Patterns catalog for security plugin

From KDevelop

All known code patterns of security vulnerabilities, exploits and problems are placed here

These patters can be used with the new security plugin available in the KDevelop 3.3 version.

This plug-in is no longer available in the KDevelop 3.4 version.

Current set of patterns:

[Simple Warnings]
1=Potential buffer overflow	.*sprintf.*	Use snprintf to prevent potential buffer overflows
2=Potential buffer overflow	.*scanf\\(.*,\\s*\".*\\%s.*\".*\\).*	Make sure character data being read does not exceed the size of a buffer
3=Potential risk of shell command line injection	.*system.*	Make sure arguments to a command are quoted
4=Potential risk of shell command line injection	.*popen.*	Make sure arguments to a command are quoted
5=Potential risk of shell command line injection	.*KRun::runCommand.*	Make sure arguments to a command are quoted
6=Potential buffer overflow	.*strcpy.*	Use strncpy to prevent potential buffer overflows
7=Potential buffer overflow	.*strcat.*	Use strncat to prevent potential buffer overflows


[Simple Errors]
1=Arguments are not quoted	.*system\\(\\s*QString\\(\".*%.*\"\\).arg.*	Use KShellProcess::quote to quote numbered QString parameters
2=Arguments are not quoted	.*KRun::runCommand\\(\\s*QString\\(\".*%.*\"\\).arg.*	Use KShellProcess::quote to quote numbered QString parameters
3=Arguments are not quoted	.*popen\\(\\s*QString\\(\".*%.*\"\\).arg.*	Use KShellProcess::quote to quote numbered QString parameters
4=Local root access can be granted for user with invalid credentials	.*pam_setcred\\(.*.\\)\\s*;	Check the result value: if (pam_setcred(pamh,0) != PAM_SUCCESS) { exit(1); }