + }, + { + "line": "\t\t\tflask.flash('File already exists in %s!' % dirname) #Display a message for the user.\n", + "lineNumber": 47, + "lineChange": "added" + }, + { + "line": "\t\t\treturn flask.redirect(flask.url_for('index'))\n", + "lineNumber": 48, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/fonttools/fonttools/commit/0b99c8968e04e2e36c6c46ad8bb1a550d25969b4?diff=split#diff-e8b6161353c7ce5b13e62df1da329a85de0ef80ce8f039d283c25bf892b2b600L-1", + "lines": [ + { + "line": "os.system('gzip -9v %s' % tar)\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "os.rename(gz, tgz)\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 32, + "lineChange": "added" + }, + { + "line": "if destdir:\n", + "lineNumber": 33, + "lineChange": "added" + }, + { + "line": "\tprint \"destination directory:\", destdir\n", + "lineNumber": 34, + "lineChange": "added" + }, + { + "line": "\tos.system('mv %s %s' % (gz, destdir))\n", + "lineNumber": 35, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 36, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Chenwe-i-lin/KnowledgeFruits/commit/?diff=split#diff-ab8c675e5b4b07c550455b0884835f1df471bb69ad7142f6ad43b26cf33eb4e6L-1", + "lines": [ + { + "line": "base_path = os.path.abspath(os.path.dirname(__file__))\n", + "lineNumber": 11, + "lineChange": "added" + }, + { + "line": "base_path_for_data = os.path.join(base_path,'data/texture')\n", + "lineNumber": 12, + "lineChange": "added" + }, + { + "line": "file = os.path.join(base_path_for_data, image + '.png')\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "if os.path.abspath(file).startswith(base_path_for_data):\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "with open(os.getcwd() + \"/data/texture/\" + image + '.png', \"rb\") as f:\n", + "lineNumber": 15, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 36, + "cwe": [ + "CWE-23" + ] + } + }, + { + "id": "cpp/BufferOverflow", + "name": "BufferOverflow", + "shortDescription": { + "text": "Buffer Overflow" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nA buffer overflow is a type of runtime error that allows a program to write past the end of a buffer or array — hence the name overflow — and corrupt adjacent memory. Like most bugs, a buffer overflow doesn’t manifest at every program execution. Instead, the vulnerability is triggered under certain circumstances, such as unexpected user input.\n\nA buffer overflow attack is the exploitation of a buffer overflow vulnerability — typically by a malicious actor who wants to gain access or information. In this post, we’ll explain how a buffer overflow occurs and show you how to protect your C++ code from these attacks. Buffer overflows generally result in program crashes, however if the data that would overflow is user controlled, an attacker may cause more damage including deny of service attacks, infinite loops, or even remote code execution.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "BufferOverflow", + "Security", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/EtchedPixels/FUZIX/commit/58d3dedab9395d008b66a7caa786eac8f8a70e2d?diff=split#diff-293516809a2c40af227b5584427d853c14465ae7689492aa5d3dfff1155d3402L-1", + "lines": [ + { + "line": " static char iname[256];\n", + "lineNumber": 14, + "lineChange": "removed" + }, + { + "line": " static char iname[512];\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": " int l = strlen(name) - 1;\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " /* FIXME: Size check ! */\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " strcpy(iname, name);\n", + "lineNumber": 19, + "lineChange": "removed" + }, + { + "line": " strlcpy(iname, name, 512);\n", + "lineNumber": 19, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/uclouvain/openjpeg/commit/8715ce2749d1e5a1e9c77646e9a2ddf0ec82bac9?diff=split#diff-c1330160924cae174cdacdb4b0a6ab7561d56a377c9e44dc867b24030ceda35aL-1", + "lines": [ + { + "line": " char output_file[64];\n", + "lineNumber": 98, + "lineChange": "removed" + }, + { + "line": " const char *output_file;\n", + "lineNumber": 98, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 99, + "lineChange": "none" + }, + { + "line": " /* should be test_tile_encoder 3 2000 2000 1000 1000 8 tte1.j2k */\n", + "lineNumber": 100, + "lineChange": "none" + }, + { + "line": " if( argc == 9 )\n", + "lineNumber": 101, + "lineChange": "none" + }, + { + "line": " {\n", + "lineNumber": 102, + "lineChange": "none" + }, + { + "line": " num_comps = (OPJ_UINT32)atoi( argv[1] );\n", + "lineNumber": 103, + "lineChange": "none" + }, + { + "line": " image_width = atoi( argv[2] );\n", + "lineNumber": 104, + "lineChange": "none" + }, + { + "line": " image_height = atoi( argv[3] );\n", + "lineNumber": 105, + "lineChange": "none" + }, + { + "line": " tile_width = atoi( argv[4] );\n", + "lineNumber": 106, + "lineChange": "none" + }, + { + "line": " tile_height = atoi( argv[5] );\n", + "lineNumber": 107, + "lineChange": "none" + }, + { + "line": " comp_prec = atoi( argv[6] );\n", + "lineNumber": 108, + "lineChange": "none" + }, + { + "line": " irreversible = atoi( argv[7] );\n", + "lineNumber": 109, + "lineChange": "none" + }, + { + "line": " strcpy(output_file, argv[8] );\n", + "lineNumber": 110, + "lineChange": "removed" + }, + { + "line": " output_file = argv[8];\n", + "lineNumber": 110, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/aliyun/iotkit-embedded/commit/44eb2606debf4b8c4c7581cda834ac0558003f2f?diff=split#diff-cc5036bd596d2f2e352dd94ee238dc32554bd55aa19b25abe90a62d3b4cad55fL-1", + "lines": [ + { + "line": "strcpy(ctx.pk,argv[1]);\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "strcpy(ctx.dn,argv[2]);\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": "strcpy(ctx.ds,argv[3]);\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "strncpy(ctx.pk,argv[1],sizeof(ctx.pk)-1);\n", + "lineNumber": 25, + "lineChange": "added" + }, + { + "line": "strncpy(ctx.dn,argv[2],sizeof(ctx.dn)-1);\n", + "lineNumber": 26, + "lineChange": "added" + }, + { + "line": "strncpy(ctx.ds,argv[3],sizeof(ctx.ds)-1);\n", + "lineNumber": 27, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 50, + "cwe": [ + "CWE-122" + ] + } + }, + { + "id": "cpp/UserControlledPointer/test", + "name": "UserControlledPointer/test", + "shortDescription": { + "text": "User Controlled Pointer" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nUser input should be validated before it is used to create or manipulate a pointer's address. Otherwise, a user can cause a pointer to point to an arbitary segment of memory, which could lead to memory corruption, exposure of unintended information or program crashes.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "UserControlledPointer", + "Security", + "InTest", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/CZ-NIC/knot-resolver/commit/4956abad84d7770b2b49d5e12ef1726b5e2110d7?diff=split#diff-6b3eb643659f29f26179a7d87913d4e0b21bedd84864bdf0afce7be44e505571L-1", + "lines": [ + { + "line": "auto_free char *rbuf = malloc(len + 1);\n", + "lineNumber": 168, + "lineChange": "removed" + }, + { + "line": "auto_free char *rbuf = NULL;\n", + "lineNumber": 178, + "lineChange": "added" + }, + { + "line": "if (len < UINT_MAX) {\n", + "lineNumber": 179, + "lineChange": "added" + }, + { + "line": "\trbuf = malloc(len + 1);\n", + "lineNumber": 180, + "lineChange": "added" + }, + { + "line": "} else {\n", + "lineNumber": 181, + "lineChange": "added" + }, + { + "line": "\terrno = EINVAL;\n", + "lineNumber": 182, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 183, + "lineChange": "added" + }, + { + "line": "if (!rbuf) {\n", + "lineNumber": 184, + "lineChange": "none" + }, + { + "line": "\tkr_log_error(\"[system] ipc: %s\\n\", strerror(errno));\n", + "lineNumber": 185, + "lineChange": "none" + }, + { + "line": "\tengine_stop(engine); /* Panic and stop this fork. */\n", + "lineNumber": 186, + "lineChange": "none" + }, + { + "line": "\treturn;\n", + "lineNumber": 187, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 188, + "lineChange": "none" + }, + { + "line": "if (ipc_readall(fd, rbuf, len)) {\n", + "lineNumber": 189, + "lineChange": "none" + }, + { + "line": "\trbuf[len] = '\\0';\n", + "lineNumber": 190, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/iotivity/iotivity/commit/8c2f6dc141f77b3299407281ee0fc3cf13051864?diff=split#diff-abef7e51135d7df4d269084ac50d0df3a8dcae37e6d736089048f50226fb997cL-1", + "lines": [ + { + "line": " g_mqSelectedTopicResource = gTopicList[atoi(cmd.c_str())];\n", + "lineNumber": 241, + "lineChange": "removed" + }, + { + "line": " {\n", + "lineNumber": 241, + "lineChange": "added" + }, + { + "line": " int index = atoi(cmd.c_str());\n", + "lineNumber": 242, + "lineChange": "added" + }, + { + "line": " if(index < 0 || (unsigned int) index >= gTopicList.size())\n", + "lineNumber": 243, + "lineChange": "added" + }, + { + "line": " {\n", + "lineNumber": 244, + "lineChange": "added" + }, + { + "line": " cout << \"invalid topic index selected\" << endl;\n", + "lineNumber": 245, + "lineChange": "added" + }, + { + "line": " continue;\n", + "lineNumber": 246, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 247, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 248, + "lineChange": "added" + }, + { + "line": " g_mqSelectedTopicResource = gTopicList[index];\n", + "lineNumber": 249, + "lineChange": "added" + }, + { + "line": " cout << g_mqSelectedTopicResource->uri() << \" selected\" << endl;\n", + "lineNumber": 250, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 251, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/dlorch/hammer-fuse/commit/e21ccde29b4e7c2c450ad37b1a39ee5720604c05?diff=split#diff-c0fc3327f1ee847a9ffeb2aaa21c28b050d24794d0819b47dc75ab0a0a7c0c44L-1", + "lines": [ + { + "line": "buf[namelen] = '\\0';\n", + "lineNumber": 853, + "lineChange": "removed" + }, + { + "line": "buf[namelen - 1] = '\\0';\n", + "lineNumber": 853, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-1285" + ] + } + }, + { + "id": "cpp/Ssrf", + "name": "Ssrf", + "shortDescription": { + "text": "Server-Side Request Forgery (SSRF)" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\nIn a server-side request forgery attack, a malicious user supplies a URL (an external URL or a network IP address such as 127.0.0.1) to the application's back end. The server then accesses the URL and shares its results, which may include sensitive information such as AWS metadata, internal configuration information, or database contents with the attacker. Because the request comes from the back end, it bypasses access controls, potentially exposing information the user does not have sufficient privileges to receive. The attacker can then exploit this information to gain access, modify the web application, or demand a ransom payment.\n\n## Best practices for prevention\n* Blacklists are problematic and attackers have numerous ways to bypass them; ideally, use a whitelist of all permitted domains and IP addresses.\n* Use authentication even within your own network to prevent exploitation of server-side requests.\n* Implement zero trust and sanitize and validate all URL and header data returning to the server from the user. Strip invalid or suspect characters, then inspect to be certain it contains a valid and expected value.\n* Ideally, avoid sending server requests based on user-provided data altogether.\n* Ensure that you are not sending raw response bodies from the server directly to the client. Only deliver expected responses.\n* Disable suspect and exploitable URL schemas. Common culprits include obscure and little-used schemas such as `file://`, `dict://`, `ftp://`, and `gopher://`.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "Ssrf", + "Security", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-918" + ] + } + }, + { + "id": "cpp/PT", + "name": "PT", + "shortDescription": { + "text": "Path Traversal" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nBeing able to access and manipulate an arbitrary path leads to vulnerabilities when a program is being run with privileges that the user providing the path should not have. A website with a path traversal vulnerability would allow users access to sensitive files on the server hosting it. CLI programs may also be vulnerable to path traversal if they are being ran with elevated privileges (such as with the setuid or setgid flags in Unix systems).\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`.\n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "PT", + "Security", + "SourceResourceAccess", + "SourceFile", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/qpdf/qpdf/commit/ac4deac1873ca1bb570ffd479ed2cc1010762f89?diff=split#diff-86ce344dc69debd78135a45c16f074eecc538658a36ca4dab21839bcd330dbaeL-1", + "lines": [ + { + "line": " FILE* infile = fopen(infilename, \"rb\"); // XXXX\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": " if (infile == 0)\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": " {\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\tstd::cerr << \"can't open \" << infilename << std::endl;\n", + "lineNumber": 27, + "lineChange": "removed" + }, + { + "line": "\texit(2);\n", + "lineNumber": 28, + "lineChange": "removed" + }, + { + "line": " }\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": " FILE* infile = QUtil::safe_fopen(infilename, \"rb\");\n", + "lineNumber": 25, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/awslabs/aws-c-compression/commit/25cd4134377b6e2ed787d42a3a221582bdc1fa57?diff=split#diff-7be55cd889d1d7041835371d751f0ab01f17a3bb46e6d94acdcbf92473244ba2L-1", + "lines": [ + { + "line": "FILE *file = fopen(input_path, \"r\");\n", + "lineNumber": 44, + "lineChange": "removed" + }, + { + "line": "FILE *file = aws_fopen(input_path, \"r\");\n", + "lineNumber": 45, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/steveicarus/iverilog/commit/aaa734690ffa6f7196357d6dee1a2f21b5ce17a2?diff=split#diff-0225fc36ffec899e5e238b258d4a2c782344607fe3500e76abf8177ec5b03f27L-1", + "lines": [ + { + "line": "file = fopen(pathbuf, \"w\");\n", + "lineNumber": 150, + "lineChange": "removed" + }, + { + "line": "file = fopen_safe(pathbuf);\n", + "lineNumber": 178, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 26, + "cwe": [ + "CWE-23" + ] + } + }, + { + "id": "cpp/PT/test", + "name": "PT/test", + "shortDescription": { + "text": "Path Traversal" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nBeing able to access and manipulate an arbitrary path leads to vulnerabilities when a program is being run with privileges that the user providing the path should not have. A website with a path traversal vulnerability would allow users access to sensitive files on the server hosting it. CLI programs may also be vulnerable to path traversal if they are being ran with elevated privileges (such as with the setuid or setgid flags in Unix systems).\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`.\n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "PT", + "Security", + "InTest", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/qpdf/qpdf/commit/ac4deac1873ca1bb570ffd479ed2cc1010762f89?diff=split#diff-86ce344dc69debd78135a45c16f074eecc538658a36ca4dab21839bcd330dbaeL-1", + "lines": [ + { + "line": " FILE* infile = fopen(infilename, \"rb\"); // XXXX\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": " if (infile == 0)\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": " {\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\tstd::cerr << \"can't open \" << infilename << std::endl;\n", + "lineNumber": 27, + "lineChange": "removed" + }, + { + "line": "\texit(2);\n", + "lineNumber": 28, + "lineChange": "removed" + }, + { + "line": " }\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": " FILE* infile = QUtil::safe_fopen(infilename, \"rb\");\n", + "lineNumber": 25, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/awslabs/aws-c-compression/commit/25cd4134377b6e2ed787d42a3a221582bdc1fa57?diff=split#diff-7be55cd889d1d7041835371d751f0ab01f17a3bb46e6d94acdcbf92473244ba2L-1", + "lines": [ + { + "line": "FILE *file = fopen(input_path, \"r\");\n", + "lineNumber": 44, + "lineChange": "removed" + }, + { + "line": "FILE *file = aws_fopen(input_path, \"r\");\n", + "lineNumber": 45, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/steveicarus/iverilog/commit/aaa734690ffa6f7196357d6dee1a2f21b5ce17a2?diff=split#diff-0225fc36ffec899e5e238b258d4a2c782344607fe3500e76abf8177ec5b03f27L-1", + "lines": [ + { + "line": "file = fopen(pathbuf, \"w\");\n", + "lineNumber": 150, + "lineChange": "removed" + }, + { + "line": "file = fopen_safe(pathbuf);\n", + "lineNumber": 178, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 26, + "cwe": [ + "CWE-23" + ] + } + }, + { + "id": "cpp/BufferOverflow/test", + "name": "BufferOverflow/test", + "shortDescription": { + "text": "Buffer Overflow" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nA buffer overflow is a type of runtime error that allows a program to write past the end of a buffer or array — hence the name overflow — and corrupt adjacent memory. Like most bugs, a buffer overflow doesn’t manifest at every program execution. Instead, the vulnerability is triggered under certain circumstances, such as unexpected user input.\n\nA buffer overflow attack is the exploitation of a buffer overflow vulnerability — typically by a malicious actor who wants to gain access or information. In this post, we’ll explain how a buffer overflow occurs and show you how to protect your C++ code from these attacks. Buffer overflows generally result in program crashes, however if the data that would overflow is user controlled, an attacker may cause more damage including deny of service attacks, infinite loops, or even remote code execution.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "BufferOverflow", + "Security", + "InTest", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/EtchedPixels/FUZIX/commit/58d3dedab9395d008b66a7caa786eac8f8a70e2d?diff=split#diff-293516809a2c40af227b5584427d853c14465ae7689492aa5d3dfff1155d3402L-1", + "lines": [ + { + "line": " static char iname[256];\n", + "lineNumber": 14, + "lineChange": "removed" + }, + { + "line": " static char iname[512];\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": " int l = strlen(name) - 1;\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " /* FIXME: Size check ! */\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " strcpy(iname, name);\n", + "lineNumber": 19, + "lineChange": "removed" + }, + { + "line": " strlcpy(iname, name, 512);\n", + "lineNumber": 19, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/uclouvain/openjpeg/commit/8715ce2749d1e5a1e9c77646e9a2ddf0ec82bac9?diff=split#diff-c1330160924cae174cdacdb4b0a6ab7561d56a377c9e44dc867b24030ceda35aL-1", + "lines": [ + { + "line": " char output_file[64];\n", + "lineNumber": 98, + "lineChange": "removed" + }, + { + "line": " const char *output_file;\n", + "lineNumber": 98, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 99, + "lineChange": "none" + }, + { + "line": " /* should be test_tile_encoder 3 2000 2000 1000 1000 8 tte1.j2k */\n", + "lineNumber": 100, + "lineChange": "none" + }, + { + "line": " if( argc == 9 )\n", + "lineNumber": 101, + "lineChange": "none" + }, + { + "line": " {\n", + "lineNumber": 102, + "lineChange": "none" + }, + { + "line": " num_comps = (OPJ_UINT32)atoi( argv[1] );\n", + "lineNumber": 103, + "lineChange": "none" + }, + { + "line": " image_width = atoi( argv[2] );\n", + "lineNumber": 104, + "lineChange": "none" + }, + { + "line": " image_height = atoi( argv[3] );\n", + "lineNumber": 105, + "lineChange": "none" + }, + { + "line": " tile_width = atoi( argv[4] );\n", + "lineNumber": 106, + "lineChange": "none" + }, + { + "line": " tile_height = atoi( argv[5] );\n", + "lineNumber": 107, + "lineChange": "none" + }, + { + "line": " comp_prec = atoi( argv[6] );\n", + "lineNumber": 108, + "lineChange": "none" + }, + { + "line": " irreversible = atoi( argv[7] );\n", + "lineNumber": 109, + "lineChange": "none" + }, + { + "line": " strcpy(output_file, argv[8] );\n", + "lineNumber": 110, + "lineChange": "removed" + }, + { + "line": " output_file = argv[8];\n", + "lineNumber": 110, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/aliyun/iotkit-embedded/commit/44eb2606debf4b8c4c7581cda834ac0558003f2f?diff=split#diff-cc5036bd596d2f2e352dd94ee238dc32554bd55aa19b25abe90a62d3b4cad55fL-1", + "lines": [ + { + "line": "strcpy(ctx.pk,argv[1]);\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "strcpy(ctx.dn,argv[2]);\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": "strcpy(ctx.ds,argv[3]);\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "strncpy(ctx.pk,argv[1],sizeof(ctx.pk)-1);\n", + "lineNumber": 25, + "lineChange": "added" + }, + { + "line": "strncpy(ctx.dn,argv[2],sizeof(ctx.dn)-1);\n", + "lineNumber": 26, + "lineChange": "added" + }, + { + "line": "strncpy(ctx.ds,argv[3],sizeof(ctx.ds)-1);\n", + "lineNumber": 27, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 50, + "cwe": [ + "CWE-122" + ] + } + }, + { + "id": "cpp/CommandInjection", + "name": "CommandInjection", + "shortDescription": { + "text": "Command Injection" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nWith an OS command injection attack a web application user can pass commands directly to the system shell, attached to a legitimate request. These commands can then be executed on the application server, potentially leading to harmful consequences, including data exposure or deletion. Like code injection attacks, command injection attacks are essentially a failure of data validation. Unlike code injection attacks, which introduce new code, command injection attacks use existing system functions, often taking advantage of the application's unnecessarily high privilege level, increasing the risk of serious harm and reputational damage.\n\n## Best practices for prevention\n- Never trust user input. Assume any input may transmit harmful values.