fix(security): prevent CWE-134 format string injection
All checks were successful
CI Code / Check spelling (pull_request) Successful in 20s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Code Coverage (pull_request) Successful in 4m45s
CI Code / Linux (debian) (pull_request) Successful in 6m7s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m13s
CI Code / Linux (arch) (pull_request) Successful in 6m20s
All checks were successful
CI Code / Check spelling (pull_request) Successful in 20s
CI Code / Check coding style (pull_request) Successful in 35s
CI Code / Code Coverage (pull_request) Successful in 4m45s
CI Code / Linux (debian) (pull_request) Successful in 6m7s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m13s
CI Code / Linux (arch) (pull_request) Successful in 6m20s
- add "%s" to unsafe cons_show/log_*/win_println calls - add check-cwe134.sh static analysis script - integrate security check into CI pipeline Closes #85
This commit is contained in:
3
.github/workflows/ci-code.yml
vendored
3
.github/workflows/ci-code.yml
vendored
@@ -50,6 +50,9 @@ jobs:
|
||||
run: |
|
||||
grep -P 'auto_(char|gchar|gcharv|guchar|jid|sqlite|gfd|FILE)[\w *]*;$' -r src && exit -1 || true
|
||||
|
||||
- name: Check CWE-134 format string vulnerabilities
|
||||
run: ./check-cwe134.sh
|
||||
|
||||
- name: Install clang-format
|
||||
run: |
|
||||
sudo apt-get update
|
||||
|
||||
Reference in New Issue
Block a user