Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Earlybird tests #33

Open
ggi-cetic opened this issue Oct 8, 2021 · 1 comment
Open

Earlybird tests #33

ggi-cetic opened this issue Oct 8, 2021 · 1 comment
Labels
good first issue Good for newcomers

Comments

@ggi-cetic
Copy link

ggi-cetic commented Oct 8, 2021
edited
Loading

Hello,
Didn't know where to ask this question so I raised this issue.
I tried earlybird on the following poor, test, C source code :

#include<stdio.h>
#include<string.h>

int main(void) {
    char enteredPass[30];
    char password[30]="MyPassw0rd";
    printf("Enter Password:\n");
    scanf("%s", enteredPass);
    if (strcmp(enteredPass, password) == 0) {
        printf("%s is my Password!\nOops\n", password);
        return 0;
    } else {
        printf("You didn't found it!\n");
        return -1;
    }
}

and nothing is detected by earlybird.

I got :
1 files scanned in 2.048829ms
2021/10/08 11:42:22
144 rules observed
***** Total issues found *****
0 TOTAL ISSUES

How is this possible?

This is almost exactly what is described as C example in CWE-798.
Thanks for the help.
@digitaliceberg
Copy link
Contributor

It's not an existing pattern, feel free to make a pull request with C specific regexes

@grinish21 grinish21 mentioned this issue Oct 11, 2021
Closed
@grinish21 grinish21 added the good first issue Good for newcomers label Jun 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grinish21 @digitaliceberg @ggi-cetic