\n- Adopt the principle of least privilege: No application should have a greater access level than needed to run its required tasks.\n- Control user access policies on a task-by-task basis.\n- Don't pass user input directly to the system; use libraries or APIs that lack system access.\n- Where shell commands must be passed, escape values using functions like shlex for Python, or escapeshellarg() for PHP.\n- Sanitize user input with regular expressions to define permitted characters along with maximum string length.\n- Convert special characters such as `& | ; $ > < \\ !` before passing to the server.\n- Whitelist permitted commands and validate user responses against these expectations.\n- Remember that code injection can take place on multiple fronts: GET and POST requests, but also cookies and HTTP headers.\n- Ensure up-to-date patching across all systems to remediate known vulnerabilities.\n- Educate all team members on safer data handling procedures to prevent attacks.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "CommandInjection", + "Security", + "SourceResourceAccess", + "SourceFile", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/solbu/hldig/commit/f920e75b1ec753638243d73b6c7348cb439920b0?diff=split#diff-69186067c7362e197c0afe26564309ecb1b7bd914676b693fad6d6b2d4f4cb3dL-1", + "lines": [ + { + "line": " system(form(\"/bin/mv %s %s;/bin/mv %s %s\",\n", + "lineNumber": 63, + "lineChange": "removed" + }, + { + "line": "\t\troot2word.get(), config[\"endings_root2word_db\"],\n", + "lineNumber": 64, + "lineChange": "removed" + }, + { + "line": "\t\tword2root.get(), config[\"endings_word2root_db\"]));\n", + "lineNumber": 65, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 63, + "lineChange": "added" + }, + { + "line": " link(root2word.get(), config[\"endings_root2word_db\"]);\n", + "lineNumber": 64, + "lineChange": "added" + }, + { + "line": " unlink(root2word.get());\n", + "lineNumber": 65, + "lineChange": "added" + }, + { + "line": " link(word2root.get(), config[\"endings_word2root_db\"]);\n", + "lineNumber": 66, + "lineChange": "added" + }, + { + "line": " unlink(word2root.get());\n", + "lineNumber": 67, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 68, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/fossology/fossology/commit/855c779ebfbd79f7d37d64b3420503f9f600a458?diff=split#diff-bc20e2478ca3d07e683ebb07b02cc1cfbd87be980cb483ce69a28811965d04c5L-1", + "lines": [ + { + "line": "unsigned char hash_value[myBUFSIZ] = {0};\n", + "lineNumber": 777, + "lineChange": "added" + }, + { + "line": "char pass_hash_actual[myBUFSIZ] = {0};\n", + "lineNumber": 778, + "lineChange": "none" + }, + { + "line": "FILE *file_hash = NULL;\n", + "lineNumber": 779, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 780, + "lineChange": "none" + }, + { + "line": " /** get user_seed, user_pass on one specified user */\n", + "lineNumber": 781, + "lineChange": "none" + }, + { + "line": " snprintf(SQL,sizeof(SQL),\"SELECT user_seed, user_pass, user_perm, user_pk from users where user_name='%s';\", user);\n", + "lineNumber": 782, + "lineChange": "none" + }, + { + "line": " result = PQexec(db_conn, SQL);\n", + "lineNumber": 783, + "lineChange": "none" + }, + { + "line": " if (fo_checkPQresult(db_conn, result, SQL, __FILE__, __LINE__)) return -1;\n", + "lineNumber": 784, + "lineChange": "none" + }, + { + "line": " strcpy(user_seed, PQgetvalue(result, 0, 0));\n", + "lineNumber": 785, + "lineChange": "none" + }, + { + "line": " strcpy(pass_hash_valid, PQgetvalue(result, 0, 1));\n", + "lineNumber": 786, + "lineChange": "none" + }, + { + "line": " *user_perm = atoi(PQgetvalue(result, 0, 2));\n", + "lineNumber": 787, + "lineChange": "none" + }, + { + "line": " *user_id = atoi(PQgetvalue(result, 0, 3));\n", + "lineNumber": 788, + "lineChange": "none" + }, + { + "line": " PQclear(result);\n", + "lineNumber": 789, + "lineChange": "none" + }, + { + "line": " if (user_seed[0] && pass_hash_valid[0]) \n", + "lineNumber": 790, + "lineChange": "none" + }, + { + "line": " {\n", + "lineNumber": 791, + "lineChange": "none" + }, + { + "line": " snprintf(CMD, sizeof(CMD), \"echo -n %s%s | openssl sha1\", user_seed, password); // get the hash code on seed+pass\n", + "lineNumber": 792, + "lineChange": "removed" + }, + { + "line": " file_hash = popen(CMD,\"r\");\n", + "lineNumber": 793, + "lineChange": "removed" + }, + { + "line": " if (!file_hash)\n", + "lineNumber": 794, + "lineChange": "removed" + }, + { + "line": " strcat(user_seed, password); // get the hash code on seed+pass\n", + "lineNumber": 791, + "lineChange": "added" + }, + { + "line": " SHA1((unsigned char *)user_seed, strlen(user_seed), hash_value); \n", + "lineNumber": 792, + "lineChange": "added" + }, + { + "line": " if (!hash_value[0])\n", + "lineNumber": 793, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/vim/vim-history/commit/0d766f99d8a0e92f3ad3295b4850e2c36020cd84?diff=split#diff-24affceeb32d6e65a537cabbdf648ca2c679f4ab184162d632429c64fa9f4392L-1", + "lines": [ + { + "line": "\t\tchar buf[BUFSIZ];\n", + "lineNumber": 85, + "lineChange": "removed" + }, + { + "line": "\t\ttime_t now;\n", + "lineNumber": 86, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 87, + "lineChange": "none" + }, + { + "line": "\t\tsprintf(buf, \"date > %s\", file);\n", + "lineNumber": 87, + "lineChange": "removed" + }, + { + "line": "\t\tsystem(buf);\n", + "lineNumber": 88, + "lineChange": "removed" + }, + { + "line": "\t\tnb_debug = fopen(file, \"a\");\n", + "lineNumber": 89, + "lineChange": "removed" + }, + { + "line": "\t\tnb_debug = fopen(file, \"w\");\n", + "lineNumber": 88, + "lineChange": "added" + }, + { + "line": "\t\ttime(&now);\n", + "lineNumber": 89, + "lineChange": "added" + }, + { + "line": "\t\tfprintf(nb_debug, \"%s\", asctime(localtime(&now)));\n", + "lineNumber": 90, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 40, + "cwe": [ + "CWE-78" + ] + } + }, + { + "id": "cpp/DoubleFree/test", + "name": "DoubleFree/test", + "shortDescription": { + "text": "Double Free" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nThe same memory address is released more than once, (ie - `free()` or `delete` is called on the same value multiple times).\n\nThis can corrupt the program's memory management data structures, and subsequently cause the program to crash, or lead to undefined behaviour, such as allowing two separate calls to `malloc()` to return the same address.\n\nThis in turn can lead to buffer overflow vulnerabilities, as well as undefined behaviour.\n\n## Best practices for prevention\n* Store a new value in pointers immediately after `free()`\n * The new value can be:\n * a constant that can be checked (ie, `NULL`), or\n * a reference to another valid object.\n\n\n## References\n\n* [CERT MEM01-C](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152148)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "DoubleFree", + "Security", + "InTest", + "FreeResource" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/cvxgrp/qcml/commit/148b45fbab9f797b3679506dbd156059d015e546?diff=split#diff-73f629e733c4fe4ae4aa9228e87de2e9c994e46da7967e5d034db487a21227caL-1", + "lines": [ + { + "line": "if (data->Ai) free(data->Ai);\n", + "lineNumber": 11, + "lineChange": "removed" + }, + { + "line": "if (data->Ax) free(data->Ax);\n", + "lineNumber": 11, + "lineChange": "added" + }, + { + "line": "if (data->Ap) free(data->Ap);\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "if (data->Ai) free(data->Ai);\n", + "lineNumber": 13, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/hturner08/pystructures/commit/045533563d1d2cf533f71cd3c4a8fc8e24208661?diff=split#diff-626f2ad883e97e722829bc18581b68f8f1a394e5ec5a1c72b5e28f55f0870026L-1", + "lines": [ + { + "line": "free(stack);\r\n", + "lineNumber": 11, + "lineChange": "removed" + }, + { + "line": "free(tree);\r\n", + "lineNumber": 12, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/mmuman/NetSurf/commit/541b87ec9b05d9af565bac54a4089b2b1b5ca34e?diff=split#diff-f0ebd69c70b716d69525c2c80ebe90e435183cf5f0c23a89dc149715ecfee910L-1", + "lines": [ + { + "line": "free(charset);\n", + "lineNumber": 113, + "lineChange": "removed" + }, + { + "line": "free(target);\n", + "lineNumber": 113, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 37, + "cwe": [ + "CWE-415" + ] + } + }, + { + "id": "cpp/CommandInjection/test", + "name": "CommandInjection/test", + "shortDescription": { + "text": "Command Injection" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nWith an OS command injection attack a web application user can pass commands directly to the system shell, attached to a legitimate request. These commands can then be executed on the application server, potentially leading to harmful consequences, including data exposure or deletion. Like code injection attacks, command injection attacks are essentially a failure of data validation. Unlike code injection attacks, which introduce new code, command injection attacks use existing system functions, often taking advantage of the application's unnecessarily high privilege level, increasing the risk of serious harm and reputational damage.\n\n## Best practices for prevention\n- Never trust user input. Assume any input may transmit harmful values.\n- Adopt the principle of least privilege: No application should have a greater access level than needed to run its required tasks.\n- Control user access policies on a task-by-task basis.\n- Don't pass user input directly to the system; use libraries or APIs that lack system access.\n- Where shell commands must be passed, escape values using functions like shlex for Python, or escapeshellarg() for PHP.\n- Sanitize user input with regular expressions to define permitted characters along with maximum string length.\n- Convert special characters such as `& | ; $ > < \\ !` before passing to the server.\n- Whitelist permitted commands and validate user responses against these expectations.\n- Remember that code injection can take place on multiple fronts: GET and POST requests, but also cookies and HTTP headers.\n- Ensure up-to-date patching across all systems to remediate known vulnerabilities.\n- Educate all team members on safer data handling procedures to prevent attacks.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "CommandInjection", + "Security", + "InTest", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/solbu/hldig/commit/f920e75b1ec753638243d73b6c7348cb439920b0?diff=split#diff-69186067c7362e197c0afe26564309ecb1b7bd914676b693fad6d6b2d4f4cb3dL-1", + "lines": [ + { + "line": " system(form(\"/bin/mv %s %s;/bin/mv %s %s\",\n", + "lineNumber": 63, + "lineChange": "removed" + }, + { + "line": "\t\troot2word.get(), config[\"endings_root2word_db\"],\n", + "lineNumber": 64, + "lineChange": "removed" + }, + { + "line": "\t\tword2root.get(), config[\"endings_word2root_db\"]));\n", + "lineNumber": 65, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 63, + "lineChange": "added" + }, + { + "line": " link(root2word.get(), config[\"endings_root2word_db\"]);\n", + "lineNumber": 64, + "lineChange": "added" + }, + { + "line": " unlink(root2word.get());\n", + "lineNumber": 65, + "lineChange": "added" + }, + { + "line": " link(word2root.get(), config[\"endings_word2root_db\"]);\n", + "lineNumber": 66, + "lineChange": "added" + }, + { + "line": " unlink(word2root.get());\n", + "lineNumber": 67, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 68, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/fossology/fossology/commit/855c779ebfbd79f7d37d64b3420503f9f600a458?diff=split#diff-bc20e2478ca3d07e683ebb07b02cc1cfbd87be980cb483ce69a28811965d04c5L-1", + "lines": [ + { + "line": "unsigned char hash_value[myBUFSIZ] = {0};\n", + "lineNumber": 777, + "lineChange": "added" + }, + { + "line": "char pass_hash_actual[myBUFSIZ] = {0};\n", + "lineNumber": 778, + "lineChange": "none" + }, + { + "line": "FILE *file_hash = NULL;\n", + "lineNumber": 779, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 780, + "lineChange": "none" + }, + { + "line": " /** get user_seed, user_pass on one specified user */\n", + "lineNumber": 781, + "lineChange": "none" + }, + { + "line": " snprintf(SQL,sizeof(SQL),\"SELECT user_seed, user_pass, user_perm, user_pk from users where user_name='%s';\", user);\n", + "lineNumber": 782, + "lineChange": "none" + }, + { + "line": " result = PQexec(db_conn, SQL);\n", + "lineNumber": 783, + "lineChange": "none" + }, + { + "line": " if (fo_checkPQresult(db_conn, result, SQL, __FILE__, __LINE__)) return -1;\n", + "lineNumber": 784, + "lineChange": "none" + }, + { + "line": " strcpy(user_seed, PQgetvalue(result, 0, 0));\n", + "lineNumber": 785, + "lineChange": "none" + }, + { + "line": " strcpy(pass_hash_valid, PQgetvalue(result, 0, 1));\n", + "lineNumber": 786, + "lineChange": "none" + }, + { + "line": " *user_perm = atoi(PQgetvalue(result, 0, 2));\n", + "lineNumber": 787, + "lineChange": "none" + }, + { + "line": " *user_id = atoi(PQgetvalue(result, 0, 3));\n", + "lineNumber": 788, + "lineChange": "none" + }, + { + "line": " PQclear(result);\n", + "lineNumber": 789, + "lineChange": "none" + }, + { + "line": " if (user_seed[0] && pass_hash_valid[0]) \n", + "lineNumber": 790, + "lineChange": "none" + }, + { + "line": " {\n", + "lineNumber": 791, + "lineChange": "none" + }, + { + "line": " snprintf(CMD, sizeof(CMD), \"echo -n %s%s | openssl sha1\", user_seed, password); // get the hash code on seed+pass\n", + "lineNumber": 792, + "lineChange": "removed" + }, + { + "line": " file_hash = popen(CMD,\"r\");\n", + "lineNumber": 793, + "lineChange": "removed" + }, + { + "line": " if (!file_hash)\n", + "lineNumber": 794, + "lineChange": "removed" + }, + { + "line": " strcat(user_seed, password); // get the hash code on seed+pass\n", + "lineNumber": 791, + "lineChange": "added" + }, + { + "line": " SHA1((unsigned char *)user_seed, strlen(user_seed), hash_value); \n", + "lineNumber": 792, + "lineChange": "added" + }, + { + "line": " if (!hash_value[0])\n", + "lineNumber": 793, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/vim/vim-history/commit/0d766f99d8a0e92f3ad3295b4850e2c36020cd84?diff=split#diff-24affceeb32d6e65a537cabbdf648ca2c679f4ab184162d632429c64fa9f4392L-1", + "lines": [ + { + "line": "\t\tchar buf[BUFSIZ];\n", + "lineNumber": 85, + "lineChange": "removed" + }, + { + "line": "\t\ttime_t now;\n", + "lineNumber": 86, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 87, + "lineChange": "none" + }, + { + "line": "\t\tsprintf(buf, \"date > %s\", file);\n", + "lineNumber": 87, + "lineChange": "removed" + }, + { + "line": "\t\tsystem(buf);\n", + "lineNumber": 88, + "lineChange": "removed" + }, + { + "line": "\t\tnb_debug = fopen(file, \"a\");\n", + "lineNumber": 89, + "lineChange": "removed" + }, + { + "line": "\t\tnb_debug = fopen(file, \"w\");\n", + "lineNumber": 88, + "lineChange": "added" + }, + { + "line": "\t\ttime(&now);\n", + "lineNumber": 89, + "lineChange": "added" + }, + { + "line": "\t\tfprintf(nb_debug, \"%s\", asctime(localtime(&now)));\n", + "lineNumber": 90, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 40, + "cwe": [ + "CWE-78" + ] + } + }, + { + "id": "cpp/UseAfterClose", + "name": "UseAfterClose", + "shortDescription": { + "text": "Use of Expired File Descriptor" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nA file descriptor for a particular file or device is released, and then the file descriptor is subsequently reused.\n\nThe code might not write to the original file, since the reused file descriptor might reference a different file or device.\n\n## Best practices for prevention\n* Store a new value in file handlers immediately after `fclose()`\n\n## References\n\n* [CERT MEM01-C](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152148)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "UseAfterClose", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/cosignweblogin/cosign/commit/4d7767056d31c0818ae2a7c935aaf409556fdc85?diff=split#diff-d8ba1a7744c058043dfe00de7f72332e70a29a184ebc4a466abd32a4d6092b6eL-1", + "lines": [ + { + "line": "while( fgets( buf, MAXLEN, sf ) != NULL ) {\n", + "lineNumber": 38, + "lineChange": "none" + }, + { + "line": "len = strlen( buf );\n", + "lineNumber": 39, + "lineChange": "none" + }, + { + "line": "if ( buf[ len - 1 ] != '\\n' ) {\n", + "lineNumber": 40, + "lineChange": "none" + }, + { + "line": " (void)fclose( sf );\n", + "lineNumber": 41, + "lineChange": "none" + }, + { + "line": " fprintf( stderr, \"read_a_secant: line too long\");\n", + "lineNumber": 42, + "lineChange": "none" + }, + { + "line": " return( -1 );\n", + "lineNumber": 43, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/libretro/parallel-n64/commit/6df2b474156257c01e1cbf4442c8b2ef7a299d57?diff=split#diff-7d5286ac565f19b2645d171948726fc14bb6e953139ccf807e996a8ad909dd1bL-1", + "lines": [ + { + "line": "{\n", + "lineNumber": 18, + "lineChange": "added" + }, + { + "line": " fwrite(\"EOF \", 1, 8, file);\n", + "lineNumber": 19, + "lineChange": "added" + }, + { + "line": " fclose(file);\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 21, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/ShiftMediaProject/libxml2/commit/11ce4004d86bb4b317c48b7d5124ba33e40e10f5?diff=split#diff-6d1cb8aacc98ff091877650f79048c96d79047d51ba501e6a58e5981ccdbde52L-1", + "lines": [ + { + "line": "\treturn;\n", + "lineNumber": 55, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 56, + "lineChange": "none" + }, + { + "line": " states[0] = xmlAutomataGetInitState(am);\n", + "lineNumber": 57, + "lineChange": "none" + }, + { + "line": " if (states[0] == NULL) {\n", + "lineNumber": 58, + "lineChange": "none" + }, + { + "line": " xmlGenericError(xmlGenericErrorContext,\n", + "lineNumber": 59, + "lineChange": "none" + }, + { + "line": "\t\t\"Cannot get start state\\n\");\n", + "lineNumber": 60, + "lineChange": "none" + }, + { + "line": "\txmlFreeAutomata(am);\n", + "lineNumber": 61, + "lineChange": "none" + }, + { + "line": "\tfclose(input);\n", + "lineNumber": 62, + "lineChange": "none" + }, + { + "line": "\treturn;\n", + "lineNumber": 63, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 64, + "lineChange": "none" + }, + { + "line": " ret = 0;\n", + "lineNumber": 65, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 66, + "lineChange": "none" + }, + { + "line": " while (fgets(expr, 4500, input) != NULL) {\n", + "lineNumber": 67, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 20, + "cwe": [ + "CWE-910" + ] + } + }, + { + "id": "cpp/LdapInjection", + "name": "LdapInjection", + "shortDescription": { + "text": "LDAP Injection" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "\n## Details\nLDAP servers offer simple storage for a range of information types, including systems, services, emails, and users. One of the most common applications of LDAP servers is to orchestrate user sessions, making it easier for users to access multiple services through a single sign-on. An LDAP injection attack occurs when an attacker gains unauthorized access to these centralized stores of user data. If an attacker succeeds in injecting arbitrary, unsanitized information into an LDAP query, the attacker can gain access to credentials or content and/or perform unauthorized actions. This could include adding or modifying records within the centralized data store itself, such as erasing or altering records.\nAs with other injection-type attacks, like SQL injection, LDAP injection attacks are highly preventable through safer web application design and coding practices.\n\n## Best practices for prevention\n* Never pass user input directly to the LDAP query.\n* Sanitize all input prior to processing as appropriate for the particular input type.\n* Escape all LDAP specific characters, such as, `#,\",+, ;, <, >, \\` and null, replacing with ASCII hex values. However, do not rely solely on denylists or escaped characters for defense against LDAP injection attacks.\n* For tighter security, consider validating input against an allowlist (\"accept known good\") to ensure that only certain parameters can be passed.\n* Assume all user input is potentially malicious.\n* Adopt development frameworks that specifically provide protection against LDAP injection attacks.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "LdapInjection", + "Security", + "SourceNonServer", + "SourceResourceAccess", + "SourceFile", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-90" + ] + } + }, + { + "id": "cpp/FormatString/test", + "name": "FormatString/test", + "shortDescription": { + "text": "Use of Externally-Controlled Format String" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nSimilar to SQL injection and other injection-type weaknesses, a format string weakness is one in which the user is able to control the application's execution by supplying unexpected input. In this case, the input string is passed directly from the user to a format function such as printf (this weakness appears primarily in C-type languages).\n\nFormat functions were originally designed to provide more flexible output options through specified parameters. However, if input is passed directly from the user to the site or application without sanitization, an attacker may add special characters that will then be interpreted as formatting parameters, causing the application to behave unpredictably, read/write in unauthorized memory locations, crash, or even permit the attacker to execute commands. Since format functions with this weakness may behave exactly like properly coded format functions (until the weakness is exploited), it may be difficult to identify with standard testing.\n\n## Best practices for prevention\n* Implement constraints for user input wherever possible (permitted length, special characters, etc.).\n* Always perform input validation; never pass user data directly to the application.\n* Avoid single-parameter calls to format functions. Always pass a format-specifying parameter, ideally one that is not user-controlled, to the format function in addition to the text output. Never allow user-controlled input to be the only parameter passed.