Skip to content

Seed stdlib sinks for C#, Rust, Elixir, C, C++, Kotlin, Scala, Swift, Dart, Perl, Lua #32

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andrew merged 1 commit into from
Apr 11, 2026
+1,054 −0
Merged

Seed stdlib sinks for C#, Rust, Elixir, C, C++, Kotlin, Scala, Swift, Dart, Perl, Lua #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 152 additions & 0 deletions knowledge/c/language.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,155 @@ ecosystems = ["c"]

[taxonomy]
role = ["language"]

[[security.sinks]]
symbol = "system"
threat = "command_injection"
cwe = "CWE-78"

[[security.sinks]]
symbol = "popen"
threat = "command_injection"
cwe = "CWE-78"

[[security.sinks]]
symbol = "execvp"
threat = "command_injection"
cwe = "CWE-78"
note = "When filename or argv from caller input"

[[security.sinks]]
symbol = "execlp"
threat = "command_injection"
cwe = "CWE-78"

[[security.sinks]]
symbol = "execl"
threat = "command_injection"
cwe = "CWE-78"

[[security.sinks]]
symbol = "gets"
threat = "code_injection"
cwe = "CWE-120"
note = "Removed in C11; no bounds checking"

[[security.sinks]]
symbol = "strcpy"
threat = "code_injection"
cwe = "CWE-120"
note = "No bounds checking; use strncpy or strlcpy"

[[security.sinks]]
symbol = "strcat"
threat = "code_injection"
cwe = "CWE-120"

[[security.sinks]]
symbol = "sprintf"
threat = "code_injection"
cwe = "CWE-120"
note = "No bounds checking; use snprintf"

[[security.sinks]]
symbol = "vsprintf"
threat = "code_injection"
cwe = "CWE-120"

[[security.sinks]]
symbol = "scanf"
threat = "code_injection"
cwe = "CWE-120"
note = "With %s and no width limit"

[[security.sinks]]
symbol = "printf"
threat = "code_injection"
cwe = "CWE-134"
note = "When format string is caller-controlled"

[[security.sinks]]
symbol = "fprintf"
threat = "code_injection"
cwe = "CWE-134"

[[security.sinks]]
symbol = "syslog"
threat = "code_injection"
cwe = "CWE-134"
note = "Format string vulnerability"

[[security.sinks]]
symbol = "tmpnam"
threat = "path_traversal"
cwe = "CWE-377"
note = "Race condition; use mkstemp"

[[security.sinks]]
symbol = "mktemp"
threat = "path_traversal"
cwe = "CWE-377"

[[security.sinks]]
symbol = "fopen"
threat = "path_traversal"
cwe = "CWE-22"
note = "When filename is caller-controlled"

[[security.sinks]]
symbol = "open"
threat = "path_traversal"
cwe = "CWE-22"

[[security.sinks]]
symbol = "access"
threat = "path_traversal"
cwe = "CWE-367"
note = "TOCTOU race between check and use"

[[security.sinks]]
symbol = "rand"
threat = "weak_crypto"
cwe = "CWE-338"
note = "Not cryptographically secure"

[[security.sinks]]
symbol = "srand"
threat = "weak_crypto"
cwe = "CWE-338"
note = "Predictable seeding with time(NULL)"

[[security.sinks]]
symbol = "atoi"
threat = "code_injection"
cwe = "CWE-190"
note = "No error checking; undefined on overflow"

[[security.sinks]]
symbol = "alloca"
threat = "code_injection"
cwe = "CWE-770"
note = "Stack allocation with caller-controlled size"

[[security.sinks]]
symbol = "free"
threat = "code_injection"
cwe = "CWE-415"
note = "Double-free when pointer reused without null"

[[security.sinks]]
symbol = "memcpy"
threat = "code_injection"
cwe = "CWE-120"
note = "When size argument is caller-controlled"

[[security.sinks]]
symbol = "memmove"
threat = "code_injection"
cwe = "CWE-120"

[[security.sinks]]
symbol = "realloc"
threat = "code_injection"
cwe = "CWE-415"
note = "Returns null on failure; original freed"
95 changes: 95 additions & 0 deletions knowledge/cpp/language.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,98 @@ ecosystems = ["cpp"]

[taxonomy]
role = ["language"]

[[security.sinks]]
symbol = "std::system"
threat = "command_injection"
cwe = "CWE-78"

[[security.sinks]]
symbol = "popen"
threat = "command_injection"
cwe = "CWE-78"
note = "C library function, commonly used in C++"

[[security.sinks]]
symbol = "gets"
threat = "code_injection"
cwe = "CWE-120"
note = "Removed in C++14"

[[security.sinks]]
symbol = "strcpy"
threat = "code_injection"
cwe = "CWE-120"

[[security.sinks]]
symbol = "strcat"
threat = "code_injection"
cwe = "CWE-120"

[[security.sinks]]
symbol = "sprintf"
threat = "code_injection"
cwe = "CWE-120"

[[security.sinks]]
symbol = "scanf"
threat = "code_injection"
cwe = "CWE-120"
note = "With %s and no width limit"

[[security.sinks]]
symbol = "printf"
threat = "code_injection"
cwe = "CWE-134"
note = "Format string with caller input"

[[security.sinks]]
symbol = "tmpnam"
threat = "path_traversal"
cwe = "CWE-377"

[[security.sinks]]
symbol = "std::tmpnam"
threat = "path_traversal"
cwe = "CWE-377"

[[security.sinks]]
symbol = "rand"
threat = "weak_crypto"
cwe = "CWE-338"
note = "Use std::random_device or platform CSPRNG"

[[security.sinks]]
symbol = "memcpy"
threat = "code_injection"
cwe = "CWE-120"
note = "When size from caller input"

[[security.sinks]]
symbol = "alloca"
threat = "code_injection"
cwe = "CWE-770"

[[security.sinks]]
symbol = "reinterpret_cast"
threat = "code_injection"
cwe = "CWE-119"
note = "Bypasses type system"

[[security.sinks]]
symbol = "const_cast"
threat = "code_injection"
cwe = "CWE-119"
note = "Modifying originally-const data is UB"

[[security.sinks]]
symbol = "new"
threat = "code_injection"
cwe = "CWE-770"
note = "Without nothrow; unchecked allocation"

[[security.sinks]]
symbol = "delete"
threat = "code_injection"
cwe = "CWE-415"
note = "Double-delete or delete of stack pointer"
Loading