earlybird icon indicating copy to clipboard operation
earlybird copied to clipboard
verified publisher icon americanexpress

Earlybird tests

Open ggi-cetic opened this issue 4 years ago • 1 comments

Hello, Didn't know where to ask this question so I raised this issue. I tried earlybird on the following poor, test, C source code :

#include<stdio.h>
#include<string.h>

int main(void) {
    char enteredPass[30];
    char password[30]="MyPassw0rd";
    printf("Enter Password:\n");
    scanf("%s", enteredPass);
    if (strcmp(enteredPass, password) == 0) {
        printf("%s is my Password!\nOops\n", password);
        return 0;
    } else {
        printf("You didn't found it!\n");
        return -1;
    }
}

and nothing is detected by earlybird.

I got : 1 files scanned in 2.048829ms 2021/10/08 11:42:22 144 rules observed ***** Total issues found ***** 0 TOTAL ISSUES

How is this possible?

This is almost exactly what is described as C example in CWE-798. Thanks for the help.

ggi-cetic avatar Oct 08 '21 12:10 ggi-cetic

It's not an existing pattern, feel free to make a pull request with C specific regexes

digitaliceberg avatar Oct 08 '21 22:10 digitaliceberg