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "FormatString", + "Security", + "InTest", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/kitech/nullfxp/commit/ed648ab4527736bb60f6cc4868d4eedb51500ecf?diff=split#diff-ac9b62f7a424e7c8a245813364ec9eba3a27d8c577b2bb9721aff8691d35f61dL-1", + "lines": [ + { + "line": "printf(vn+1);\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": "printf(\"%s\", vn+1);\n", + "lineNumber": 25, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/mirror/newlib-cygwin/commit/5ace9004d9b982ba8887df41139295792c130020?diff=split#diff-9c64a0f7072dff1c00b1882899b677e4f1af3a28f3ed5520ad8d64b48ac5f469L-1", + "lines": [ + { + "line": "fprintf(stderr, tmp);\n", + "lineNumber": 129, + "lineChange": "removed" + }, + { + "line": "fputs(tmp, stderr);\n", + "lineNumber": 129, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/ve7fet/linuxax25/commit/9fcc3df3cea7adddeb721e2c5eee11e2b2884ca8?diff=split#diff-cb88ed423246a8da6e867b22f295aee41cb2a0c6a0323f74ec7e1d7a67b8f1d8L-1", + "lines": [ + { + "line": "printf(routebuf);\n", + "lineNumber": 141, + "lineChange": "removed" + }, + { + "line": "printf(\"%s\", routebuf);\n", + "lineNumber": 141, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 74, + "cwe": [ + "CWE-134" + ] + } + }, + { + "id": "cpp/UserControlledPointer", + "name": "UserControlledPointer", + "shortDescription": { + "text": "User Controlled Pointer" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nUser input should be validated before it is used to create or manipulate a pointer's address. Otherwise, a user can cause a pointer to point to an arbitary segment of memory, which could lead to memory corruption, exposure of unintended information or program crashes.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "UserControlledPointer", + "Security", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/CZ-NIC/knot-resolver/commit/4956abad84d7770b2b49d5e12ef1726b5e2110d7?diff=split#diff-6b3eb643659f29f26179a7d87913d4e0b21bedd84864bdf0afce7be44e505571L-1", + "lines": [ + { + "line": "auto_free char *rbuf = malloc(len + 1);\n", + "lineNumber": 168, + "lineChange": "removed" + }, + { + "line": "auto_free char *rbuf = NULL;\n", + "lineNumber": 178, + "lineChange": "added" + }, + { + "line": "if (len < UINT_MAX) {\n", + "lineNumber": 179, + "lineChange": "added" + }, + { + "line": "\trbuf = malloc(len + 1);\n", + "lineNumber": 180, + "lineChange": "added" + }, + { + "line": "} else {\n", + "lineNumber": 181, + "lineChange": "added" + }, + { + "line": "\terrno = EINVAL;\n", + "lineNumber": 182, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 183, + "lineChange": "added" + }, + { + "line": "if (!rbuf) {\n", + "lineNumber": 184, + "lineChange": "none" + }, + { + "line": "\tkr_log_error(\"[system] ipc: %s\\n\", strerror(errno));\n", + "lineNumber": 185, + "lineChange": "none" + }, + { + "line": "\tengine_stop(engine); /* Panic and stop this fork. */\n", + "lineNumber": 186, + "lineChange": "none" + }, + { + "line": "\treturn;\n", + "lineNumber": 187, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 188, + "lineChange": "none" + }, + { + "line": "if (ipc_readall(fd, rbuf, len)) {\n", + "lineNumber": 189, + "lineChange": "none" + }, + { + "line": "\trbuf[len] = '\\0';\n", + "lineNumber": 190, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/iotivity/iotivity/commit/8c2f6dc141f77b3299407281ee0fc3cf13051864?diff=split#diff-abef7e51135d7df4d269084ac50d0df3a8dcae37e6d736089048f50226fb997cL-1", + "lines": [ + { + "line": " g_mqSelectedTopicResource = gTopicList[atoi(cmd.c_str())];\n", + "lineNumber": 241, + "lineChange": "removed" + }, + { + "line": " {\n", + "lineNumber": 241, + "lineChange": "added" + }, + { + "line": " int index = atoi(cmd.c_str());\n", + "lineNumber": 242, + "lineChange": "added" + }, + { + "line": " if(index < 0 || (unsigned int) index >= gTopicList.size())\n", + "lineNumber": 243, + "lineChange": "added" + }, + { + "line": " {\n", + "lineNumber": 244, + "lineChange": "added" + }, + { + "line": " cout << \"invalid topic index selected\" << endl;\n", + "lineNumber": 245, + "lineChange": "added" + }, + { + "line": " continue;\n", + "lineNumber": 246, + "lineChange": "added" + }, + { + "line": " }\n", + "lineNumber": 247, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 248, + "lineChange": "added" + }, + { + "line": " g_mqSelectedTopicResource = gTopicList[index];\n", + "lineNumber": 249, + "lineChange": "added" + }, + { + "line": " cout << g_mqSelectedTopicResource->uri() << \" selected\" << endl;\n", + "lineNumber": 250, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 251, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/dlorch/hammer-fuse/commit/e21ccde29b4e7c2c450ad37b1a39ee5720604c05?diff=split#diff-c0fc3327f1ee847a9ffeb2aaa21c28b050d24794d0819b47dc75ab0a0a7c0c44L-1", + "lines": [ + { + "line": "buf[namelen] = '\\0';\n", + "lineNumber": 853, + "lineChange": "removed" + }, + { + "line": "buf[namelen - 1] = '\\0';\n", + "lineNumber": 853, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-1285" + ] + } + }, + { + "id": "cpp/DerefNull/test", + "name": "DerefNull/test", + "shortDescription": { + "text": "Dereference of a NULL Pointer" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\nDereferencing a NULL pointer typically results in a program crash or other undefined behaviour. Pointers can be set to NULL a variety of ways, including by the retrun value of standard library functions, often in the case of an error with that function. Pointers may also be initalised to NULL, and subsequently not reassigned on some execution paths before being derefernced. Where it is possible a pointer is NULL, it is best to check before derefencing it.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "DerefNull", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/RaJiska/JAPM/commit/e717737ffd5237ae384072e6c523d1e11dd9ef16?diff=split#diff-612b7cf36bdcb89724f956c18aff3c9296d7d9f44eca7869b1d10da0b7cd1705L-1", + "lines": [ + { + "line": "if (*((found = strrchr(path, '\\\\')) + 1) == 0)\n", + "lineNumber": 17, + "lineChange": "removed" + }, + { + "line": "if ((found = strrchr(path, '\\\\')) && *found + 1 == 0)\n", + "lineNumber": 17, + "lineChange": "added" + }, + { + "line": "\t*found = 0;\n", + "lineNumber": 18, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/GNOME/gnumeric/commit/5d6b0e0e854f143d5fa7062495df812933149bc4?diff=split#diff-4bf0193427fd407708e50a71b61d9b6bcac32cab136702e69dd71341ffa22f10L-1", + "lines": [ + { + "line": "if (tmp[9] == 0)\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "if (tmp && tmp[9] == 0)\n", + "lineNumber": 26, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/higepon/mona/commit/72c6a77f8374e9fa1cf38d3093df4d65e4518855?diff=split#diff-6cefc6f1891fe5cfda626004db207043f2723e75642e7f1f74a120d649f85289L-1", + "lines": [ + { + "line": "\tif( fp == NULL )\n", + "lineNumber": 18, + "lineChange": "added" + }, + { + "line": "\t{\n", + "lineNumber": 19, + "lineChange": "added" + }, + { + "line": "\t\tputs(\"fp is NULL\");\n", + "lineNumber": 20, + "lineChange": "added" + }, + { + "line": "\t\treturn 1;\n", + "lineNumber": 21, + "lineChange": "added" + }, + { + "line": "\t}\n", + "lineNumber": 22, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "\ttid = Message::lookupMainThread(\"AUDIO.EX5\");\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "\tMessage::sendReceive(&msg, tid, MSG_AUDIO_NEW_CHANNEL, 0);\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "\tch = msg.arg2;\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "\ts = Stream::FromHandle(msg.arg3);\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "\tMessage::sendReceive(&msg, tid, MSG_AUDIO_SET_FORMAT, 2, 16, 44100);\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "\treadsize = fread(buf, 1, sizeof(buf), fp);\n", + "lineNumber": 32, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-476" + ] + } + }, + { + "id": "javascript/CodeInjection", + "name": "CodeInjection", + "shortDescription": { + "text": "Code Injection" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nA secure code injection attack occurs when the attacker exploits an existing input processing vulnerability, passing special characters and code directly to a web-based application or site. The code is then executed, potentially granting the user system access to export sensitive data, to install malware, or even to move laterally and to exploit other systems in the trusted internal network environment. While code injection attacks can take place in several ways, the common factor is allowing the user to submit executable code to the application. The most common forms of code injection are SQL injection (server side) and cross-site scripting (XSS) (client side).\n\n## Best practices for prevention\n- Never trust user input. Assume any input may transmit harmful values.\n- Apply least privilege principle (for example, limit users to read only wherever possible).\n- Avoid passing raw user input directly to functions; use parameterized queries to extract data first.\n- Sanitize user input strings of special characters such as ?, &, /, <, >, and quotation marks.\n- Use whitelisting of known good values.\n- Validate user input against expected response types.\n- Escape shell commands with functions such as shlex for Python, or escapeshellarg for PHP.\n- Remember that code injection can take place on multiple fronts: GET and POST requests, but also cookies and HTTP headers.\n- Ensure up-to-date patching across all systems to remediate known vulnerabilities so these cannot be exploited by code injection.\n- Educate all team members on safe data handling procedures to prevent attacks.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "CodeInjection", + "Security", + "SourceNonServer", + "SourceResourceAccess", + "SourceNetworkRequest", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/noppa/ng-hot-reload/commit/5de61299a0a7aa602fe015ac9f2ff3af3f798348?diff=split#diff-8f9d1530fa118465c523a517c5f4cac4ec173f17b820514034dc39e588415f63L-1", + "lines": [ + { + "line": "var update = event.data;\r\n", + "lineNumber": 4, + "lineChange": "removed" + }, + { + "line": "new Function(update)();\r\n", + "lineNumber": 5, + "lineChange": "removed" + }, + { + "line": "var data = event.data ? JSON.parse(event.data) : {};\r\n", + "lineNumber": 4, + "lineChange": "added" + }, + { + "line": "console.log('msg', data);\r\n", + "lineNumber": 5, + "lineChange": "added" + }, + { + "line": "if (data.message === 'reload') {\r\n", + "lineNumber": 6, + "lineChange": "added" + }, + { + "line": " var script = document.createElement('script');\r\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": " var query = '?t=' + Date.now();\r\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": " script.src = 'http://localhost/' + options.port + '/' + data.src + query;\r\n", + "lineNumber": 9, + "lineChange": "added" + }, + { + "line": " document.body.appendChild(script);\r\n", + "lineNumber": 10, + "lineChange": "added" + }, + { + "line": "}\r\n", + "lineNumber": 11, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/LivelyKernel/lively4-core/commit/213a73ebc4db1f1ecbd7246667e5464f52d74202?diff=split#diff-12943682e5d32ff6cf0d439857d2f66fa83679ace466571835e44732019f94bcL-1", + "lines": [ + { + "line": "(function() {\n", + "lineNumber": 58, + "lineChange": "removed" + }, + { + "line": " var expression = /^(https:\\/\\/eval\\/)/;\n", + "lineNumber": 59, + "lineChange": "removed" + }, + { + "line": " var evaluator = {\n", + "lineNumber": 60, + "lineChange": "removed" + }, + { + "line": " transform: function(request) {\n", + "lineNumber": 61, + "lineChange": "removed" + }, + { + "line": " console.log('Eval Loader', request.url);\n", + "lineNumber": 62, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 63, + "lineChange": "removed" + }, + { + "line": " console.log('starting eval');\n", + "lineNumber": 64, + "lineChange": "removed" + }, + { + "line": " var s = request.url.replace(expression, '');\n", + "lineNumber": 65, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 66, + "lineChange": "removed" + }, + { + "line": " try {\n", + "lineNumber": 67, + "lineChange": "removed" + }, + { + "line": " console.log('eval try', s);\n", + "lineNumber": 68, + "lineChange": "removed" + }, + { + "line": " var result = eval(s);\n", + "lineNumber": 69, + "lineChange": "removed" + }, + { + "line": " } catch(e) {\n", + "lineNumber": 70, + "lineChange": "removed" + }, + { + "line": " console.log('eval catch', s);\n", + "lineNumber": 71, + "lineChange": "removed" + }, + { + "line": " result = \"Error: \" + e;\n", + "lineNumber": 72, + "lineChange": "removed" + }, + { + "line": " }\n", + "lineNumber": 73, + "lineChange": "removed" + }, + { + "line": " console.log('eval result', result);\n", + "lineNumber": 74, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 75, + "lineChange": "removed" + }, + { + "line": " return new Response(result);\n", + "lineNumber": 76, + "lineChange": "removed" + }, + { + "line": " }\n", + "lineNumber": 77, + "lineChange": "removed" + }, + { + "line": " };\n", + "lineNumber": 78, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 79, + "lineChange": "removed" + }, + { + "line": " l4.fetchTask('eval', l4.urlMatch(expression), function(event) {\n", + "lineNumber": 80, + "lineChange": "removed" + }, + { + "line": " return l4.parseEvent(event)\n", + "lineNumber": 81, + "lineChange": "removed" + }, + { + "line": " .then(evaluator.transform);\n", + "lineNumber": 82, + "lineChange": "removed" + }, + { + "line": " });\n", + "lineNumber": 83, + "lineChange": "removed" + }, + { + "line": "})();\n", + "lineNumber": 84, + "lineChange": "removed" + }, + { + "line": "l4.importScripts('src/sw/fetch-tasks/eval.js');\n", + "lineNumber": 58, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/MobileChromeApps/mobile-chrome-apps/commit/6ec3f238fa5be46b8f10e9bb1238adaa6c4f93c7?diff=split#diff-9e02ca2328a0d6a25bbd6001fb86d09ddbdd52c6ea8017b7c3cbe4b38af07549L-1", + "lines": [ + { + "line": "var contents = eval('(' + xhr.responseText + ')');\n", + "lineNumber": 78, + "lineChange": "removed" + }, + { + "line": "// Convert any \\x escape sequences to \\u two-byte sequences\n", + "lineNumber": 78, + "lineChange": "added" + }, + { + "line": "var cleanedResponse = xhr.responseText.replace(/\\\\x([0-9a-f]{2})/g, '\\\\u00$1');\n", + "lineNumber": 79, + "lineChange": "added" + }, + { + "line": "var contents;\n", + "lineNumber": 80, + "lineChange": "added" + }, + { + "line": "try {\n", + "lineNumber": 81, + "lineChange": "added" + }, + { + "line": " contents = JSON.parse(cleanedResponse);\n", + "lineNumber": 82, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 83, + "lineChange": "added" + }, + { + "line": "catch(error) {\n", + "lineNumber": 84, + "lineChange": "added" + }, + { + "line": " throw new Error('Unable to parse file \"' + fileName + '\", error: ' + error);\n", + "lineNumber": 85, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 86, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 119, + "cwe": [ + "CWE-94" + ] + } + }, + { + "id": "cpp/WeakGuard/test", + "name": "WeakGuard/test", + "shortDescription": { + "text": "Authentication Bypass by Spoofing" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nIf an application uses IP address or domain name checks for implementing authentication logic to authenticate services, hosts or other applications, they can be prone to bypasses since IP addresses or domain names, under certain conditions, can potentially be spoofed or manipulated by an attacker.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "WeakGuard", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-290" + ] + } + }, + { + "id": "cpp/IntegerOverflow", + "name": "IntegerOverflow", + "shortDescription": { + "text": "Integer Overflow" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nAn integer overflow is a type of an arithmetic overflow error when the result of an integer operation does not fit within the allocated memory space. Instead of an error in the program, it usually causes the result to be unexpected. In the context of application security, this could lead to bypass of application logic or validation, and in some cases may lead to buffer overflow vulnerabilities.\n\nExample:\n\n```\nnresp = packet_get_int();\nif (nresp > 0) {\n response = xmalloc(nresp*sizeof(char*));\n for (i = 0; i < nresp; i++)\n response[i] = packet_get_string(NULL);\n}\n```\n\nIf `nresp` is 1073741824 and `sizeof(char*)` is 4 (which is typical), then `nresp*sizeof(char*)` results in an overflow. Therefore, `xmalloc()` receives and allocates a 0-byte buffer. The subsequent loop causes a heap buffer overflow, which may, in turn, be used by an attacker to execute arbitrary code.\n\n## Best practices for prevention\n\nInteger overflow can be hard to detect and prevent, especially in large and complex codebases. Developers should perform checks as appropriate to determine that arithmetic operations do not result in an overflow. This could be as simple as ensuring the result of the additive operation is not less than the operands themselves (and the inverse for subtractive operations). Libraries and processes can help to prevent such issues too - in the case of the GCC compiler, for example, there are built-in functions that check for integer overflows. In the case of C++ programs, there is a library called SafeInt that performs safe operations.\n\n## References\n\n* [CWE-190: Integer Overflow or Wraparound](https://cwe.mitre.org/data/definitions/190.html)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "IntegerOverflow", + "Security", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-190" + ] + } + }, + { + "id": "cpp/CMissingClose", + "name": "CMissingClose", + "shortDescription": { + "text": "Missing Release of File Descriptor or Handle after Effective Lifetime" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nA file descriptor or handler is allocated, and is not released after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.\n\nThis can lead to a denial of service, as an OS has a finite pool of file descriptors, and it may prevent other processes from obtaining their own file descriptors.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "CMissingClose", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/NCAR/ncl/commit/e0223ba7f96e77f00809a415e3308c70303f9542?diff=split#diff-df5e9e724e8583ee52188d12a745d16920f767c1810b04a27c6eeb7232423b58L-1", + "lines": [ + { + "line": "\tif ((fp = fopen(\"/dev/tty\", \"w\")) == NULL) {\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "\t\tfp = stderr;\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "\t}\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "\tif (header) (void) fprintf(fp, \"%s - \", header);\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "\t(void) fprintf(fp, \"Version %s\\n\", VERSION);\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "\t(void) fflush(fp);\n", + "lineNumber": 32, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 32, + "lineChange": "added" + }, + { + "line": "\tif (fp != stderr) fclose(fp);\n", + "lineNumber": 33, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/sirupsen/flying-cat/commit/c06788fa4d076221fa4a00c3b1fd1452660c34fe?diff=split#diff-29219c331c8b7f6acd9f5ceb186c4e811fc2d027b47aae3368f1cf93973b8af0L-1", + "lines": [ + { + "line": "FILE* s = fopen(argv[1], \"rb\");\n", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": "FILE* d = fopen(argv[2], \"wb\");\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 13, + "lineChange": "none" + }, + { + "line": "int o = atoi(argv[3]);\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": "if(o < 0)\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "{\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": "\tprintf(\"Offset must be a positive integer\\n\");\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": "\treturn 1;\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": "if(s == NULL)\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": "{\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "\tprintf(\"Can't open %s for reading\\n\", argv[1]);\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "\treturn 1;\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "if(d == NULL)\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "{\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "\tprintf(\"Can't open %s for writing\\n\", argv[2]);\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "\treturn 1;\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "fseek(s, o, SEEK_SET);\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "while(1)\n", + "lineNumber": 33, + "lineChange": "none" + }, + { + "line": "{\n", + "lineNumber": 34, + "lineChange": "none" + }, + { + "line": "\tchar c = fgetc(s);\n", + "lineNumber": 35, + "lineChange": "none" + }, + { + "line": "\tif(c == EOF)\n", + "lineNumber": 36, + "lineChange": "none" + }, + { + "line": "\t\tbreak;\n", + "lineNumber": 37, + "lineChange": "none" + }, + { + "line": "\tfputc(c, d);\n", + "lineNumber": 38, + "lineChange": "none" + }, + { + "line": "}\n", + "lineNumber": 39, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 40, + "lineChange": "none" + }, + { + "line": "printf(\"Done\\n\");\n", + "lineNumber": 41, + "lineChange": "removed" + }, + { + "line": "fclose(s);\n", + "lineNumber": 41, + "lineChange": "added" + }, + { + "line": "fclose(d);\n", + "lineNumber": 42, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/ElektraInitiative/libelektra/commit/3e7a05a62786a2a235d2643f968ef6d6866bcb07?diff=split#diff-ac0fd3922116dc1d1a71b721ae20637cf3d454929f3c80778b02fa9aa12b128bL-1", + "lines": [ + { + "line": "\tFILE * fp = fopen (keyString (parentKey), \"w\");\n", + "lineNumber": 143, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 144, + "lineChange": "none" + }, + { + "line": "\tif (!fp)\n", + "lineNumber": 145, + "lineChange": "none" + }, + { + "line": "\t{\n", + "lineNumber": 146, + "lineChange": "none" + }, + { + "line": "\t\tELEKTRA_SET_ERROR_SET (parentKey);\n", + "lineNumber": 147, + "lineChange": "none" + }, + { + "line": "\t\treturn -1;\n", + "lineNumber": 148, + "lineChange": "none" + }, + { + "line": "\t}\n", + "lineNumber": 149, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 150, + "lineChange": "none" + }, + { + "line": "\tksGenerate (returned, fp, 0);\n", + "lineNumber": 151, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 152, + "lineChange": "none" + }, + { + "line": "\tfclose (fp);\n", + "lineNumber": 150, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 57, + "cwe": [ + "CWE-775" + ] + } + }, + { + "id": "cpp/ImproperNullTermination/test", + "name": "ImproperNullTermination/test", + "shortDescription": { + "text": "Improper Null Termination" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\nImproper null termination occurs when a character string's ending null character is omitted or outside the allocated memory for the string. This typically leads to information leaks or buffer overflows and occurs when:\n* There is an off-by-one error which leads to the null character being out of bounds\n* Raw data is passed to functions expecting strings. This can lead to out of bounds reading or writing (e.g., strlen / strcpy using raw data)\n\n## Best practices for prevention\n* Use functions that ensure proper null termination. Pay attention to the way the string functions affect the ending null character (e.g., strncpy doesn't necessarily ensure null termination)\n* Avoid passing raw data to functions expecting strings. If this can't be avoided ensure there is proper null termination (e.g., write a null character at the end of the buffer)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "ImproperNullTermination", + "Security", + "InTest", + "SourceImproperNullTermination", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-170" + ] + } + }, + { + "id": "python/CommandInjection", + "name": "CommandInjection", + "shortDescription": { + "text": "Command Injection" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\n\nWith an OS command injection attack a web application user can pass commands directly to the system shell, attached to a legitimate request. These commands can then be executed on the application server, potentially leading to harmful consequences, including data exposure or deletion. Like code injection attacks, command injection attacks are essentially a failure of data validation. Unlike code injection attacks, which introduce new code, command injection attacks use existing system functions, often taking advantage of the application's unnecessarily high privilege level, increasing the risk of serious harm and reputational damage.