Flawfinder reports abseil::StrCat the same as std:strcat

david-a-wheeler / flawfinder

a static analysis tool for finding vulnerabilities in C/C++ source code

GNU General Public License v2.0

488 stars 82 forks source link

Flawfinder reports abseil::StrCat the same as std:strcat #76

Open tophersmith opened 1 year ago

tophersmith commented 1 year ago

Unlike std:strcat, abseil's strcat function handles the buffer overflow case correctly by creating a right-sized buffer in memory. Is there a way to have flawfinder ignore absl::StrCat but still find std::strcat?

david-a-wheeler commented 1 year ago

I'm sure there is, but it'd require extra code to do it :-). Pull requests / merge requests welcome!