SecureCoding-5.40¶

Using a tainted value to write to an object using a formatted input or output function

Required inputs: IR

Rule description is currently unavailable for legal reasons.

Possible Messages

Key	Text	Severity	Disabled
arg_type_mismatch	{} expects argument of type ‘{}’, but argument {} has type ‘{}’	None	False
buffer_too_small	{} may write up to {} characters to buffer of size {}.	None	False
invalid_conversion	Invalid or non-standard conversion specification	None	False
matching_arg_expected	{} expects a matching ‘{}’ argument	None	False
maybe_too_small	Target buffer may be too small. Use snprintf() instead.	None	False
precision_for_conversion	Precision must not be used with %{} conversion specifier	None	False
too_many_args	Too many arguments for format.	None	False
too_small	Target buffer has {} characters, but sprintf() may write up to {} characters (including null terminator).	None	False
unknown_buffer_size	Potential buffer overflow: {} used with buffer of unknown size.	None	False
unlimited_read	Potential buffer overflow: {} has no limit on amount of characters read.	None	False
unsupported_assignment_suppression	%n does not support assignment suppression	None	False
unsupported_field_width	%n does not support field width	None	False
unsupported_flags	%n does not support flags	None	False
unsupported_flags_modifiers	Cannot use any flags or modifiers with ‘%%’	None	False
unsupported_hash	%{} does not support the ‘#’ flag	None	False
unsupported_i_flag	%{} does not support the ‘I’ flag	None	False
unsupported_length_modifier	%{} does not support the ‘{}’ length modifier	None	False
unsupported_tick	%{} does not support the “’” flag	None	False
unsupported_zero	%{} does not support the ‘0’ flag	None	False

Options¶

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

allow_extra_args¶

allow_extra_args : bool = False

Whether to allow additional arguments that are not used by the format string.

allow_gnu_extensions¶

allow_gnu_extensions : bool = False

Whether to allow the GNU extensions to format specifications.

allow_unknown_specs¶

allow_unknown_specs : bool = False

Whether to allow unknown format specifications. It may be necessary to set this option when using implementation-specific extensions. Arguments are not checked when the format string contains unknown format specifications.

functions¶

functions

Type: dict[bauhaus.analysis.config.QualifiedName, typing.Tuple[str, int, typing.Optional[int]]]

Default:

{
   '_printf_l': ('printf', 1, 3),
   'fprintf': ('printf', 1, 2),
   'fscanf': ('scanf', 1, 2),
   'printf': ('printf', 0, 1),
   'scanf': ('scanf', 0, 1),
   'snprintf': ('printf', 2, 3),
   'sprintf': ('printf', 1, 2),
   'sscanf': ('scanf', 1, 2),
   'vfprintf': ('printf', 1, None),
   'vfscanf': ('scanf', 1, None),
   'vprintf': ('printf', 0, None),
   'vscanf': ('scanf', 0, None),
   'vsnprintf': ('printf', 2, None),
   'vsprintf': ('printf', 1, None),
   'vsscanf': ('scanf', 1, None)
}

A dictionary mapping the names of the functions to check, to a triple (function_kind, fmt_param_index, arg_start_index) where function_kind is either printf or scanf, fmt_param_index is the index of the format-string parameter, and arg_start_index is the index of the first variadic argument.

use_static_semantic_analysis¶

use_static_semantic_analysis : bool = True

Whether the rule should use the results of the StaticSemanticAnalysis to check buffer sizes. This can produce different findings, as the size of buffer arguments are computed more accurately. This will not enforce StaticSemanticAnalysis to be enabled, but will produce less accurate results if it is not.

Axivion Suite 7.12.0

Navigation