\n\n## Best practices for prevention\n- Never trust user input. Assume any input may transmit harmful values.\n- Adopt the principle of least privilege: No application should have a greater access level than needed to run its required tasks.\n- Control user access policies on a task-by-task basis.\n- Don't pass user input directly to the system; use libraries or APIs that lack system access.\n- Where shell commands must be passed, escape values using functions like shlex for Python, or escapeshellarg() for PHP.\n- Sanitize user input with regular expressions to define permitted characters along with maximum string length.\n- Convert special characters such as `& | ; $ > < \\ !` before passing to the server.\n- Whitelist permitted commands and validate user responses against these expectations.\n- Remember that code injection can take place on multiple fronts: GET and POST requests, but also cookies and HTTP headers.\n- Ensure up-to-date patching across all systems to remediate known vulnerabilities.\n- Educate all team members on safer data handling procedures to prevent attacks.", + "text": "" + }, + "properties": { + "tags": [ + "python", + "CommandInjection", + "Security", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/ucbvislab/speecheditor/commit/70f2fb2290a28a1db5e65755c3a8307ef538ea99?diff=split#diff-568470d013cd12e4f388206520da39ab9a4e4c3c6b95846cbc281abc1ba3c959L-1", + "lines": [ + { + "line": "subprocess.call('cp \"%s\" \"%s\"' % (orig_name, full_name), shell=True)\n", + "lineNumber": 285, + "lineChange": "removed" + }, + { + "line": "shutil.copyfile(orig_name, full_name)\n", + "lineNumber": 303, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/esozh/eso_zh_ui/commit/7ef4d63f4c7c2e0275daf08862f615dcc6cf69f5?diff=split#diff-483aa1e8daa36090ed6724943f7abfef3f885823db8620ee30cc5ead97b91053L-1", + "lines": [ + { + "line": "os.system('mv %s %s' % (filename, new_name))\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": "shutil.move(filename, new_name)\n", + "lineNumber": 29, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/jjgod/opf-cc/commit/d03202eab8278189bc3d9ebd6ff353772a72189d?diff=split#diff-fd2c598923afdaa788e7469b2866ea4d019adcb333e33494e563810508d06700L-1", + "lines": [ + { + "line": "cmd = \"rm -rf '%s'\" % input_path\n", + "lineNumber": 143, + "lineChange": "removed" + }, + { + "line": "os.system(cmd)\n", + "lineNumber": 144, + "lineChange": "removed" + }, + { + "line": "shutil.rmtree(input_path)\n", + "lineNumber": 143, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 81, + "cwe": [ + "CWE-78" + ] + } + }, + { + "id": "cpp/CDivisionByZero", + "name": "CDivisionByZero", + "shortDescription": { + "text": "Division By Zero" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\nA value is divided by zero, this can result in unexpected program behaviour.\n\n## Best practices for prevention\nEnsure that any value being used as a divisor cannot be zero.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "CDivisionByZero", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/intel-ctrlsys/sensys/commit/58818452a80ec87478e1e1864b972b3edc6f8a93?diff=split#diff-2aad9f6fb562a2b63480e8392da2ee468ae679a660e83b8f729ed8a24b127a20L-1", + "lines": [ + { + "line": "\n", + "lineNumber": 41, + "lineChange": "added" + }, + { + "line": " if (0 == n) return -1;\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": " avg = sum / n;\n", + "lineNumber": 44, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/tundra/neutrino/commit/a162f38b6fe88c0d32701fd47802312e91c76940?diff=split#diff-7263d3059b960d3cabdd8d66f28b023d6ff2d89fc9a818f6f8bcee713fa8b494L-1", + "lines": [ + { + "line": "double average = 65536.0 / total_failures;\n", + "lineNumber": 127, + "lineChange": "removed" + }, + { + "line": "double average = 65536.0 / ((double) total_failures);\n", + "lineNumber": 127, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/libav/libav/commit/eeaa742c3e77077628f9d4e87b5faf24f2b7e183?diff=split#diff-4528f439de40c2872c5d8a66af37daa78af8724948b73fc2c48568a8a77142faL-1", + "lines": [ + { + "line": "if(!i) i=1;\n", + "lineNumber": 122, + "lineChange": "added" + }, + { + "line": "dev= int_sqrt((sse*F*F)/i);\n", + "lineNumber": 123, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 45, + "cwe": [ + "CWE-369" + ] + } + }, + { + "id": "python/TooSmallRsaKeySizeUsed/test", + "name": "TooSmallRsaKeySizeUsed/test", + "shortDescription": { + "text": "Cryptographic Issues" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nThe category of cryptographic issues refers not to a single specific vulnerability but rather to a wide range of problems surrounding the implementation of cryptography and related security algorithms in programs and web apps. For example, weaknesses in generating the pseudorandom numbers used to create session keys can make keys excessively easy for hackers to guess via brute-force attack algorithms. Another example is when developers use weak hashes to encode passwords and other confidential data, which can lead to collisions that ultimately bypass authentication techniques.\n\nEach individual weakness will obviously require a different strategy, but there are a few common best practices that can help avoid or mitigate attacks.\n\n## Best practices for prevention\n* Implement multi-factor authentication, which relies on two or more factors such as password and SMS confirmation, prior to permitting secure access.\n* Always use a strong hashing algorithm for tighter encryption. Consider an adaptive hash function with built-in salting, although these can have a negative impact on performance.\n* Check all certificate details to verify its validity-not only the issuing entity but expiry, domain, and all other factors.\n* Developers should familiarize themselves with deprecated security algorithms and implement schemes that require greater computational effort to resolve, therefore making them more resistant to current attacks.\n* Implement all software architecture and design around the principle of least privilege, releasing secure information only after authentication as needed for business purposes.", + "text": "" + }, + "properties": { + "tags": [ + "python", + "TooSmallRsaKeySizeUsed", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/p2p-today/p2p-project/commit/?diff=split#diff-9e64092d7778bc35d3f11146076635aac20956e6b4f300bc1462e1e4b4b48534L-1", + "lines": [ + { + "line": "myPub, myPriv = rsa.newkeys(1024)\n", + "lineNumber": 4, + "lineChange": "removed" + }, + { + "line": "myPub, myPriv = rsa.newkeys(2048)\n", + "lineNumber": 4, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Psybernetics/Synchrony/commit/ae7fcb63018ac2bf07f8aed54ae68d25feb73a7d?diff=split#diff-85e0f2a6530e02572360b2e178047848f6d8a0d93cdc2e4e4f80cab54c10ce5aL-1", + "lines": [ + { + "line": "key = RSA.generate(1024, random_generator)\n", + "lineNumber": 151, + "lineChange": "removed" + }, + { + "line": "key = RSA.generate(4096, random_generator)\n", + "lineNumber": 151, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/laurivosandi/certidude/commit/59bedc1f162b1fd4c64191643a7ab392f9f23879?diff=split#diff-4e8715c7a425ee52e74b7df4d34efd32e8c92f3e60bd51bc2e1ad5943b82032eL-1", + "lines": [ + { + "line": " from cryptography import x509\n", + "lineNumber": 45, + "lineChange": "removed" + }, + { + "line": " from cryptography.hazmat.primitives.asymmetric import rsa, padding\n", + "lineNumber": 46, + "lineChange": "removed" + }, + { + "line": " from cryptography.hazmat.primitives import hashes, serialization\n", + "lineNumber": 47, + "lineChange": "removed" + }, + { + "line": " from cryptography.hazmat.backends import default_backend\n", + "lineNumber": 48, + "lineChange": "removed" + }, + { + "line": " from cryptography.x509.oid import NameOID\n", + "lineNumber": 49, + "lineChange": "removed" + }, + { + "line": " key = rsa.generate_private_key(\n", + "lineNumber": 50, + "lineChange": "removed" + }, + { + "line": " public_exponent=65537,\n", + "lineNumber": 51, + "lineChange": "removed" + }, + { + "line": " key_size=1024,\n", + "lineNumber": 52, + "lineChange": "removed" + }, + { + "line": " backend=default_backend())\n", + "lineNumber": 53, + "lineChange": "removed" + }, + { + "line": " csr = x509.CertificateSigningRequestBuilder()\n", + "lineNumber": 54, + "lineChange": "removed" + }, + { + "line": " if cn is not None:\n", + "lineNumber": 55, + "lineChange": "removed" + }, + { + "line": " csr = csr.subject_name(x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, cn)]))\n", + "lineNumber": 56, + "lineChange": "removed" + }, + { + "line": " buf = csr.sign(key, hashes.SHA256(), default_backend()\n", + "lineNumber": 57, + "lineChange": "removed" + }, + { + "line": " ).public_bytes(serialization.Encoding.PEM)\n", + "lineNumber": 58, + "lineChange": "removed" + }, + { + "line": " return buf\n", + "lineNumber": 59, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 50, + "lineChange": "added" + }, + { + "line": " public_key, private_key = asymmetric.generate_pair('rsa', bit_size=2048)\n", + "lineNumber": 51, + "lineChange": "added" + }, + { + "line": " builder = CSRBuilder({ 'common_name': cn }, public_key)\n", + "lineNumber": 52, + "lineChange": "added" + }, + { + "line": " request = builder.build(private_key)\n", + "lineNumber": 53, + "lineChange": "added" + }, + { + "line": " return pem_armor_csr(request)\n", + "lineNumber": 54, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 32, + "cwe": [ + "CWE-310" + ] + } + }, + { + "id": "python/InsecureHash/test", + "name": "InsecureHash/test", + "shortDescription": { + "text": "Use of Password Hash With Insufficient Computational Effort" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nSensitive information should never be stored in plain text, since this makes it very easy for unauthorized users, whether malicious insiders or outside attackers, to access. Hashing methods are used to make stored passwords and other sensitive data unreadable to users. For example, when a password is defined for the first time, it is hashed and then stored. The next time that user attempts to log on, the password they enter is hashed following the same procedure and compared with the stored value. In this way, the original password never needs to be stored in the system.\n\nHashing is a one-way scheme, meaning a hashed password cannot be reverse engineered. However, if an outdated or custom programmed hashing scheme is used, it becomes simple for an attacker with powerful modern computing power to gain access to the hashes used. This opens up access to all stored password information, leading to breached security. Therefore, it is essential for developers to understand modern, secure password hashing techniques.\n\n## Best practices for prevention\n* Use strong standard algorithms for hashing rather than simpler but outdated methods or DIY hashing schemes, which may have inherent weaknesses.\n* Use modular design for all code dealing with hashing so it can be swapped out as security standards change over time.\n* Use salting in combination with hashing (While this places more demands on resources, it is an essential step for tighter security.).\n* Implement zero-trust architecture to ensure that access to password data is granted only for legitimate business purposes.\n* Increase developer awareness of current standards in data security and cryptography.", + "text": "" + }, + "properties": { + "tags": [ + "python", + "InsecureHash", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/kiwitcms/Kiwi/commit/e17c071623e055c24a0fdf203991819d446c8f09?diff=split#diff-aa51d9851848643981397fb834fa01bae8fba8ff6f1af7bcd7c711b007a0433aL-1", + "lines": [ + { + "line": "md5 = hashlib.md5()\n", + "lineNumber": 7, + "lineChange": "removed" + }, + { + "line": "md5.update(value.encode(\"UTF-8\"))\n", + "lineNumber": 8, + "lineChange": "removed" + }, + { + "line": "return md5.hexdigest()\n", + "lineNumber": 9, + "lineChange": "removed" + }, + { + "line": "_checksum = hashlib.sha256()\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": "_checksum.update(value.encode(\"UTF-8\"))\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": "return _checksum.hexdigest()\n", + "lineNumber": 9, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/mozilla/amo-validator/commit/1557fa06a96966a6fbacd1733383ae83ad3b0614?diff=split#diff-98ef2e4adee9bbea1bbbd8f184af864ebe80f96ee44e6729e6c74b3ff9aa3147L-1", + "lines": [ + { + "line": "hash = hashlib.sha1(open(path).read()).hexdigest()\n", + "lineNumber": 10, + "lineChange": "removed" + }, + { + "line": "hash = hashlib.sha256(open(path).read()).hexdigest()\n", + "lineNumber": 10, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/ssfdust/full-stack-flask-smorest/commit/1b364164630cade9a86fc295850c7781fd4a7241?diff=split#diff-c14286914504e87a0adbd9123450ec1bb5484583d1db033876f3df4159371531L-1", + "lines": [ + { + "line": "from hashlib import md5\n", + "lineNumber": 5, + "lineChange": "removed" + }, + { + "line": "from app.utils.secure import encrypt_str\n", + "lineNumber": 5, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 6, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 7, + "lineChange": "none" + }, + { + "line": "class TestAuth():\n", + "lineNumber": 8, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 9, + "lineChange": "none" + }, + { + "line": " def test_auth(self, flask_app, flask_app_client, regular_user):\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": " user_hash = md5(regular_user.email.encode('utf-8')).hexdigest()\n", + "lineNumber": 11, + "lineChange": "removed" + }, + { + "line": " user_hash = encrypt_str(regular_user.email)\n", + "lineNumber": 11, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 144, + "cwe": [ + "CWE-916" + ] + } + }, + { + "id": "python/PT/test", + "name": "PT/test", + "shortDescription": { + "text": "Path Traversal" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nA Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.\n\nBeing able to access and manipulate an arbitrary path leads to vulnerabilities when a program is being run with privileges that the user providing the path should not have. A website with a path traversal vulnerability would allow users access to sensitive files on the server hosting it. CLI programs may also be vulnerable to path traversal if they are being ran with elevated privileges (such as with the setuid or setgid flags in Unix systems).\n\nDirectory Traversal vulnerabilities can be generally divided into two types:\n\n- **Information Disclosure**: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.\n\n`st` is a module for serving static files on web pages, and contains a [vulnerability of this type](https://snyk.io/vuln/npm:st:20140206). In our example, we will serve files from the `public` route.\n\nIf an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.\n\n```\ncurl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa\n```\n**Note** `%2e` is the URL encoded version of `.` (dot).\n\n- **Writing arbitrary files**: Allows the attacker to create or replace existing files. This type of vulnerability is also known as `Zip-Slip`.\n\nOne way to achieve this is by using a malicious `zip` archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.\n\nThe following is an example of a `zip` archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in `/root/.ssh/` overwriting the `authorized_keys` file:\n\n```\n2018-04-15 22:04:29 ..... 19 19 good.txt\n2018-04-15 22:04:42 ..... 20 20 ../../../../../../root/.ssh/authorized_keys\n```", + "text": "" + }, + "properties": { + "tags": [ + "python", + "PT", + "Security", + "InTest", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/Guad/fuwa/commit/955baf1c0e8824f08a96e48a350ee3cd0e3c5493?diff=split#diff-568470d013cd12e4f388206520da39ab9a4e4c3c6b95846cbc281abc1ba3c959L-1", + "lines": [ + { + "line": "import string, random\n", + "lineNumber": 1, + "lineChange": "removed" + }, + { + "line": "import string, random, hashlib, os\n", + "lineNumber": 1, + "lineChange": "added" + }, + { + "line": "from werkzeug import secure_filename\n", + "lineNumber": 2, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 3, + "lineChange": "added" + }, + { + "line": "#Load config file\n", + "lineNumber": 4, + "lineChange": "added" + }, + { + "line": "config = {}\n", + "lineNumber": 5, + "lineChange": "added" + }, + { + "line": "with open('config.ini', 'r') as file:\n", + "lineNumber": 6, + "lineChange": "added" + }, + { + "line": "\tfor line in file.read().splitlines():\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": "\t\tline = line.split('==')\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": "\t\tconfig[line[0]] = line[1]\n", + "lineNumber": 9, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": "app = flask.Flask(__name__) #Initialize our application\n", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": "app.config['MAX_CONTENT_LENGTH'] = 10 * 1024 * 1024 #Set the upload limit to 10MiB\n", + "lineNumber": 12, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": "def genHash(seed): #Generate five letter filenames for our files\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": " base = string.ascii_lowercase+string.digits \n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": " random.seed(seed)\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " hash_value = \"\"\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " for i in range(5):\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": " hash_value += random.choice(base)\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": " return hash_value\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "@app.route('/', methods=['GET', 'POST'])\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "def index():\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "\tif flask.request.method == 'POST':\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "\t\t\"\"\"\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "\t\t\tFile upload happens here.\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\t\t\tWe get your filename and convert it to our hash with your extension.\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "\t\t\tThen we redirect to the file itself.\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "\t\t\"\"\"\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "\t\tf = flask.request.files['file']\n", + "lineNumber": 32, + "lineChange": "none" + }, + { + "line": "\t\textension = f.filename.split('.')[-1]\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "\t\tfilename = genHash(f.filename) + '.' + extension\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": "\t\tf.save('static/files/%s' % filename)\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\t\tprint 'Uploaded file \\'%s\\'' % filename #Log what file was uploaded\n", + "lineNumber": 27, + "lineChange": "removed" + }, + { + "line": "\t\treturn flask.redirect(flask.url_for('getFile', filename=filename))\n", + "lineNumber": 28, + "lineChange": "removed" + }, + { + "line": "\t\t\n", + "lineNumber": 33, + "lineChange": "added" + }, + { + "line": "\t\thasher = hashlib.md5() \t\t\n", + "lineNumber": 34, + "lineChange": "added" + }, + { + "line": "\t\tbuf = f.read()\t\t \t\t\n", + "lineNumber": 35, + "lineChange": "added" + }, + { + "line": "\t\tf.seek(0) #Set cursor back to position 0 so we can read it again in the save function.