From c2ac9ea1eebe929b79c23f90038cafefee1ef4be Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 12 Dec 2024 16:02:01 +0100
Subject: [PATCH] checksrc: ban use of sscanf()

Using sscanf() is not a (security) problem in itself, but we strongly
discorage using it for parsing input since it is hard to use right, easy
to mess up and often makes for sloppy error checking.

Allow it in examples and tests

Closes #15687
---
 docs/examples/.checksrc |  1 +
 scripts/checksrc.pl     | 11 +++++++++++
 tests/libtest/.checksrc |  1 +
 tests/server/.checksrc  |  1 +
 4 files changed, 14 insertions(+)

diff --git a/docs/examples/.checksrc b/docs/examples/.checksrc
index dea90aaa1d..c7a5337394 100644
--- a/docs/examples/.checksrc
+++ b/docs/examples/.checksrc
@@ -1,3 +1,4 @@
 disable TYPEDEFSTRUCT
 disable SNPRINTF
 disable BANNEDFUNC
+disable SSCANF
diff --git a/scripts/checksrc.pl b/scripts/checksrc.pl
index 7075278de2..4e3e05050f 100755
--- a/scripts/checksrc.pl
+++ b/scripts/checksrc.pl
@@ -99,6 +99,7 @@ my %warnings = (
     'SPACEBEFOREPAREN'      => 'space before an open parenthesis',
     'SPACESEMICOLON'        => 'space before semicolon',
     'SPACESWITCHCOLON'      => 'space before colon of switch label',
+    "SSCANF"                => 'use of sscanf',
     'TABS'                  => 'TAB characters not allowed',
     'TRAILINGSPACE'         => 'Trailing whitespace on the line',
     'TYPEDEFSTRUCT'         => 'typedefed struct',
@@ -814,6 +815,16 @@ sub scanfile {
                       $line, length($1), $file, $ol,
                       "use of $2 is banned");
         }
+        # scan for use of sscanf. This is not a BANNEDFUNC to allow for
+        # individual enable/disable of this warning.
+        if($l =~ /^(.*\W)(sscanf)\s*\(/x) {
+            if($1 !~ /^ *\#/) {
+                # skip preprocessor lines
+                checkwarn("SSCANF",
+                          $line, length($1), $file, $ol,
+                          "use of $2 is banned");
+            }
+        }
         if($warnings{"STRERROR"}) {
             # scan for use of banned strerror. This is not a BANNEDFUNC to
             # allow for individual enable/disable of this warning.
diff --git a/tests/libtest/.checksrc b/tests/libtest/.checksrc
index 37f7909524..3d47f3e9a7 100644
--- a/tests/libtest/.checksrc
+++ b/tests/libtest/.checksrc
@@ -1,2 +1,3 @@
 disable TYPEDEFSTRUCT
 disable BANNEDFUNC
+disable SSCANF
diff --git a/tests/server/.checksrc b/tests/server/.checksrc
index 8f67fd2a3e..075b965819 100644
--- a/tests/server/.checksrc
+++ b/tests/server/.checksrc
@@ -1 +1,2 @@
 enable STRNCPY
+disable SSCANF
-- 
2.47.3