Function cwe_checker_lib::checkers::cwe_337::check_cwe

source ·

pub fn check_cwe(
    analysis_results: &AnalysisResults<'_>,
    cwe_params: &Value
) -> (Vec<LogMessage>, Vec<CweWarning>)

Expand description

Run the CWE check.

We check if a return value of any of the sources (as determined by the config file) is used as a direct parameter of any of the sinks (as determined by the config file).

Currently, this is only used to detect whether a call of time leads into a call of srand.