\n", + "lineNumber": 36, + "lineChange": "added" + }, + { + "line": "\t\t\t\t\t\t\t\t\t# We hash the file to get its filename.\t \t\t\n", + "lineNumber": 37, + "lineChange": "added" + }, + { + "line": "\t\t\t\t\t\t\t\t\t# So that we can upload two different images with the same filename,\n", + "lineNumber": 38, + "lineChange": "added" + }, + { + "line": "\t\thasher.update(buf)\t \t\t# But not two same images with different filenames.\n", + "lineNumber": 39, + "lineChange": "added" + }, + { + "line": "\t\tdirname = genHash(hasher.hexdigest())\n", + "lineNumber": 40, + "lineChange": "added" + }, + { + "line": "\t\tif not os.path.exists(\"static/files/%s\" % dirname): # Check if the folder already exists\n", + "lineNumber": 41, + "lineChange": "added" + }, + { + "line": "\t\t\tos.mkdir('static/files/%s' % dirname) #Make it\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\t\t\tf.save('static/files/%s/%s' % (dirname, secure_filename(f.filename)))\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": "\t\t\tprint 'Uploaded file \\'%s\\'' % secure_filename(f.filename) #Log what file was uploaded\n", + "lineNumber": 44, + "lineChange": "added" + }, + { + "line": "\t\t\treturn flask.redirect(flask.url_for('getFile', dirname=dirname,filename=secure_filename(f.filename)))\n", + "lineNumber": 45, + "lineChange": "added" + }, + { + "line": "\t\telse:\n", + "lineNumber": 46, + "lineChange": "added" + }, + { + "line": "\t\t\tflask.flash('File already exists in %s!' % dirname) #Display a message for the user.\n", + "lineNumber": 47, + "lineChange": "added" + }, + { + "line": "\t\t\treturn flask.redirect(flask.url_for('index'))\n", + "lineNumber": 48, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/fonttools/fonttools/commit/0b99c8968e04e2e36c6c46ad8bb1a550d25969b4?diff=split#diff-e8b6161353c7ce5b13e62df1da329a85de0ef80ce8f039d283c25bf892b2b600L-1", + "lines": [ + { + "line": "os.system('gzip -9v %s' % tar)\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "os.rename(gz, tgz)\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "\n", + "lineNumber": 32, + "lineChange": "added" + }, + { + "line": "if destdir:\n", + "lineNumber": 33, + "lineChange": "added" + }, + { + "line": "\tprint \"destination directory:\", destdir\n", + "lineNumber": 34, + "lineChange": "added" + }, + { + "line": "\tos.system('mv %s %s' % (gz, destdir))\n", + "lineNumber": 35, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 36, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Chenwe-i-lin/KnowledgeFruits/commit/?diff=split#diff-ab8c675e5b4b07c550455b0884835f1df471bb69ad7142f6ad43b26cf33eb4e6L-1", + "lines": [ + { + "line": "base_path = os.path.abspath(os.path.dirname(__file__))\n", + "lineNumber": 11, + "lineChange": "added" + }, + { + "line": "base_path_for_data = os.path.join(base_path,'data/texture')\n", + "lineNumber": 12, + "lineChange": "added" + }, + { + "line": "file = os.path.join(base_path_for_data, image + '.png')\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "if os.path.abspath(file).startswith(base_path_for_data):\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "with open(os.getcwd() + \"/data/texture/\" + image + '.png', \"rb\") as f:\n", + "lineNumber": 15, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 36, + "cwe": [ + "CWE-23" + ] + } + }, + { + "id": "cpp/MemoryLeak", + "name": "MemoryLeak", + "shortDescription": { + "text": "Missing Release of Memory after Effective Lifetime" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nHeap allocated memory is not sufficiently tracked and released after it is has been used, which slowly consumes remaining memory.\n\n\n## Best practices for Prevention\n* Allocate and free memory in the same module, at the same level of abstraction, [see example](https://wiki.sei.cmu.edu/confluence/display/c/MEM00-C.+Allocate+and+free+memory+in+the+same+module%2C+at+the+same+level+of+abstraction)\n\n\n## References\n* [CERT MEM00-C](https://wiki.sei.cmu.edu/confluence/display/c/MEM00-C.+Allocate+and+free+memory+in+the+same+module%2C+at+the+same+level+of+abstraction)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "MemoryLeak", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/stanfordnlp/spinn/commit/b3575456973332425d9ce4339ca50a7514461795?diff=split#diff-64540c38ca1b79e4e84eecff13ce24011cc4e92689e96ddf84ffa904a5c4456dL-1", + "lines": [ + { + "line": " float *ret = (float *) malloc(N * sizeof(float));\n", + "lineNumber": 3, + "lineChange": "none" + }, + { + "line": " ifstream file(filename);\n", + "lineNumber": 4, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 5, + "lineChange": "none" + }, + { + "line": " float x;\n", + "lineNumber": 6, + "lineChange": "none" + }, + { + "line": " for (int i = 0; i < N; i++) {\n", + "lineNumber": 7, + "lineChange": "none" + }, + { + "line": " file >> x;\n", + "lineNumber": 8, + "lineChange": "none" + }, + { + "line": " cout << x << endl;\n", + "lineNumber": 9, + "lineChange": "none" + }, + { + "line": " ret[i] = x;\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 12, + "lineChange": "added" + }, + { + "line": " return ret;\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "float *load_weights_cuda(string filename, int N) {\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": " float *h_weights = load_weights(filename, N);\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " float *d_weights;\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " cudaMalloc(&d_weights, N * sizeof(float));\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": " cudaMemcpy(d_weights, h_weights, N * sizeof(float),\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": " cudaMemcpyHostToDevice);\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": " free(h_weights);\n", + "lineNumber": 22, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/luohaha/CSpider/commit/16cfb833cc993dc4a70a485737ae58990847f0aa?diff=split#diff-73ac80300bd77b06962065e0f2b544ff11b545899c989846a9b78cf07406d4e2L-1", + "lines": [ + { + "line": "char *buf = (char*)malloc(sizeof(char));\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": "node->data = &buf;\n", + "lineNumber": 20, + "lineChange": "removed" + }, + { + "line": "node->data = buf;\n", + "lineNumber": 20, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/brynet/file/commit/736f80d192566563afeb00826754a4b7cf64d4b3?diff=split#diff-64aad63a3595c827d932213f1f692fbc2a6c2350c6a150cabbb7d0752a8b1cd5L-1", + "lines": [ + { + "line": "void *zptr = malloc(0);\n", + "lineNumber": 48, + "lineChange": "none" + }, + { + "line": "assert(zptr != NULL);\n", + "lineNumber": 49, + "lineChange": "none" + }, + { + "line": "return ptr;\n", + "lineNumber": 50, + "lineChange": "removed" + }, + { + "line": "return zptr;\n", + "lineNumber": 50, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-401" + ] + } + }, + { + "id": "cpp/DerefNull", + "name": "DerefNull", + "shortDescription": { + "text": "Dereference of a NULL Pointer" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "## Details\nDereferencing a NULL pointer typically results in a program crash or other undefined behaviour. Pointers can be set to NULL a variety of ways, including by the retrun value of standard library functions, often in the case of an error with that function. Pointers may also be initalised to NULL, and subsequently not reassigned on some execution paths before being derefernced. Where it is possible a pointer is NULL, it is best to check before derefencing it.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "DerefNull", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/RaJiska/JAPM/commit/e717737ffd5237ae384072e6c523d1e11dd9ef16?diff=split#diff-612b7cf36bdcb89724f956c18aff3c9296d7d9f44eca7869b1d10da0b7cd1705L-1", + "lines": [ + { + "line": "if (*((found = strrchr(path, '\\\\')) + 1) == 0)\n", + "lineNumber": 17, + "lineChange": "removed" + }, + { + "line": "if ((found = strrchr(path, '\\\\')) && *found + 1 == 0)\n", + "lineNumber": 17, + "lineChange": "added" + }, + { + "line": "\t*found = 0;\n", + "lineNumber": 18, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/GNOME/gnumeric/commit/5d6b0e0e854f143d5fa7062495df812933149bc4?diff=split#diff-4bf0193427fd407708e50a71b61d9b6bcac32cab136702e69dd71341ffa22f10L-1", + "lines": [ + { + "line": "if (tmp[9] == 0)\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "if (tmp && tmp[9] == 0)\n", + "lineNumber": 26, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/higepon/mona/commit/72c6a77f8374e9fa1cf38d3093df4d65e4518855?diff=split#diff-6cefc6f1891fe5cfda626004db207043f2723e75642e7f1f74a120d649f85289L-1", + "lines": [ + { + "line": "\tif( fp == NULL )\n", + "lineNumber": 18, + "lineChange": "added" + }, + { + "line": "\t{\n", + "lineNumber": 19, + "lineChange": "added" + }, + { + "line": "\t\tputs(\"fp is NULL\");\n", + "lineNumber": 20, + "lineChange": "added" + }, + { + "line": "\t\treturn 1;\n", + "lineNumber": 21, + "lineChange": "added" + }, + { + "line": "\t}\n", + "lineNumber": 22, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "\ttid = Message::lookupMainThread(\"AUDIO.EX5\");\n", + "lineNumber": 24, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 25, + "lineChange": "none" + }, + { + "line": "\tMessage::sendReceive(&msg, tid, MSG_AUDIO_NEW_CHANNEL, 0);\n", + "lineNumber": 26, + "lineChange": "none" + }, + { + "line": "\tch = msg.arg2;\n", + "lineNumber": 27, + "lineChange": "none" + }, + { + "line": "\ts = Stream::FromHandle(msg.arg3);\n", + "lineNumber": 28, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": "\tMessage::sendReceive(&msg, tid, MSG_AUDIO_SET_FORMAT, 2, 16, 44100);\n", + "lineNumber": 30, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 31, + "lineChange": "none" + }, + { + "line": "\treadsize = fread(buf, 1, sizeof(buf), fp);\n", + "lineNumber": 32, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-476" + ] + } + }, + { + "id": "cpp/InsecureHash/test", + "name": "InsecureHash/test", + "shortDescription": { + "text": "Use of Password Hash With Insufficient Computational Effort" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nSensitive information should never be stored in plain text, since this makes it very easy for unauthorized users, whether malicious insiders or outside attackers, to access. Hashing methods are used to make stored passwords and other sensitive data unreadable to users. For example, when a password is defined for the first time, it is hashed and then stored. The next time that user attempts to log on, the password they enter is hashed following the same procedure and compared with the stored value. In this way, the original password never needs to be stored in the system.\n\nHashing is a one-way scheme, meaning a hashed password cannot be reverse engineered. However, if an outdated or custom programmed hashing scheme is used, it becomes simple for an attacker with powerful modern computing power to gain access to the hashes used. This opens up access to all stored password information, leading to breached security. Therefore, it is essential for developers to understand modern, secure password hashing techniques.\n\n## Best practices for prevention\n* Use strong standard algorithms for hashing rather than simpler but outdated methods or DIY hashing schemes, which may have inherent weaknesses.\n* Use modular design for all code dealing with hashing so it can be swapped out as security standards change over time.\n* Use salting in combination with hashing (While this places more demands on resources, it is an essential step for tighter security.).\n* Implement zero-trust architecture to ensure that access to password data is granted only for legitimate business purposes.\n* Increase developer awareness of current standards in data security and cryptography.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "InsecureHash", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/jgarzik/picocoin/commit/2ef8aec4979b901801150ed08488dd45b0025f5b?diff=split#diff-2e5075e9a4076e0f6d5da488e6c90f2d67ed3a768ad4c01149bf334b8c86434cL-1", + "lines": [ + { + "line": "i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": "i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), salt, key_data,\n", + "lineNumber": 38, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/coturn/rfc5766-turn-server/commit/697286823ba9bf2f6325a340f04c3475930210bb?diff=split#diff-75b8ac48a3f3763232f92a7f2c91f5facbe335bf59e071d9778bb1a986662daeL-1", + "lines": [ + { + "line": "\tif (!HMAC(EVP_sha1(), key, keylen, buf, len, hmac, NULL)) {\n", + "lineNumber": 43, + "lineChange": "removed" + }, + { + "line": "\tERR_clear_error();\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": "\tif(shatype == SHATYPE_SHA256) {\n", + "lineNumber": 44, + "lineChange": "added" + }, + { + "line": "\t\tif (!HMAC(EVP_sha256(), key, keylen, buf, len, hmac, hmac_len)) {\n", + "lineNumber": 45, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/0xd34df00d/leechcraft/commit/4861ca9cf54435f13abeaf5f3d5d8514b7e6bcfd?diff=split#diff-3314b2d792c264ba4646383318f8fded4b5897cf0f507684025227af065b9436L-1", + "lines": [ + { + "line": "return ssl::X509_digest(x509, EVP_sha1());\n", + "lineNumber": 206, + "lineChange": "removed" + }, + { + "line": "return ssl::X509_digest(x509, EVP_sha256());\n", + "lineNumber": 208, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 36, + "cwe": [ + "CWE-916" + ] + } + }, + { + "id": "cpp/UnsafeFunctionStringHandling/test", + "name": "UnsafeFunctionStringHandling/test", + "shortDescription": { + "text": "Potential buffer overflow from usage of unsafe function" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nA potential buffer overflow issue was identified via use of an insecure function. Use of this function could lead to memory corruption attacks if arbitrary user input (which has not been validated in terms of its length) is allowed to flow into it. It is advisable to use the safer alternative instead, which is less prone to memory corruption issues.\n\nA buffer overflow is a type of runtime error that allows a program to write past the end of a buffer or array — hence the name overflow — and corrupt adjacent memory. Like most bugs, a buffer overflow doesn’t manifest at every program execution. Instead, the vulnerability is triggered under certain circumstances, such as unexpected user input.\n\nA buffer overflow attack is the exploitation of a buffer overflow vulnerability — typically by a malicious actor who wants to gain access or information, or trigger a crash to deny service to others. Buffer overflows generally result in program crashes, however under certain circumstances, an attacker may be able to trigger remote code execution.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "UnsafeFunctionStringHandling", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/alisw/AliRoot/commit/f600fc614f90fcec43863a247fa68a0b25df501f?diff=split#diff-549671f05f93723480a35c85ff7681323ccf6764ef1b258da9195d9fa53b9803L-1", + "lines": [ + { + "line": "sprintf(runNbFileName,\"%s/run%u\",ddlDir,aliHeader->Get(\"RunNb\"));\n", + "lineNumber": 21, + "lineChange": "removed" + }, + { + "line": "snprintf(runNbFileName,sizeof(runNbFileName),\"%s/run%u\",ddlDir,aliHeader->Get(\"RunNb\"));\n", + "lineNumber": 21, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/nurdism/neko/commit/56bd6acf100f37ca12559f8def619e98f919af13?diff=split#diff-37254a1dc0e29dffd313e2e005c182ba8cd9dd747a0d053a1b597705846a388aL-1", + "lines": [ + { + "line": "char cmd[12] = \"setxkbmap \";\n", + "lineNumber": 170, + "lineChange": "removed" + }, + { + "line": "strcat(cmd, layout);\n", + "lineNumber": 171, + "lineChange": "removed" + }, + { + "line": "char cmd[13] = \"setxkbmap \";\n", + "lineNumber": 170, + "lineChange": "added" + }, + { + "line": "strncat(cmd, layout, 2);\n", + "lineNumber": 171, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/root-project/root/commit/181bbef8d3999fb240c9b4c4c3a2362e74641aad?diff=split#diff-318d614eb480fcc82d94d700c94ab416d68a1dff5e8fb957ae94a6cb9b6793e1L-1", + "lines": [ + { + "line": "char line[128];\n", + "lineNumber": 103, + "lineChange": "none" + }, + { + "line": "strcpy(line,GetMethod());\n", + "lineNumber": 104, + "lineChange": "removed" + }, + { + "line": "strncpy(line,GetMethod(),127);\n", + "lineNumber": 104, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 33, + "cwe": [ + "CWE-122" + ] + } + }, + { + "id": "python/CommandInjection/test", + "name": "CommandInjection/test", + "shortDescription": { + "text": "Command Injection" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "## Details\n\nWith an OS command injection attack a web application user can pass commands directly to the system shell, attached to a legitimate request. These commands can then be executed on the application server, potentially leading to harmful consequences, including data exposure or deletion. Like code injection attacks, command injection attacks are essentially a failure of data validation. Unlike code injection attacks, which introduce new code, command injection attacks use existing system functions, often taking advantage of the application's unnecessarily high privilege level, increasing the risk of serious harm and reputational damage.\n\n## Best practices for prevention\n- Never trust user input. Assume any input may transmit harmful values.\n- Adopt the principle of least privilege: No application should have a greater access level than needed to run its required tasks.\n- Control user access policies on a task-by-task basis.\n- Don't pass user input directly to the system; use libraries or APIs that lack system access.\n- Where shell commands must be passed, escape values using functions like shlex for Python, or escapeshellarg() for PHP.\n- Sanitize user input with regular expressions to define permitted characters along with maximum string length.\n- Convert special characters such as `& | ; $ > < \\ !` before passing to the server.\n- Whitelist permitted commands and validate user responses against these expectations.\n- Remember that code injection can take place on multiple fronts: GET and POST requests, but also cookies and HTTP headers.\n- Ensure up-to-date patching across all systems to remediate known vulnerabilities.\n- Educate all team members on safer data handling procedures to prevent attacks.", + "text": "" + }, + "properties": { + "tags": [ + "python", + "CommandInjection", + "Security", + "InTest", + "SourceNonServer", + "SourceLocalEnv", + "SourceCLI", + "Taint" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/ucbvislab/speecheditor/commit/70f2fb2290a28a1db5e65755c3a8307ef538ea99?diff=split#diff-568470d013cd12e4f388206520da39ab9a4e4c3c6b95846cbc281abc1ba3c959L-1", + "lines": [ + { + "line": "subprocess.call('cp \"%s\" \"%s\"' % (orig_name, full_name), shell=True)\n", + "lineNumber": 285, + "lineChange": "removed" + }, + { + "line": "shutil.copyfile(orig_name, full_name)\n", + "lineNumber": 303, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/esozh/eso_zh_ui/commit/7ef4d63f4c7c2e0275daf08862f615dcc6cf69f5?diff=split#diff-483aa1e8daa36090ed6724943f7abfef3f885823db8620ee30cc5ead97b91053L-1", + "lines": [ + { + "line": "os.system('mv %s %s' % (filename, new_name))\n", + "lineNumber": 29, + "lineChange": "removed" + }, + { + "line": "shutil.move(filename, new_name)\n", + "lineNumber": 29, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/jjgod/opf-cc/commit/d03202eab8278189bc3d9ebd6ff353772a72189d?diff=split#diff-fd2c598923afdaa788e7469b2866ea4d019adcb333e33494e563810508d06700L-1", + "lines": [ + { + "line": "cmd = \"rm -rf '%s'\" % input_path\n", + "lineNumber": 143, + "lineChange": "removed" + }, + { + "line": "os.system(cmd)\n", + "lineNumber": 144, + "lineChange": "removed" + }, + { + "line": "shutil.rmtree(input_path)\n", + "lineNumber": 143, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 81, + "cwe": [ + "CWE-78" + ] + } + }, + { + "id": "cpp/ImproperNullTermination", + "name": "ImproperNullTermination", + "shortDescription": { + "text": "Improper Null Termination" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\nImproper null termination occurs when a character string's ending null character is omitted or outside the allocated memory for the string. This typically leads to information leaks or buffer overflows and occurs when:\n* There is an off-by-one error which leads to the null character being out of bounds\n* Raw data is passed to functions expecting strings. This can lead to out of bounds reading or writing (e.g., strlen / strcpy using raw data)\n\n## Best practices for prevention\n* Use functions that ensure proper null termination. Pay attention to the way the string functions affect the ending null character (e.g., strncpy doesn't necessarily ensure null termination)\n* Avoid passing raw data to functions expecting strings. If this can't be avoided ensure there is proper null termination (e.g., write a null character at the end of the buffer)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "ImproperNullTermination", + "Security", + "SourceImproperNullTermination", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 0, + "cwe": [ + "CWE-170" + ] + } + }, + { + "id": "cpp/CDivisionByZero/test", + "name": "CDivisionByZero/test", + "shortDescription": { + "text": "Division By Zero" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\nA value is divided by zero, this can result in unexpected program behaviour.\n\n## Best practices for prevention\nEnsure that any value being used as a divisor cannot be zero.