config.json 3.07 KB
{
  "CWE190": {
    "symbols": [
      "xmalloc",
      "malloc",
      "realloc",
      "calloc"
    ]
  },
  "CWE215": {
    "symbols": []
  },
  "CWE243": {
    "_comment": "valid chroot pathes according to http://www.unixwiz.net/techtips/chroot-practices.html",
    "pairs": [
      [
        "chroot",
        "chdir"
      ],
      [
        "chdir",
        "chroot",
        "setresuid"
      ],
      [
        "chdir",
        "chroot",
        "seteuid"
      ],
      [
        "chdir",
        "chroot",
        "setreuid"
      ],
      [
        "chdir",
        "chroot",
        "setuid"
      ]
    ]
  },
  "CWE248": {
    "symbols": []
  },
  "CWE332": {
    "pairs": [
      [
        "srand",
        "rand"
      ]
    ]
  },
  "CWE367": {
    "pairs": [
      [
        "access",
        "open"
      ]
    ]
  },
  "CWE426": {
    "_comment": "functions that change/drop privileges",
    "symbols": [
      "setresgid",
      "setresuid",
      "setuid",
      "setgid",
      "seteuid",
      "setegid"
    ]
  },
  "CWE457": {
    "symbols": []
  },
  "CWE467": {
    "_comment": "any function that takes something of type size_t could be a possible candidate.",
    "symbols": [
      "strncmp",
      "malloc",
      "alloca",
      "_alloca",
      "strncat",
      "wcsncat",
      "strncpy",
      "wcsncpy",
      "stpncpy",
      "wcpncpy",
      "memcpy",
      "wmemcpy",
      "memmove",
      "wmemmove",
      "memcmp",
      "wmemcmp"
    ]
  },
  "CWE476": {
    "_comment": "any function that possibly returns a NULL value.",
    "_comment1": "included functions of the following libs: stdlib.h, locale.h, stdio.h, cstring.h, wchar.h",
    "parameters": [
      "strict_call_policy=true",
      "max_steps=100"
    ],
    "symbols": [
      "malloc",
      "calloc",
      "realloc",
      "getenv",
      "bsearch",
      "setlocale",
      "tmpfile",
      "tmpnam",
      "fopen",
      "freopen",
      "fgets",
      "memchr",
      "strchr",
      "strpbrk",
      "strrchr",
      "strstr",
      "strtok",
      "fgetws",
      "wcschr",
      "wcspbrk",
      "wcsrchr",
      "wcsstr",
      "wcstok",
      "wmemchr"
    ]
  },
  "CWE676": {
    "_comment": "https://github.com/01org/safestringlib/wiki/SDL-List-of-Banned-Functions",
    "symbols": [
      "alloca",
      "_alloca",
      "scanf",
      "wscanf",
      "sscanf",
      "swscanf",
      "vscanf",
      "vsscanf",
      "strlen",
      "wcslen",
      "strtok",
      "strtok_r",
      "wcstok",
      "strcat",
      "strncat",
      "wcscat",
      "wcsncat",
      "strcpy",
      "strncpy",
      "wcscpy",
      "wcsncpy",
      "stpcpy",
      "stpncpy",
      "wcpcpy",
      "wcpncpy",
      "memcpy",
      "wmemcpy",
      "memmove",
      "wmemmove",
      "memcmp",
      "wmemcmp",
      "memset",
      "wmemset",
      "gets",
      "sprintf",
      "vsprintf",
      "swprintf",
      "vswprintf",
      "snprintf",
      "vsnprintf",
      "realpath",
      "getwd",
      "wctomb",
      "wcrtomb",
      "wcstombs",
      "wcsrtombs",
      "wcsnrtombs"
    ]
  },
  "CWE782": {
    "symbols": []
  }
}