Module cwe_checker_lib::checkers::cwe_676

This module implements a check for CWE-676: Use of Potentially Dangerous Function.

Potentially dangerous functions like memcpy can lead to security issues like buffer overflows. See https://cwe.mitre.org/data/definitions/676.html for a detailed description.

How the check works:

• Calls to dangerous functions are flagged. The list of functions that are considered dangerous can be configured in config.json. The default list is based on https://github.com/01org/safestringlib/wiki/SDL-List-of-Banned-Functions.

False Positives

• None known

False Negatives

• None known

Structs

• Config
  struct containing dangerous symbols from config.json

Statics

• CWE_MODULE
  The module name and version

Functions

• check_cwe
  Iterate through all function calls inside the program and flag calls to those functions that are marked as unsafe via the configuration file.
• generate_cwe_warnings
  Generate cwe warnings for potentially dangerous function calls
• get_calls
  For each subroutine and each found dangerous symbol, check for calls to the corresponding symbol
• resolve_symbols
  Filter external symbols by dangerous symbols