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "CDivisionByZero", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/intel-ctrlsys/sensys/commit/58818452a80ec87478e1e1864b972b3edc6f8a93?diff=split#diff-2aad9f6fb562a2b63480e8392da2ee468ae679a660e83b8f729ed8a24b127a20L-1", + "lines": [ + { + "line": "\n", + "lineNumber": 41, + "lineChange": "added" + }, + { + "line": " if (0 == n) return -1;\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": " avg = sum / n;\n", + "lineNumber": 44, + "lineChange": "none" + } + ] + }, + { + "commitURL": "https://github.com/tundra/neutrino/commit/a162f38b6fe88c0d32701fd47802312e91c76940?diff=split#diff-7263d3059b960d3cabdd8d66f28b023d6ff2d89fc9a818f6f8bcee713fa8b494L-1", + "lines": [ + { + "line": "double average = 65536.0 / total_failures;\n", + "lineNumber": 127, + "lineChange": "removed" + }, + { + "line": "double average = 65536.0 / ((double) total_failures);\n", + "lineNumber": 127, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/libav/libav/commit/eeaa742c3e77077628f9d4e87b5faf24f2b7e183?diff=split#diff-4528f439de40c2872c5d8a66af37daa78af8724948b73fc2c48568a8a77142faL-1", + "lines": [ + { + "line": "if(!i) i=1;\n", + "lineNumber": 122, + "lineChange": "added" + }, + { + "line": "dev= int_sqrt((sse*F*F)/i);\n", + "lineNumber": 123, + "lineChange": "none" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 45, + "cwe": [ + "CWE-369" + ] + } + }, + { + "id": "python/ssl~wrap_socket~without~protocol", + "name": "ssl~wrap_socket~without~protocol", + "shortDescription": { + "text": "Missing protocol in ssl.wrap_socket" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nCalling `ssl.wrap_socket` without specifying the `ssl_version` results in using a protocol version that is deprecated due to no longer being strong enough.\nImplementing encryption for the transmission and storage of sensitive information is essential. But encryption standards are constantly changing since attackers have more and more powerful resources at their disposal-along with more sophisticated attack algorithms. This means that encryption is only useful if it meets current standards appropriate for the type of data being transmitted or stored.\n\n\n## Best practices for prevention\n* Avoid calling `ssl.wrap_socket` without specifying the `ssl_version`\n\n\n## References\n\n* [ssl.wrap_socket](https://docs.python.org/3/library/ssl.html#ssl.wrap_socket)", + "text": "" + }, + "properties": { + "tags": [ + "python", + "ssl~wrap_socket~without~protocol", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/eerimoq/simba/commit/9543eb6a9a3f2c239db3be8dae7d0ad43f310bd6?diff=split#diff-d5b225ccb0485a59aefcad124590095f890ca7e40f3a2724fec56db1d6fc9011L-1", + "lines": [ + { + "line": "\n", + "lineNumber": 5, + "lineChange": "added" + }, + { + "line": "def recvall(sock, length):\n", + "lineNumber": 6, + "lineChange": "added" + }, + { + "line": " buf = b''\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": " while len(buf) < length:\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": " byte = sock.recv()\n", + "lineNumber": 9, + "lineChange": "added" + }, + { + "line": " if not byte:\n", + "lineNumber": 10, + "lineChange": "added" + }, + { + "line": " break\n", + "lineNumber": 11, + "lineChange": "added" + }, + { + "line": " buf += byte\n", + "lineNumber": 12, + "lineChange": "added" + }, + { + "line": " return buf\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 14, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 15, + "lineChange": "added" + }, + { + "line": "context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)\n", + "lineNumber": 16, + "lineChange": "added" + }, + { + "line": "context.load_cert_chain(certfile=\"server.crt\",\n", + "lineNumber": 17, + "lineChange": "added" + }, + { + "line": " keyfile=\"server.key\")\n", + "lineNumber": 18, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 19, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/mozilla/pluotsorbet/commit/5467504f196228a2db798e1d7e631b019048f186?diff=split#diff-f125e780e724f8101396135d6dabcc95ffc659d120e8c7694f8d7145b50da0d5L-1", + "lines": [ + { + "line": "httpd.socket = ssl.wrap_socket(httpd.socket, certfile='cert.pem', server_side=True)\n", + "lineNumber": 6, + "lineChange": "removed" + }, + { + "line": "httpd.socket = ssl.wrap_socket(httpd.socket,\n", + "lineNumber": 6, + "lineChange": "added" + }, + { + "line": " server_side=True,\n", + "lineNumber": 7, + "lineChange": "added" + }, + { + "line": " certfile='cert.pem',\n", + "lineNumber": 8, + "lineChange": "added" + }, + { + "line": " keyfile='cert.pem',\n", + "lineNumber": 9, + "lineChange": "added" + }, + { + "line": " ssl_version=ssl.PROTOCOL_SSLv3)\n", + "lineNumber": 10, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/Debian/debile/commit/29696f0a491c938a5de2d3b2ecdd31c3e824a312?diff=split#diff-9592c0238cfde6b683ca5f59a078d2c282781c7f18b4b7356b8f89783361f983L-1", + "lines": [ + { + "line": "self.sock = ssl.wrap_socket(\n", + "lineNumber": 80, + "lineChange": "none" + }, + { + "line": " sock, self.key_file, self.cert_file,\n", + "lineNumber": 81, + "lineChange": "none" + }, + { + "line": " ca_certs=self.ca_certs, cert_reqs=cert_reqs,\n", + "lineNumber": 82, + "lineChange": "none" + }, + { + "line": " do_handshake_on_connect=True\n", + "lineNumber": 83, + "lineChange": "removed" + }, + { + "line": " do_handshake_on_connect=True, ssl_version=ssl.PROTOCOL_TLSv1,\n", + "lineNumber": 83, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 37, + "cwe": [ + "CWE-327" + ] + } + }, + { + "id": "cpp/InsecureHash", + "name": "InsecureHash", + "shortDescription": { + "text": "Use of Password Hash With Insufficient Computational Effort" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nSensitive information should never be stored in plain text, since this makes it very easy for unauthorized users, whether malicious insiders or outside attackers, to access. Hashing methods are used to make stored passwords and other sensitive data unreadable to users. For example, when a password is defined for the first time, it is hashed and then stored. The next time that user attempts to log on, the password they enter is hashed following the same procedure and compared with the stored value. In this way, the original password never needs to be stored in the system.\n\nHashing is a one-way scheme, meaning a hashed password cannot be reverse engineered. However, if an outdated or custom programmed hashing scheme is used, it becomes simple for an attacker with powerful modern computing power to gain access to the hashes used. This opens up access to all stored password information, leading to breached security. Therefore, it is essential for developers to understand modern, secure password hashing techniques.\n\n## Best practices for prevention\n* Use strong standard algorithms for hashing rather than simpler but outdated methods or DIY hashing schemes, which may have inherent weaknesses.\n* Use modular design for all code dealing with hashing so it can be swapped out as security standards change over time.\n* Use salting in combination with hashing (While this places more demands on resources, it is an essential step for tighter security.).\n* Implement zero-trust architecture to ensure that access to password data is granted only for legitimate business purposes.\n* Increase developer awareness of current standards in data security and cryptography.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "InsecureHash", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/jgarzik/picocoin/commit/2ef8aec4979b901801150ed08488dd45b0025f5b?diff=split#diff-2e5075e9a4076e0f6d5da488e6c90f2d67ed3a768ad4c01149bf334b8c86434cL-1", + "lines": [ + { + "line": "i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha1(), salt, key_data,\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": "i = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha512(), salt, key_data,\n", + "lineNumber": 38, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/coturn/rfc5766-turn-server/commit/697286823ba9bf2f6325a340f04c3475930210bb?diff=split#diff-75b8ac48a3f3763232f92a7f2c91f5facbe335bf59e071d9778bb1a986662daeL-1", + "lines": [ + { + "line": "\tif (!HMAC(EVP_sha1(), key, keylen, buf, len, hmac, NULL)) {\n", + "lineNumber": 43, + "lineChange": "removed" + }, + { + "line": "\tERR_clear_error();\n", + "lineNumber": 42, + "lineChange": "added" + }, + { + "line": "\n", + "lineNumber": 43, + "lineChange": "added" + }, + { + "line": "\tif(shatype == SHATYPE_SHA256) {\n", + "lineNumber": 44, + "lineChange": "added" + }, + { + "line": "\t\tif (!HMAC(EVP_sha256(), key, keylen, buf, len, hmac, hmac_len)) {\n", + "lineNumber": 45, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/0xd34df00d/leechcraft/commit/4861ca9cf54435f13abeaf5f3d5d8514b7e6bcfd?diff=split#diff-3314b2d792c264ba4646383318f8fded4b5897cf0f507684025227af065b9436L-1", + "lines": [ + { + "line": "return ssl::X509_digest(x509, EVP_sha1());\n", + "lineNumber": 206, + "lineChange": "removed" + }, + { + "line": "return ssl::X509_digest(x509, EVP_sha256());\n", + "lineNumber": 208, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 36, + "cwe": [ + "CWE-916" + ] + } + }, + { + "id": "cpp/UnsafeFunctionStringHandling", + "name": "UnsafeFunctionStringHandling", + "shortDescription": { + "text": "Potential buffer overflow from usage of unsafe function" + }, + "defaultConfiguration": { + "level": "warning" + }, + "help": { + "markdown": "\n## Details\n\nA potential buffer overflow issue was identified via use of an insecure function. Use of this function could lead to memory corruption attacks if arbitrary user input (which has not been validated in terms of its length) is allowed to flow into it. It is advisable to use the safer alternative instead, which is less prone to memory corruption issues.\n\nA buffer overflow is a type of runtime error that allows a program to write past the end of a buffer or array — hence the name overflow — and corrupt adjacent memory. Like most bugs, a buffer overflow doesn’t manifest at every program execution. Instead, the vulnerability is triggered under certain circumstances, such as unexpected user input.\n\nA buffer overflow attack is the exploitation of a buffer overflow vulnerability — typically by a malicious actor who wants to gain access or information, or trigger a crash to deny service to others. Buffer overflows generally result in program crashes, however under certain circumstances, an attacker may be able to trigger remote code execution.", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "UnsafeFunctionStringHandling", + "Security" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/alisw/AliRoot/commit/f600fc614f90fcec43863a247fa68a0b25df501f?diff=split#diff-549671f05f93723480a35c85ff7681323ccf6764ef1b258da9195d9fa53b9803L-1", + "lines": [ + { + "line": "sprintf(runNbFileName,\"%s/run%u\",ddlDir,aliHeader->Get(\"RunNb\"));\n", + "lineNumber": 21, + "lineChange": "removed" + }, + { + "line": "snprintf(runNbFileName,sizeof(runNbFileName),\"%s/run%u\",ddlDir,aliHeader->Get(\"RunNb\"));\n", + "lineNumber": 21, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/nurdism/neko/commit/56bd6acf100f37ca12559f8def619e98f919af13?diff=split#diff-37254a1dc0e29dffd313e2e005c182ba8cd9dd747a0d053a1b597705846a388aL-1", + "lines": [ + { + "line": "char cmd[12] = \"setxkbmap \";\n", + "lineNumber": 170, + "lineChange": "removed" + }, + { + "line": "strcat(cmd, layout);\n", + "lineNumber": 171, + "lineChange": "removed" + }, + { + "line": "char cmd[13] = \"setxkbmap \";\n", + "lineNumber": 170, + "lineChange": "added" + }, + { + "line": "strncat(cmd, layout, 2);\n", + "lineNumber": 171, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/root-project/root/commit/181bbef8d3999fb240c9b4c4c3a2362e74641aad?diff=split#diff-318d614eb480fcc82d94d700c94ab416d68a1dff5e8fb957ae94a6cb9b6793e1L-1", + "lines": [ + { + "line": "char line[128];\n", + "lineNumber": 103, + "lineChange": "none" + }, + { + "line": "strcpy(line,GetMethod());\n", + "lineNumber": 104, + "lineChange": "removed" + }, + { + "line": "strncpy(line,GetMethod(),127);\n", + "lineNumber": 104, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 33, + "cwe": [ + "CWE-122" + ] + } + }, + { + "id": "cpp/UseAfterFree/test", + "name": "UseAfterFree/test", + "shortDescription": { + "text": "Use After Free" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nMemory allocated on the heap is released, and then subsequently referenced. This can cause a program to crash, use unexpected values, or execute code.\n\n\n## Best practices for prevention\n* Store a new value in pointers immediately after `free()`\n * The new value can be:\n * a constant that can be checked (ie, `NULL`), or\n * a reference to another valid object.\n\n\n## References\n\n* [CERT MEM01-C](https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152148)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "UseAfterFree", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/feiskyer/linux-perf-examples/commit/5c167c49f2fa8b11d7d4229f1d7de703472280de?diff=split#diff-4ac62d0e3e70045c820c45da8b94803e9a4ad44b254a604acfda40354db4a6aeL-1", + "lines": [ + { + "line": "n1 = *v;\n", + "lineNumber": 22, + "lineChange": "none" + }, + { + "line": "free(v);\n", + "lineNumber": 23, + "lineChange": "none" + }, + { + "line": "printf(\"%dth => %lld\\n\", n, *v);\n", + "lineNumber": 24, + "lineChange": "removed" + }, + { + "line": "printf(\"%dth => %lld\\n\", n, n1);\n", + "lineNumber": 24, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/naev/naev/commit/ed621c37d7a62de35566edb7c08617920ccc24c9?diff=split#diff-be6c10a281956279b3126103cd06a5c1573197dd6bb7b13f8b59409d9903f5aaL-1", + "lines": [ + { + "line": "name);\n", + "lineNumber": 2904, + "lineChange": "removed" + }, + { + "line": "ship->name);\n", + "lineNumber": 2904, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/asfadmin/ASF_MapReady/commit/9eb2f300779a07e77127389e43421a6ca58a092c?diff=split#diff-6f0d067854363ef95657748d5a96a50d5130d0cfe620351ab6c8ae1a17933b32L-1", + "lines": [ + { + "line": "FREE(out_file);\n", + "lineNumber": 2686, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-416" + ] + } + }, + { + "id": "cpp/MemoryLeak/test", + "name": "MemoryLeak/test", + "shortDescription": { + "text": "Missing Release of Memory after Effective Lifetime" + }, + "defaultConfiguration": { + "level": "note" + }, + "help": { + "markdown": "\n## Details\n\nHeap allocated memory is not sufficiently tracked and released after it is has been used, which slowly consumes remaining memory.\n\n\n## Best practices for Prevention\n* Allocate and free memory in the same module, at the same level of abstraction, [see example](https://wiki.sei.cmu.edu/confluence/display/c/MEM00-C.+Allocate+and+free+memory+in+the+same+module%2C+at+the+same+level+of+abstraction)\n\n\n## References\n* [CERT MEM00-C](https://wiki.sei.cmu.edu/confluence/display/c/MEM00-C.+Allocate+and+free+memory+in+the+same+module%2C+at+the+same+level+of+abstraction)", + "text": "" + }, + "properties": { + "tags": [ + "cpp", + "MemoryLeak", + "Security", + "InTest" + ], + "categories": [ + "Security", + "InTest" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/stanfordnlp/spinn/commit/b3575456973332425d9ce4339ca50a7514461795?diff=split#diff-64540c38ca1b79e4e84eecff13ce24011cc4e92689e96ddf84ffa904a5c4456dL-1", + "lines": [ + { + "line": " float *ret = (float *) malloc(N * sizeof(float));\n", + "lineNumber": 3, + "lineChange": "none" + }, + { + "line": " ifstream file(filename);\n", + "lineNumber": 4, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 5, + "lineChange": "none" + }, + { + "line": " float x;\n", + "lineNumber": 6, + "lineChange": "none" + }, + { + "line": " for (int i = 0; i < N; i++) {\n", + "lineNumber": 7, + "lineChange": "none" + }, + { + "line": " file >> x;\n", + "lineNumber": 8, + "lineChange": "none" + }, + { + "line": " cout << x << endl;\n", + "lineNumber": 9, + "lineChange": "none" + }, + { + "line": " ret[i] = x;\n", + "lineNumber": 10, + "lineChange": "none" + }, + { + "line": " }\n", + "lineNumber": 11, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 12, + "lineChange": "added" + }, + { + "line": " return ret;\n", + "lineNumber": 13, + "lineChange": "added" + }, + { + "line": "}\n", + "lineNumber": 14, + "lineChange": "none" + }, + { + "line": "\n", + "lineNumber": 15, + "lineChange": "none" + }, + { + "line": "float *load_weights_cuda(string filename, int N) {\n", + "lineNumber": 16, + "lineChange": "none" + }, + { + "line": " float *h_weights = load_weights(filename, N);\n", + "lineNumber": 17, + "lineChange": "none" + }, + { + "line": " float *d_weights;\n", + "lineNumber": 18, + "lineChange": "none" + }, + { + "line": " cudaMalloc(&d_weights, N * sizeof(float));\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": " cudaMemcpy(d_weights, h_weights, N * sizeof(float),\n", + "lineNumber": 20, + "lineChange": "none" + }, + { + "line": " cudaMemcpyHostToDevice);\n", + "lineNumber": 21, + "lineChange": "none" + }, + { + "line": " free(h_weights);\n", + "lineNumber": 22, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/luohaha/CSpider/commit/16cfb833cc993dc4a70a485737ae58990847f0aa?diff=split#diff-73ac80300bd77b06962065e0f2b544ff11b545899c989846a9b78cf07406d4e2L-1", + "lines": [ + { + "line": "char *buf = (char*)malloc(sizeof(char));\n", + "lineNumber": 19, + "lineChange": "none" + }, + { + "line": "node->data = &buf;\n", + "lineNumber": 20, + "lineChange": "removed" + }, + { + "line": "node->data = buf;\n", + "lineNumber": 20, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/brynet/file/commit/736f80d192566563afeb00826754a4b7cf64d4b3?diff=split#diff-64aad63a3595c827d932213f1f692fbc2a6c2350c6a150cabbb7d0752a8b1cd5L-1", + "lines": [ + { + "line": "void *zptr = malloc(0);\n", + "lineNumber": 48, + "lineChange": "none" + }, + { + "line": "assert(zptr != NULL);\n", + "lineNumber": 49, + "lineChange": "none" + }, + { + "line": "return ptr;\n", + "lineNumber": 50, + "lineChange": "removed" + }, + { + "line": "return zptr;\n", + "lineNumber": 50, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 35, + "cwe": [ + "CWE-401" + ] + } + }, + { + "id": "javascript/DOMXSS", + "name": "DOMXSS", + "shortDescription": { + "text": "Cross-site Scripting (XSS)" + }, + "defaultConfiguration": { + "level": "error" + }, + "help": { + "markdown": "## Details\n\nA cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.\n\nThis is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser's Same Origin Policy.\n\nInjecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.\n\nEscaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, `<` can be coded as `<`; and `>` can be coded as `>`; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses `<` and `>` as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they've been correctly escaped in the application code and in this way the attempted attack is diverted.\n\nThe most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.\n\n### Types of attacks\nThere are a few methods by which XSS can be manipulated:\n\n|Type|Origin|Description|\n|--|--|--|\n|**Stored**|Server|The malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.|\n|**Reflected**|Server|The attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user's browser.|\n|**DOM-based**|Client|The attacker forces the user's browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.|\n|**Mutated**| |The attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.|\n\n### Affected environments\nThe following environments are susceptible to an XSS attack:\n\n* Web servers\n* Application servers\n* Web application environments\n\n## Best practices for prevention\nThis section describes the top best practices designed to specifically protect your code:\n\n* Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.\n* Convert special characters such as `?`, `&`, `/`, `<`, `>` and spaces to their respective HTML or URL encoded equivalents.\n* Give users the option to disable client-side scripts.\n* Redirect invalid requests.\n* Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.\n* Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.\n* Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.", + "text": "" + }, + "properties": { + "tags": [ + "javascript", + "DOMXSS", + "Security", + "SourceServer", + "SourceRequestUrl", + "Taint" + ], + "categories": [ + "Security" + ], + "exampleCommitFixes": [ + { + "commitURL": "https://github.com/Drive4ik/simple-tab-groups/commit/d23caa02378845671eb32ee2c43c368f857b47c3?diff=split#diff-efdba41d528998f946ce1103fa57532e3746b2e9b1984cb92c94a2526451aedbL-1", + "lines": [ + { + "line": "document.getElementById('title').innerHTML = title || url;\n", + "lineNumber": 6, + "lineChange": "removed" + }, + { + "line": "document.getElementById('title').innerText = title || url;\n", + "lineNumber": 6, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/academic/vipa/commit/31c6fc127f775fd304f484fbb74e07d6d565aa0e?diff=split#diff-f92a276b67e184a63ce4d03fb5d47c10ff0bb2f10cba449dc9d537d2300c605fL-1", + "lines": [ + { + "line": "var $citeItemMustTpl = $(\"#step3_cite_item1_tpl\").html();\n", + "lineNumber": 27, + "lineChange": "added" + }, + { + "line": "var $citeItemShouldTpl = $(\"#step3_cite_item2_tpl\").html();\n", + "lineNumber": 28, + "lineChange": "added" + }, + { + "line": "for (var i in $mustFields) {\n", + "lineNumber": 29, + "lineChange": "none" + }, + { + "line": " $(\".citationDetailsFields\", $tpl).append(\n", + "lineNumber": 28, + "lineChange": "removed" + }, + { + "line": " ' ');\n", + "lineNumber": 30, + "lineChange": "removed" + }, + { + "line": " renderedTpl = Mustache.render($citeItemMustTpl, {'name': $mustFields[i], 'value': ''});\n", + "lineNumber": 30, + "lineChange": "added" + }, + { + "line": " $(\".citationDetailsFields\", $tpl).append(renderedTpl);\n", + "lineNumber": 31, + "lineChange": "added" + } + ] + }, + { + "commitURL": "https://github.com/188867052/MatrixAdmin/commit/2252cc42a30439859ba6a2623151514ffc86b2ef?diff=split#diff-7b7071e994f356b320dab8de63d56ee7a17ea6a65e62bdea9b39b20e452c3aa1L-1", + "lines": [ + { + "line": "$.post(this._searchUrl, data, function (response) {\n", + "lineNumber": 25, + "lineChange": "removed" + }, + { + "line": " $(\".widget-content\")[0].innerHTML = response;\n", + "lineNumber": 26, + "lineChange": "removed" + }, + { + "line": "$.post(searchUrl, data, function (response) {\n", + "lineNumber": 28, + "lineChange": "added" + }, + { + "line": " successPointer(response);\n", + "lineNumber": 29, + "lineChange": "added" + } + ] + } + ], + "exampleCommitDescriptions": [], + "precision": "very-high", + "repoDatasetSize": 115, + "cwe": [ + "CWE-79" + ] + } + } + ] + } + }, + "results": [ + { + "ruleId": "cpp/WeakGuard", + "ruleIndex": 0, + "level": "note", + "message": { + "text": "An hardcoded domain name is compared in strcmp. This check could lead to a bypass since the domain name can be spoofed or controlled by an attacker.", + "markdown": "An hardcoded {0} is compared in {1}. This check could lead to a bypass since the {2} can be spoofed or controlled by an attacker.", + "arguments": [ + "[domain name](0)", + "[strcmp](1)", + "[domain name](2)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/lib/krb5/krb/t_princ.