fix(security): prevent CWE-134 format string injection
All checks were successful
CI Code / Check spelling (pull_request) Successful in 21s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 5m15s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m32s
CI Code / Linux (debian) (pull_request) Successful in 9m14s
CI Code / Linux (arch) (pull_request) Successful in 11m36s

- add "%s" to unsafe cons_show/log_*/win_println calls
- add check-cwe134.sh static analysis script
- integrate security check into CI pipeline

Closes #85
This commit is contained in:
2026-02-05 17:22:04 +03:00
parent b772bd8c86
commit 22335ca83e
12 changed files with 89 additions and 17 deletions

View File

@@ -50,6 +50,9 @@ jobs:
run: |
grep -P 'auto_(char|gchar|gcharv|guchar|jid|sqlite|gfd|FILE)[\w *]*;$' -r src && exit -1 || true
- name: Check CWE-134 format string vulnerabilities
run: ./check-cwe134.sh
- name: Install clang-format
run: |
sudo apt-get update