flawfinder
💎Vulnerabiltiies to be discovered
The next vulnerabilities should be discovered in this sections:
VULN-RECOVERY-OOB
⚙️flawfinder setup
If you didn't set up the
Use
static-analysis profile's infrastructure, please do so by running the command docker-compose --profile static-analysis up.Use
docker exec --interactive --tty static-analysers bash to enter the container where the CLI application is contained.⚙️Coder setup
If you didn't set up the
Access this link to interact with the application's web user interface. Use the
static-analysis profile's infrastructure, please do so by running the command docker-compose --profile static-analysis up.Access this link to interact with the application's web user interface. Use the
ossfortress password for login.📚flawfinder documentation
The flawfinder documentation is available here.
Steps
Scanning
- Scan all files in the
sandcastle/c_modulesfolder, generating a SARIF file as output,/root/analysis/flawfinder.sarif. - Validate each warning produced by flawfinder by manually inspecting the code. Use the Coder instance in the Docker infrastructure to review the results.
🚧Solution
To display the solution of this task, enter the text i-surrender-to-the-code-security-gods in the field below.