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 381, + "endLine": 381, + "startColumn": 26, + "endColumn": 48 + } + } + } + ], + "fingerprints": { + "0": "bb3aa857f5b4208acea58b378bad2ff2f4435ce4f792e83913d1d9fc5a221827", + "1": "4e488ef6.0d254423.0be09d6b.1409790a.e05f7676.e723426a.aaa50e58.661547e6.57664a44.0d254423.0be09d6b.1409790a.0685d941.e723426a.aaa50e58.5b6cf5fb" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/lib/krb5/krb/t_princ.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 381, + "endLine": 381, + "startColumn": 26, + "endColumn": 48 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/lib/krb5/krb/t_princ.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 381, + "endLine": 381, + "startColumn": 9, + "endColumn": 15 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/lib/krb5/krb/t_princ.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 381, + "endLine": 381, + "startColumn": 26, + "endColumn": 48 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 151, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/WeakGuard", + "ruleIndex": 0, + "level": "note", + "message": { + "text": "An hardcoded domain name is compared in strcmp. This check could lead to a bypass since the domain name can be spoofed or controlled by an attacker.", + "markdown": "An hardcoded {0} is compared in {1}. This check could lead to a bypass since the {2} can be spoofed or controlled by an attacker.", + "arguments": [ + "[domain name](0)", + "[strcmp](1)", + "[domain name](2)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 140, + "endLine": 140, + "startColumn": 21, + "endColumn": 33 + } + } + } + ], + "fingerprints": { + "0": "302ef53b875b2f33c72df8414d09758386760b958fe02f32fbf5847ada280f84", + "1": "815caeba.a4f0afc6.a1f15da6.8ab4267b.10982d71.e723426a.30ad82ea.348c8065.815caeba.a4f0afc6.8d2297a3.8ab4267b.baf5e6ff.e723426a.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 140, + "endLine": 140, + "startColumn": 21, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 183, + "endLine": 183, + "startColumn": 9, + "endColumn": 15 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 140, + "endLine": 140, + "startColumn": 21, + "endColumn": 33 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 201, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/WeakGuard", + "ruleIndex": 0, + "level": "note", + "message": { + "text": "An hardcoded domain name is compared in strcmp. This check could lead to a bypass since the domain name can be spoofed or controlled by an attacker.", + "markdown": "An hardcoded {0} is compared in {1}. This check could lead to a bypass since the {2} can be spoofed or controlled by an attacker.", + "arguments": [ + "[domain name](0)", + "[strcmp](1)", + "[domain name](2)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 145, + "endLine": 145, + "startColumn": 21, + "endColumn": 34 + } + } + } + ], + "fingerprints": { + "0": "335f7457b92c23e5b5c2f55340c99cfb812f69548fdbd95fb7e9a7b56b5fc37a", + "1": "815caeba.a4f0afc6.a1f15da6.8ab4267b.10982d71.e723426a.30ad82ea.348c8065.815caeba.a4f0afc6.8d2297a3.8ab4267b.baf5e6ff.e723426a.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 145, + "endLine": 145, + "startColumn": 21, + "endColumn": 34 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 183, + "endLine": 183, + "startColumn": 9, + "endColumn": 15 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/wconfig.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 145, + "endLine": 145, + "startColumn": 21, + "endColumn": 34 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 201, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 360, + "endLine": 360, + "startColumn": 3, + "endColumn": 7 + } + } + } + ], + "fingerprints": { + "0": "eb2c64df887f3099fe5ede43246fc89869bb42a28d70919fa4587a72851755f5", + "1": "eeeec58a.9969c821.98501263.93cc8d4d.546b9441.05942b75.1e451703.919bd094.d603e754.277c621c.2a146e69.93cc8d4d.baf5e6ff.51211531.2e74736c.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 220, + "endLine": 220, + "startColumn": 10, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 220, + "endLine": 220, + "startColumn": 10, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 322, + "endLine": 322, + "startColumn": 12, + "endColumn": 15 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 339, + "endLine": 339, + "startColumn": 17, + "endColumn": 20 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 342, + "endLine": 342, + "startColumn": 37, + "endColumn": 40 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 351, + "endLine": 351, + "startColumn": 13, + "endColumn": 16 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 356, + "endLine": 356, + "startColumn": 18, + "endColumn": 21 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 85, + "endLine": 85, + "startColumn": 21, + "endColumn": 34 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 359, + "endLine": 359, + "startColumn": 23, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 360, + "endLine": 360, + "startColumn": 8, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/sample/client.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 68, + "endLine": 68, + "startColumn": 18, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/sample/client.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 72, + "endLine": 72, + "startColumn": 12, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/sasl2-sys/sasl2/sample/client.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 73, + "endLine": 73, + "startColumn": 9, + "endColumn": 10 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 161, + "endLine": 161, + "startColumn": 19, + "endColumn": 26 + } + } + } + ], + "fingerprints": { + "0": "c681070b00b31414784e2be776534dbb47ab30f132be4909d6bca280d52badb3", + "1": "4e488ef6.f002e68f.d2970e4c.27f9dbc8.076ec0cf.b391a980.52bee463.c4ff307b.d286026b.6ab9a970.8c1a46aa.af626857.4b531bda.b391a980.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 13, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 30, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 44, + "endColumn": 46 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 159, + "endLine": 159, + "startColumn": 33, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 123, + "endLine": 123, + "startColumn": 27, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 125, + "endLine": 125, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 126, + "endLine": 126, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 126, + "endLine": 126, + "startColumn": 17, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 159, + "endLine": 159, + "startColumn": 13, + "endColumn": 36 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 161, + "endLine": 161, + "startColumn": 19, + "endColumn": 21 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 161, + "endLine": 161, + "startColumn": 19, + "endColumn": 26 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 161, + "endLine": 161, + "startColumn": 30, + "endColumn": 32 + } + } + } + ], + "fingerprints": { + "0": "c681070b00b31414784e2be776534dbb47ab30f132be4909d6bca280d52badb3", + "1": "d286026b.7c2a5524.d2970e4c.27f9dbc8.4717bd83.b391a980.03fd97f1.c4ff307b.d286026b.6ab9a970.8c1a46aa.af626857.4b531bda.b391a980.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 156, + "endLine": 156, + "startColumn": 19, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 156, + "endLine": 156, + "startColumn": 19, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 156, + "endLine": 156, + "startColumn": 13, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 157, + "endLine": 157, + "startColumn": 17, + "endColumn": 20 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 160, + "endLine": 160, + "startColumn": 33, + "endColumn": 36 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 123, + "endLine": 123, + "startColumn": 27, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 125, + "endLine": 125, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 126, + "endLine": 126, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 126, + "endLine": 126, + "startColumn": 17, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 160, + "endLine": 160, + "startColumn": 13, + "endColumn": 37 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 161, + "endLine": 161, + "startColumn": 30, + "endColumn": 32 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 307, + "endLine": 307, + "startColumn": 35, + "endColumn": 42 + } + } + } + ], + "fingerprints": { + "0": "faf2bcadc5d78c14b08fc0664f8be8ab08466c3e1aff4ef88b6edd06919e3fc7", + "1": "2d06e3d6.a1bdb2c5.a1f15da6.27f9dbc8.ec3a95bd.6a274ab8.30ad82ea.348c8065.9a5a56f7.2fc60938.66e58c8d.93cc8d4d.09f8ba64.51211531.500a1f88.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 244, + "endLine": 244, + "startColumn": 17, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 244, + "endLine": 244, + "startColumn": 17, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 245, + "endLine": 245, + "startColumn": 22, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 247, + "endLine": 247, + "startColumn": 21, + "endColumn": 27 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 247, + "endLine": 247, + "startColumn": 5, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 248, + "endLine": 248, + "startColumn": 18, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 248, + "endLine": 248, + "startColumn": 5, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 249, + "endLine": 249, + "startColumn": 19, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 249, + "endLine": 249, + "startColumn": 5, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 249, + "endLine": 249, + "startColumn": 5, + "endColumn": 8 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 252, + "endLine": 252, + "startColumn": 10, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 389, + "endLine": 389, + "startColumn": 30, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 391, + "endLine": 391, + "startColumn": 10, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 394, + "endLine": 394, + "startColumn": 17, + "endColumn": 20 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 398, + "endLine": 398, + "startColumn": 16, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 399, + "endLine": 399, + "startColumn": 61, + "endColumn": 64 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 402, + "endLine": 402, + "startColumn": 26, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 17, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 448, + "endLine": 448, + "startColumn": 16, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 18, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 23, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 19, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 23, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 20, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 23, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 21, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 16, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 22, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 11, + "endColumn": 47 + } + } + } + }, + { + "location": { + "id": 23, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 290, + "endLine": 290, + "startColumn": 43, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 24, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 307, + "endLine": 307, + "startColumn": 35, + "endColumn": 42 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 444, + "endLine": 444, + "startColumn": 7, + "endColumn": 36 + } + } + } + ], + "fingerprints": { + "0": "263b34811104ae83a74a98455efdb13e9b9fb5a9dee7a0343e725112163e9e3e", + "1": "ed27a822.a1bdb2c5.66e58c8d.cc899355.ec3a95bd.6a274ab8.30ad82ea.348c8065.9a5a56f7.2fc60938.66e58c8d.93cc8d4d.ee1acd66.51211531.500a1f88.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 244, + "endLine": 244, + "startColumn": 17, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 244, + "endLine": 244, + "startColumn": 17, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 245, + "endLine": 245, + "startColumn": 22, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 247, + "endLine": 247, + "startColumn": 21, + "endColumn": 27 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 247, + "endLine": 247, + "startColumn": 5, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 248, + "endLine": 248, + "startColumn": 18, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 248, + "endLine": 248, + "startColumn": 5, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 249, + "endLine": 249, + "startColumn": 19, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 249, + "endLine": 249, + "startColumn": 5, + "endColumn": 18 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 249, + "endLine": 249, + "startColumn": 5, + "endColumn": 8 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 252, + "endLine": 252, + "startColumn": 10, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 389, + "endLine": 389, + "startColumn": 30, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 391, + "endLine": 391, + "startColumn": 10, + "endColumn": 13 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 394, + "endLine": 394, + "startColumn": 17, + "endColumn": 20 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 398, + "endLine": 398, + "startColumn": 16, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 399, + "endLine": 399, + "startColumn": 61, + "endColumn": 64 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 402, + "endLine": 402, + "startColumn": 26, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 17, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 448, + "endLine": 448, + "startColumn": 16, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 18, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 23, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 19, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 23, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 20, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 23, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 21, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 16, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 22, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 449, + "endLine": 449, + "startColumn": 11, + "endColumn": 47 + } + } + } + }, + { + "location": { + "id": 23, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 290, + "endLine": 290, + "startColumn": 43, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 24, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 307, + "endLine": 307, + "startColumn": 35, + "endColumn": 42 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34),(35),(36),(37),(38),(39),(40),(41),(42),(43),(44),(45),(46),(47),(48),(49),(50),(51),(52),(53),(54),(55),(56),(57)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 81, + "endLine": 81, + "startColumn": 27, + "endColumn": 53 + } + } + } + ], + "fingerprints": { + "0": "eb9b7ce131dcdc2cf6f209f6aa0bf595fed4f427303dbe67d5ac4c78b461d8dd", + "1": "f88ea8d7.34e68000.a0947d4e.93cc8d4d.fe964a17.6a274ab8.30ad82ea.f532cfe2.214d3e14.5e0d2592.ce5d5196.93cc8d4d.baf5e6ff.99b0745d.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 177, + "endLine": 177, + "startColumn": 26, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 177, + "endLine": 177, + "startColumn": 26, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 177, + "endLine": 177, + "startColumn": 17, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 178, + "endLine": 178, + "startColumn": 10, + "endColumn": 16 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 182, + "endLine": 182, + "startColumn": 14, + "endColumn": 20 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 22, + "endColumn": 34 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 183, + "endLine": 183, + "startColumn": 20, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 100, + "endLine": 100, + "startColumn": 28, + "endColumn": 47 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 113, + "endLine": 113, + "startColumn": 19, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 76, + "endLine": 76, + "startColumn": 21, + "endColumn": 40 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 81, + "endLine": 81, + "startColumn": 80, + "endColumn": 87 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 81, + "endLine": 81, + "startColumn": 67, + "endColumn": 87 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1633, + "endLine": 1633, + "startColumn": 33, + "endColumn": 51 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1649, + "endLine": 1649, + "startColumn": 22, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1656, + "endLine": 1656, + "startColumn": 46, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1656, + "endLine": 1656, + "startColumn": 33, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1656, + "endLine": 1656, + "startColumn": 9, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 17, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1657, + "endLine": 1657, + "startColumn": 19, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 18, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1657, + "endLine": 1657, + "startColumn": 9, + "endColumn": 25 + } + } + } + }, + { + "location": { + "id": 19, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1661, + "endLine": 1661, + "startColumn": 39, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 20, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1671, + "endLine": 1671, + "startColumn": 20, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 21, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1673, + "endLine": 1673, + "startColumn": 52, + "endColumn": 58 + } + } + } + }, + { + "location": { + "id": 22, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1310, + "endLine": 1310, + "startColumn": 18, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 23, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1337, + "endLine": 1337, + "startColumn": 12, + "endColumn": 15 + } + } + } + }, + { + "location": { + "id": 24, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1339, + "endLine": 1339, + "startColumn": 49, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 25, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 912, + "endLine": 912, + "startColumn": 18, + "endColumn": 42 + } + } + } + }, + { + "location": { + "id": 26, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 924, + "endLine": 924, + "startColumn": 36, + "endColumn": 42 + } + } + } + }, + { + "location": { + "id": 27, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 924, + "endLine": 924, + "startColumn": 22, + "endColumn": 42 + } + } + } + }, + { + "location": { + "id": 28, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 924, + "endLine": 924, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 29, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 941, + "endLine": 941, + "startColumn": 30, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 30, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 959, + "endLine": 959, + "startColumn": 12, + "endColumn": 14 + } + } + } + }, + { + "location": { + "id": 31, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 984, + "endLine": 984, + "startColumn": 21, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 32, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 819, + "endLine": 819, + "startColumn": 39, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 33, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 985, + "endLine": 985, + "startColumn": 5, + "endColumn": 7 + } + } + } + }, + { + "location": { + "id": 34, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 985, + "endLine": 985, + "startColumn": 39, + "endColumn": 41 + } + } + } + }, + { + "location": { + "id": 35, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 776, + "endLine": 776, + "startColumn": 39, + "endColumn": 58 + } + } + } + }, + { + "location": { + "id": 36, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 995, + "endLine": 995, + "startColumn": 37, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 37, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 995, + "endLine": 995, + "startColumn": 25, + "endColumn": 34 + } + } + } + }, + { + "location": { + "id": 38, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1000, + "endLine": 1000, + "startColumn": 22, + "endColumn": 31 + } + } + } + }, + { + "location": { + "id": 39, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1000, + "endLine": 1000, + "startColumn": 17, + "endColumn": 31 + } + } + } + }, + { + "location": { + "id": 40, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1005, + "endLine": 1005, + "startColumn": 24, + "endColumn": 26 + } + } + } + }, + { + "location": { + "id": 41, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1008, + "endLine": 1008, + "startColumn": 45, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 42, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1008, + "endLine": 1008, + "startColumn": 28, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 43, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1008, + "endLine": 1008, + "startColumn": 17, + "endColumn": 66 + } + } + } + }, + { + "location": { + "id": 44, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 999, + "endLine": 999, + "startColumn": 31, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 45, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 999, + "endLine": 999, + "startColumn": 27, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 46, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1007, + "endLine": 1007, + "startColumn": 47, + "endColumn": 48 + } + } + } + }, + { + "location": { + "id": 47, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1009, + "endLine": 1009, + "startColumn": 43, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 48, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1020, + "endLine": 1020, + "startColumn": 31, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 49, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1020, + "endLine": 1020, + "startColumn": 27, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 50, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1022, + "endLine": 1022, + "startColumn": 53, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 51, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1036, + "endLine": 1036, + "startColumn": 57, + "endColumn": 58 + } + } + } + }, + { + "location": { + "id": 52, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1036, + "endLine": 1036, + "startColumn": 38, + "endColumn": 56 + } + } + } + }, + { + "location": { + "id": 53, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1036, + "endLine": 1036, + "startColumn": 25, + "endColumn": 86 + } + } + } + }, + { + "location": { + "id": 54, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1037, + "endLine": 1037, + "startColumn": 44, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 55, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1038, + "endLine": 1038, + "startColumn": 25, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 56, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1061, + "endLine": 1061, + "startColumn": 67, + "endColumn": 77 + } + } + } + }, + { + "location": { + "id": 57, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/lib/lz4.