checksrc: ban use of sscanf()

Using sscanf() is not a (security) problem in itself, but we strongly
discorage using it for parsing input since it is hard to use right, easy
to mess up and often makes for sloppy error checking.

Allow it in examples and tests

Closes #15687

diff --git a/docs/examples/.checksrc b/docs/examples/.checksrc
index dea90aaa1d1122d49625ab09cbcf8a5de6ad5a30..c7a53373943334b2189386a51024638bb6ba2871 100644 (file)
--- a/docs/examples/.checksrc
+++ b/docs/examples/.checksrc
@@ -1,3 +1,4 @@
 disable TYPEDEFSTRUCT
 disable SNPRINTF
 disable BANNEDFUNC
+disable SSCANF

diff --git a/scripts/checksrc.pl b/scripts/checksrc.pl
index 7075278de2f7ccfb2acc03cba068f8829ffb8494..4e3e05050fa734582e43b278076eac55ec7ddb75 100755 (executable)
--- a/scripts/checksrc.pl
+++ b/scripts/checksrc.pl
@@ -99,6 +99,7 @@ my %warnings = (
     'SPACEBEFOREPAREN'      => 'space before an open parenthesis',
     'SPACESEMICOLON'        => 'space before semicolon',
     'SPACESWITCHCOLON'      => 'space before colon of switch label',
+    "SSCANF"                => 'use of sscanf',
     'TABS'                  => 'TAB characters not allowed',
     'TRAILINGSPACE'         => 'Trailing whitespace on the line',
     'TYPEDEFSTRUCT'         => 'typedefed struct',
@@ -814,6 +815,16 @@ sub scanfile {
                       $line, length($1), $file, $ol,
                       "use of $2 is banned");
         }
+        # scan for use of sscanf. This is not a BANNEDFUNC to allow for
+        # individual enable/disable of this warning.
+        if($l =~ /^(.*\W)(sscanf)\s*\(/x) {
+            if($1 !~ /^ *\#/) {
+                # skip preprocessor lines
+                checkwarn("SSCANF",
+                          $line, length($1), $file, $ol,
+                          "use of $2 is banned");
+            }
+        }
         if($warnings{"STRERROR"}) {
             # scan for use of banned strerror. This is not a BANNEDFUNC to
             # allow for individual enable/disable of this warning.

diff --git a/tests/libtest/.checksrc b/tests/libtest/.checksrc
index 37f7909524a1e8337245a7fc3398cdab8c070966..3d47f3e9a70e90f6d63dde96f1540b72745a8bdf 100644 (file)
--- a/tests/libtest/.checksrc
+++ b/tests/libtest/.checksrc
@@ -1,2 +1,3 @@
 disable TYPEDEFSTRUCT
 disable BANNEDFUNC
+disable SSCANF

diff --git a/tests/server/.checksrc b/tests/server/.checksrc
index 8f67fd2a3eeea96b6ebf45f0c684c8d4fa727ac3..075b9658191fdd72e3b4e1d5e7f0f6935efbf059 100644 (file)
--- a/tests/server/.checksrc
+++ b/tests/server/.checksrc
@@ -1 +1,2 @@
 enable STRNCPY
+disable SSCANF