Compare commits

..

1 Commits

Author SHA1 Message Date
22335ca83e fix(security): prevent CWE-134 format string injection
All checks were successful
CI Code / Check spelling (pull_request) Successful in 21s
CI Code / Check coding style (pull_request) Successful in 32s
CI Code / Code Coverage (pull_request) Successful in 5m15s
CI Code / Linux (ubuntu) (pull_request) Successful in 6m32s
CI Code / Linux (debian) (pull_request) Successful in 9m14s
CI Code / Linux (arch) (pull_request) Successful in 11m36s
- add "%s" to unsafe cons_show/log_*/win_println calls
- add check-cwe134.sh static analysis script
- integrate security check into CI pipeline

Closes #85
2026-02-05 18:55:08 +03:00
2 changed files with 3 additions and 4 deletions

View File

@@ -50,6 +50,9 @@ jobs:
run: |
grep -P 'auto_(char|gchar|gcharv|guchar|jid|sqlite|gfd|FILE)[\w *]*;$' -r src && exit -1 || true
- name: Check CWE-134 format string vulnerabilities
run: ./check-cwe134.sh
- name: Install clang-format
run: |
sudo apt-get update

View File

@@ -168,10 +168,6 @@ num_cores()
# Run test failure detection verification first
verify_test_failure_detection
# Run CWE-134 format string vulnerability check
echo "=== Running CWE-134 security check ==="
./check-cwe134.sh || { echo "CWE-134 check failed!"; exit 1; }
# Parse arguments
COVERAGE_ONLY=no
for arg in "$@"; do