Update perl-scanner.yaml
parent
95664dfc18
commit
ff29b75a6a
|
@ -34,7 +34,7 @@ file:
|
|||
regex:
|
||||
- 'fcntl'
|
||||
- type: regex
|
||||
# The second argument specifiying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to be bound to an address of their choice.
|
||||
# The second argument specifying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to be bound to an address of their choice.
|
||||
regex:
|
||||
- 'bind'
|
||||
- type: regex
|
||||
|
@ -50,7 +50,7 @@ file:
|
|||
regex:
|
||||
- 'syscall'
|
||||
- type: regex
|
||||
# The second argument specifiying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to connect to an arbitrary remote address, enabling hijacking of potentially sensitive network data.
|
||||
# The second argument specifying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to connect to an arbitrary remote address, enabling hijacking of potentially sensitive network data.
|
||||
regex:
|
||||
- 'connect'
|
||||
- type: regex
|
||||
|
@ -58,7 +58,7 @@ file:
|
|||
regex:
|
||||
- 'system'
|
||||
- type: regex
|
||||
# The filename argument of open should be carefully checked if it is being created with any user-supplied string as a compontent of it. Strings should be checked for occurences of path backtracking/relative path components (../ as an example), or nulls, which may cause the underlying C call to interpret the filename to open differently than expected. It is also important to make sure that the final filename does not end in a "|", as this will cause the path to be executed.
|
||||
# The filename argument of open should be carefully checked if it is being created with any user-supplied string as a component of it. Strings should be checked for occurrences of path backtracking/relative path components (../ as an example), or nulls, which may cause the underlying C call to interpret the filename to open differently than expected. It is also important to make sure that the final filename does not end in a "|", as this will cause the path to be executed.
|
||||
regex:
|
||||
- 'open'
|
||||
- type: regex
|
||||
|
|
Loading…
Reference in New Issue