GrepBugs icon indicating copy to clipboard operation
GrepBugs copied to clipboard

Published 20 hours ago verified publisher icon foospidy

format string attack false positive?

Open geeknik opened this issue 10 years ago • 3 comments

Why would GrepBugs flag this as "Susceptible to format string attacks. "?

fprintf(stderr, "Other helper already running, refusing to start.\n");`

Is it just triggering on the fprintf or something else?

geeknik avatar Nov 27 '15 19:11 geeknik

The rule is defined here: https://grepbugs.com/grep/94 so looks like it is triggered just based on fprintf. This will of course be noisy. If you have any suggestions that could make the rule better, description or regex, that would be awesome.

foospidy avatar Nov 27 '15 20:11 foospidy

I'll work on that and get back to you. I'll leave this open in the meantime if that is ok.

geeknik avatar Nov 27 '15 21:11 geeknik

The regex is basic, just a printf trigger. Maybe this is acceptable: printf(, then double quote, [^"%]-star (no double quote or percent), double quote, paren. Anything else would be bad. Any var-arg could be attacked, so no commas, only one argument.

printf(variable_name) could be problematic if there is a % in the string. Or worse, if the variable is a var_arg variable type. Thus, I would argue static string only.

veggiespam avatar Nov 30 '15 16:11 veggiespam