« IntelDataset:test » : différence entre les versions

De HackBBS
Aller à la navigation Aller à la recherche
Aucun résumé des modifications
Balise : Révoqué
HackBBS (discussion | contributions)
Aucun résumé des modifications
 
(10 versions intermédiaires par 2 utilisateurs non affichées)
Ligne 1 : Ligne 1 :
./pcap_sniffer.c:55: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings.<br />
./test/test_find.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki></nowiki><br />
./pcap_sniffer.c:71: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings.
./test/test_find.c:71:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki></nowiki><br />
./test/test_parser.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.<nowiki></nowiki><br />
./include/http_log.h:375:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./include/http_log.h:417:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./include/http_log.h:503:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./include/http_log.h:552:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./include/http_protocol.h:527:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./include/util_filter.h:336:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./include/util_filter.h:603:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.<nowiki></nowiki><br />
./modules/aaa/mod_authn_socache.c:276:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki></nowiki><br />
./modules/arch/netware/mod_nw_ssl.c:555:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki></nowiki><br />
./modules/arch/netware/mod_nw_ssl.c:605:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).<nowiki></nowiki>

Dernière version du 10 septembre 2024 à 19:08

./test/test_find.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./test/test_find.c:71:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./test/test_parser.c:67:  [5] (buffer) gets: Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
./include/http_log.h:375:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:417:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:503:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_log.h:552:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/http_protocol.h:527:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/util_filter.h:336:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./include/util_filter.h:603:  [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification.
./modules/aaa/mod_authn_socache.c:276:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
./modules/arch/netware/mod_nw_ssl.c:555:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).
./modules/arch/netware/mod_nw_ssl.c:605:  [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused).