发表新帖

发表新帖

Tainted string in C

前端未结

关注

 3  1591

孤独总比滥情好 2021-01-19 02:18

I\'m running Coverity tool in my file operation function and getting the following error.

As you can see below, I\'m using an snprintf() before passing this variable

3条回答

挽巷 (楼主)

2021-01-19 03:05
Coverity wants to make sure you sanitize any string which is coming from outside of your program, be it getenv, argv, or from some file read.

You may have a function to sanitize the input(Tainted string) and have a comment provided by Coverty which tells Coverty that input string is sanitized and the SA warning will go away.
```
// coverity[ +tainted_string_sanitize_content : arg-0 ]
int sanitize_mystring(char* s) 
{
    // Do some string validation
    if validated()
        return SUCCESS;
    else
        return FAILED;
}
```
// coverity[ +tainted_string_sanitize_content : arg-0 ] is the line Coverty is looking

Hope this helps.
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...

热议问题