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1061, + "endLine": 1061, + "startColumn": 89, + "endColumn": 99 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 126, + "endLine": 126, + "startColumn": 17, + "endColumn": 19 + } + } + } + ], + "fingerprints": { + "0": "020fd5f7ad56e192645466096d07ebf18a82bbfd536993f80e4cf83b81c21af2", + "1": "d286026b.7c2a5524.a1f15da6.27f9dbc8.540df82d.b391a980.30ad82ea.348c8065.d286026b.6ab9a970.8c1a46aa.27f9dbc8.4b531bda.b391a980.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 13, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 30, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 44, + "endColumn": 46 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 159, + "endLine": 159, + "startColumn": 33, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 123, + "endLine": 123, + "startColumn": 27, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 125, + "endLine": 125, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 126, + "endLine": 126, + "startColumn": 17, + "endColumn": 19 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 128, + "endLine": 128, + "startColumn": 17, + "endColumn": 19 + } + } + } + ], + "fingerprints": { + "0": "ab0f5d860b7359a0484f5a2e676dd5858ccd018cfa21923c9d5f3b4f004cb8c0", + "1": "d286026b.6ab9a970.7a87dedd.27f9dbc8.4b531bda.fa860f7c.03fd97f1.c4ff307b.d286026b.6ab9a970.8c1a46aa.27f9dbc8.4b531bda.b391a980.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 13, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 30, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 44, + "endColumn": 46 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 159, + "endLine": 159, + "startColumn": 33, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 123, + "endLine": 123, + "startColumn": 27, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 125, + "endLine": 125, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 127, + "endLine": 127, + "startColumn": 9, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 127, + "endLine": 127, + "startColumn": 22, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 128, + "endLine": 128, + "startColumn": 17, + "endColumn": 19 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a file](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 130, + "endLine": 130, + "startColumn": 17, + "endColumn": 19 + } + } + } + ], + "fingerprints": { + "0": "7eb48233950e11ed9a6a8895605e4197554582323f7b97c6c877dca2b225cdcc", + "1": "d286026b.11ad0f14.28e514bf.27f9dbc8.f4aae252.fa860f7c.03fd97f1.c4ff307b.d286026b.6ab9a970.8c1a46aa.27f9dbc8.4b531bda.b391a980.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 18, + "endColumn": 23 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 148, + "endLine": 148, + "startColumn": 13, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 30, + "endColumn": 32 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 154, + "endLine": 154, + "startColumn": 44, + "endColumn": 46 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 159, + "endLine": 159, + "startColumn": 33, + "endColumn": 35 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 123, + "endLine": 123, + "startColumn": 27, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 125, + "endLine": 125, + "startColumn": 17, + "endColumn": 19 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 127, + "endLine": 127, + "startColumn": 9, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 127, + "endLine": 127, + "startColumn": 22, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 129, + "endLine": 129, + "startColumn": 9, + "endColumn": 11 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 129, + "endLine": 129, + "startColumn": 22, + "endColumn": 24 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 130, + "endLine": 130, + "startColumn": 17, + "endColumn": 19 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a command line argument flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a command line argument](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/openssl-src/openssl/test/confdump.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 37, + "endLine": 37, + "startColumn": 25, + "endColumn": 35 + } + } + } + ], + "fingerprints": { + "0": "172e25f8516a12a557d9952889c07cc683a00f37f87a6592e538d471e087fbce", + "1": "2d06e3d6.9969c821.554dd003.6483b32f.fd445c14.9509b717.c41c206f.545e9171.2d06e3d6.76503df6.0845c629.9b79c23e.fd445c14.51211531.30ad82ea.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/openssl-src/openssl/test/confdump.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 37, + "endLine": 37, + "startColumn": 42, + "endColumn": 49 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/openssl-src/openssl/test/confdump.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 37, + "endLine": 37, + "startColumn": 42, + "endColumn": 49 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/openssl-src/openssl/crypto/conf/conf_lib.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 250, + "endLine": 250, + "startColumn": 28, + "endColumn": 44 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/openssl-src/openssl/crypto/conf/conf_lib.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 257, + "endLine": 257, + "startColumn": 35, + "endColumn": 39 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/libz-sys/src/zlib/contrib/puff/pufftest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 60, + "endLine": 60, + "startColumn": 36, + "endColumn": 47 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/libz-sys/src/zlib/contrib/puff/pufftest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 66, + "endLine": 66, + "startColumn": 6, + "endColumn": 9 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/libz-sys/src/zlib/contrib/puff/pufftest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 73, + "endLine": 73, + "startColumn": 14, + "endColumn": 17 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/libz-sys/src/zlib/contrib/puff/pufftest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 73, + "endLine": 73, + "startColumn": 42, + "endColumn": 45 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/libz-sys/src/zlib/contrib/puff/pufftest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 73, + "endLine": 73, + "startColumn": 58, + "endColumn": 61 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/libz-sys/src/zlib/contrib/puff/pufftest.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 73, + "endLine": 73, + "startColumn": 57, + "endColumn": 61 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 170, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileCodeFlow" + } + ], + "isAutofixable": false + } + }, + { + "ruleId": "cpp/IntegerOverflow/test", + "ruleIndex": 1, + "level": "note", + "message": { + "text": "Unsanitized input from a command line argument flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "markdown": "Unsanitized input from {0} {1} into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "arguments": [ + "[a command line argument](0)", + "[flows](1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17),(18),(19),(20),(21),(22),(23),(24),(25),(26),(27),(28),(29),(30),(31),(32),(33),(34)" + ] + }, + "locations": [ + { + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 378, + "endLine": 378, + "startColumn": 95, + "endColumn": 104 + } + } + } + ], + "fingerprints": { + "0": "db543e8c32237616779f942138e7f4f812886680aee47114c3785b6fb7f77edb", + "1": "2d06e3d6.a5b374ad.742961a0.7157b133.1ea1395f.6a274ab8.30ad82ea.545e9171.a9ec925b.06a6cd98.b20d42d8.7157b133.09f8ba64.31142996.9957b03c.348c8065" + }, + "codeFlows": [ + { + "threadFlows": [ + { + "locations": [ + { + "location": { + "id": 0, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1772, + "endLine": 1772, + "startColumn": 32, + "endColumn": 43 + } + } + } + }, + { + "location": { + "id": 1, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1772, + "endLine": 1772, + "startColumn": 32, + "endColumn": 43 + } + } + } + }, + { + "location": { + "id": 2, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1772, + "endLine": 1772, + "startColumn": 21, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 3, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1774, + "endLine": 1774, + "startColumn": 13, + "endColumn": 21 + } + } + } + }, + { + "location": { + "id": 4, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1777, + "endLine": 1777, + "startColumn": 13, + "endColumn": 21 + } + } + } + }, + { + "location": { + "id": 5, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1778, + "endLine": 1778, + "startColumn": 25, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 6, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1779, + "endLine": 1779, + "startColumn": 13, + "endColumn": 21 + } + } + } + }, + { + "location": { + "id": 7, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1781, + "endLine": 1781, + "startColumn": 21, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 8, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1782, + "endLine": 1782, + "startColumn": 25, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 9, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1832, + "endLine": 1832, + "startColumn": 21, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 10, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1834, + "endLine": 1834, + "startColumn": 30, + "endColumn": 38 + } + } + } + }, + { + "location": { + "id": 11, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1834, + "endLine": 1834, + "startColumn": 29, + "endColumn": 38 + } + } + } + }, + { + "location": { + "id": 12, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1834, + "endLine": 1834, + "startColumn": 49, + "endColumn": 58 + } + } + } + }, + { + "location": { + "id": 13, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1836, + "endLine": 1836, + "startColumn": 39, + "endColumn": 48 + } + } + } + }, + { + "location": { + "id": 14, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1836, + "endLine": 1836, + "startColumn": 39, + "endColumn": 54 + } + } + } + }, + { + "location": { + "id": 15, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1836, + "endLine": 1836, + "startColumn": 33, + "endColumn": 38 + } + } + } + }, + { + "location": { + "id": 16, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1836, + "endLine": 1836, + "startColumn": 25, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 17, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1875, + "endLine": 1875, + "startColumn": 27, + "endColumn": 31 + } + } + } + }, + { + "location": { + "id": 18, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 1883, + "endLine": 1883, + "startColumn": 37, + "endColumn": 41 + } + } + } + }, + { + "location": { + "id": 19, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 317, + "endLine": 317, + "startColumn": 21, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 20, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 333, + "endLine": 333, + "startColumn": 25, + "endColumn": 29 + } + } + } + }, + { + "location": { + "id": 21, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 333, + "endLine": 333, + "startColumn": 9, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 22, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 363, + "endLine": 363, + "startColumn": 25, + "endColumn": 38 + } + } + } + }, + { + "location": { + "id": 23, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 376, + "endLine": 376, + "startColumn": 35, + "endColumn": 48 + } + } + } + }, + { + "location": { + "id": 24, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 376, + "endLine": 376, + "startColumn": 34, + "endColumn": 48 + } + } + } + }, + { + "location": { + "id": 25, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 376, + "endLine": 376, + "startColumn": 25, + "endColumn": 33 + } + } + } + }, + { + "location": { + "id": 26, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 376, + "endLine": 376, + "startColumn": 25, + "endColumn": 58 + } + } + } + }, + { + "location": { + "id": 27, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 376, + "endLine": 376, + "startColumn": 13, + "endColumn": 22 + } + } + } + }, + { + "location": { + "id": 28, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 377, + "endLine": 377, + "startColumn": 43, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 29, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 377, + "endLine": 377, + "startColumn": 42, + "endColumn": 52 + } + } + } + }, + { + "location": { + "id": 30, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 377, + "endLine": 377, + "startColumn": 33, + "endColumn": 41 + } + } + } + }, + { + "location": { + "id": 31, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 377, + "endLine": 377, + "startColumn": 33, + "endColumn": 78 + } + } + } + }, + { + "location": { + "id": 32, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 377, + "endLine": 377, + "startColumn": 32, + "endColumn": 83 + } + } + } + }, + { + "location": { + "id": 33, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 377, + "endLine": 377, + "startColumn": 19, + "endColumn": 28 + } + } + } + }, + { + "location": { + "id": 34, + "physicalLocation": { + "artifactLocation": { + "uri": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "uriBaseId": "%SRCROOT%" + }, + "region": { + "startLine": 378, + "endLine": 378, + "startColumn": 95, + "endColumn": 104 + } + } + } + } + ] + } + ] + } + ], + "properties": { + "priorityScore": 220, + "priorityScoreFactors": [ + { + "label": true, + "type": "multipleOccurrence" + }, + { + "label": true, + "type": "hotFileSource" + } + ], + "isAutofixable": false + } + } + ], + "properties": { + "coverage": [ + { + "isSupported": true, + "lang": "Ruby", + "files": 12, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "TypeScript", + "files": 3, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "Swift", + "files": 3, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "C++", + "files": 1638, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "XML", + "files": 148, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": ".config", + "files": 1, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "Java", + "files": 10, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "HTML", + "files": 125, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "Python", + "files": 150, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "Go", + "files": 23, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "JavaScript", + "files": 101, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "HTML+ERB", + "files": 1, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "C#", + "files": 9, + "type": "SUPPORTED" + }, + { + "isSupported": true, + "lang": "C", + "files": 3454, + "type": "SUPPORTED" + }, + { + "isSupported": false, + "lang": "JavaScript", + "files": 2, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": "C++", + "files": 59, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": "XML", + "files": 32, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": "C", + "files": 105, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": "Python", + "files": 8, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": "HTML", + "files": 133, + "type": "FAILED_PARSING" + }, + { + "isSupported": false, + "lang": ".config", + "files": 7, + "type": "FAILED_PARSING" + } + ] + } + } + ] +} diff --git a/tests/csgrep/0125-sarif-parser-bom-stdout.txt b/tests/csgrep/0125-sarif-parser-bom-stdout.txt new file mode 100644 index 00000000..0f19d771 --- /dev/null +++ b/tests/csgrep/0125-sarif-parser-bom-stdout.txt @@ -0,0 +1,245 @@ +{ + "scan": { + "analyzer-version-snyk-code": "1.0.0" + }, + "defects": [ + { + "checker": "SNYK_CODE_WARNING", + "cwe": 290, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/lib/krb5/krb/t_princ.c", + "line": 381, + "column": 26, + "h_size": 22, + "event": "note[cpp/WeakGuard]", + "message": "An hardcoded domain name is compared in strcmp. This check could lead to a bypass since the domain name can be spoofed or controlled by an attacker.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 290, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/wconfig.c", + "line": 140, + "column": 21, + "h_size": 12, + "event": "note[cpp/WeakGuard]", + "message": "An hardcoded domain name is compared in strcmp. This check could lead to a bypass since the domain name can be spoofed or controlled by an attacker.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 290, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/wconfig.c", + "line": 145, + "column": 21, + "h_size": 13, + "event": "note[cpp/WeakGuard]", + "message": "An hardcoded domain name is compared in strcmp. This check could lead to a bypass since the domain name can be spoofed or controlled by an attacker.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/sasl2-sys/sasl2/utils/smtptest.c", + "line": 360, + "column": 3, + "h_size": 4, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "line": 161, + "column": 19, + "h_size": 7, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "line": 161, + "column": 30, + "h_size": 2, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "line": 307, + "column": 35, + "h_size": 7, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/rdkafka-sys/librdkafka/tests/0098-consumer-txn.cpp", + "line": 444, + "column": 7, + "h_size": 29, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into an addition operator (+), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/lz4-sys/liblz4/tests/abiTest.c", + "line": 81, + "column": 27, + "h_size": 26, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "line": 126, + "column": 17, + "h_size": 2, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "line": 128, + "column": 17, + "h_size": 2, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/krb5-src/krb5/src/tests/asn.1/trval.c", + "line": 130, + "column": 17, + "h_size": 2, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a file flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/openssl-src/openssl/test/confdump.c", + "line": 37, + "column": 25, + "h_size": 10, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a command line argument flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + }, + { + "checker": "SNYK_CODE_WARNING", + "cwe": 190, + "tool": "snyk-code", + "key_event_idx": 0, + "events": [ + { + "file_name": "vendor/lz4-sys/liblz4/tests/fuzzer.c", + "line": 378, + "column": 95, + "h_size": 9, + "event": "note[cpp/IntegerOverflow/test]", + "message": "Unsanitized input from a command line argument flows into a subtraction operator (-), where it is used in integer arithmetic. This may result in an integer overflow vulnerability.", + "verbosity_level": 0 + } + ] + } + ] +} diff --git a/tests/csgrep/CMakeLists.txt b/tests/csgrep/CMakeLists.txt index 236266af..0eb6b87f 100644 --- a/tests/csgrep/CMakeLists.txt +++ b/tests/csgrep/CMakeLists.txt @@ -168,3 +168,4 @@ test_csgrep("0121-cov-parser-lock-evasion" ) test_csgrep("0122-json-parser-cov-v10-column" ) test_csgrep("0123-csgrep-hash-v1" ) test_csgrep("0124-sarif-writer-imp" ) +test_csgrep("0125-sarif-parser-bom" )