返回 Skill 列表
extension
分类: 开发与工程无需 API Key

detecting-format-string

通过识别带有用户可控格式字符串的不安全printf系列函数调用来检测格式字符串漏洞。在分析日志记录、错误处理或通过格式字符串调查内存泄露时使用。

person作者: jakexiaohubgithub

Format String Detection

Detection Workflow

  1. Identify printf calls: Find printf, fprintf, sprintf, snprintf, syslog functions
  2. Trace format string source: Use xrefs_to to trace format string to user input
  3. Check format specifier: Verify if format string is constant literal or user-controlled
  4. Assess exploitability: Can attacker control format string? Can they read/write memory?

Key Patterns

  • printf(user_string) - user input as format string
  • fprintf(file, user_input) - direct use of user input
  • Memory read via %s, %x format specifiers
  • Memory write via %n format specifier

Output Format

Report with: id, type, severity, confidence, location, sink, source, format string, format specifier status, exploitability, attack vector, evidence, mitigation.

Severity Guidelines

  • CRITICAL: Format string with %n and user control
  • HIGH: Format string with user control (read-only)
  • MEDIUM: Format string with limited user control
  • LOW: Format string with constant format string

See Also

  • patterns.md - Detailed detection patterns and exploitation scenarios
  • examples.md - Example analysis cases and code samples
  • references.md - CWE references and mitigation strategies