CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
    • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
        • Lang
          • Correctness
          • Security
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Lang

    Security

    insecure-use-strcat-fn

    Finding triggers whenever there is a strcat or strncat used. This is an issue because strcat or strncat can lead to buffer overflow vulns. Fix this by using strcat_s instead.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-676: Use of Potentially Dangerous Function

    function-use-after-free

    Variable ‘$VAR’ was passed to a function after being freed. This can lead to undefined behavior.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-416: Use After Free

    random-fd-exhaustion

    Call to ‘read()’ without error checking is susceptible to file descriptor exhaustion. Consider using the ‘getrandom()’ function.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling

    insecure-use-gets-fn

    Avoid ‘gets()’. This function does not consider buffer boundaries and can lead to buffer overflows. Use ‘fgets()’ or ‘gets_s()’ instead.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-676: Use of Potentially Dangerous Function

    insecure-use-scanf-fn

    Avoid using ‘scanf()’. This function, when used improperly, does not consider buffer boundaries and can lead to buffer overflows. Use ‘fgets()’ instead for reading input.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-676: Use of Potentially Dangerous Function

    double-free

    Variable ‘$VAR’ was freed twice. This can lead to undefined behavior.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-415: Double Free
    OWASP:
    - A03:2021 - Injection
    - A01:2017 - Injection

    insecure-use-strtok-fn

    Avoid using ‘strtok()’. This function directly modifies the first argument buffer, permanently erasing the delimiter character. Use ‘strtok_r()’ instead.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-676: Use of Potentially Dangerous Function

    info-leak-on-non-formated-string

    Use %s, %d, %c… to format your variables, otherwise this could leak information.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-532: Insertion of Sensitive Information into Log File
    OWASP:
    - A09:2021 - Security Logging and Monitoring Failures

    insecure-use-memset

    When handling sensitive information in a buffer, it’s important to ensure that the data is securely erased before the buffer is deleted or reused. While memset() is commonly used for this purpose, it can leave sensitive information behind due to compiler optimizations or other factors. To avoid this potential vulnerability, it’s recommended to use the memset_s() function instead. memset_s() is a standardized function that securely overwrites the memory with a specified value, making it more difficult for an attacker to recover any sensitive data that was stored in the buffer. By using memset_s() instead of memset(), you can help to ensure that your application is more secure and less vulnerable to exploits that rely on residual data in memory.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-14: Compiler Removal of Code to Clear Buffers
    OWASP:
    - A04:2021 - Insecure Design

    insecure-use-string-copy-fn

    Finding triggers whenever there is a strcpy or strncpy used. This is an issue because strcpy does not affirm the size of the destination array and strncpy will not automatically NULL-terminate strings. This can lead to buffer overflows, which can cause program crashes and potentially let an attacker inject code in the program. Fix this by using strcpy_s instead (although note that strcpy_s is an optional part of the C11 standard, and so may not be available).
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-676: Use of Potentially Dangerous Function

    use-after-free

    Variable ‘$VAR’ was used after being freed. This can lead to undefined behavior.
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-416: Use After Free

    insecure-use-printf-fn

    Avoid using user-controlled format strings passed into ‘sprintf’, ‘printf’ and ‘vsprintf’. These functions put you at risk of buffer overflow vulnerabilities through the use of format string exploits. Instead, use ‘snprintf’ and ‘vsnprintf’.
    Likelihood: MEDIUM
    Confidence: LOW
    CWE:
    - CWE-134: Use of Externally-Controlled Format String

    CorrectnessSecurity
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.