Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix code scanning alert no. 9: Uncontrolled format string #4635

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

fgalan
Copy link
Member

@fgalan fgalan commented Nov 8, 2024

Fixes https://github.com/telefonicaid/fiware-orion/security/code-scanning/9

To fix the problem, we need to ensure that the format string used in the snprintf function is not directly influenced by user input. Instead, we should use a constant format string and pass the user input as an argument to avoid format string vulnerabilities.

The best way to fix this issue without changing existing functionality is to replace the snprintf call on line 2381 with a constant format string and pass the text variable as an argument. This change should be made in the src/lib/logMsg/logMsg.cpp file.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant