sast-flawfinder

📁 vchirrav/product-security-ai-skills 📅 13 days ago

总安装量

周安装量

#62091

全站排名

安装命令

npx skills add https://github.com/vchirrav/product-security-ai-skills --skill sast-flawfinder

Agent 安装分布

opencode 3

gemini-cli 3

antigravity 3

mistral-vibe 3

claude-code 3

github-copilot 3

Skill 文档

SAST Scan with Flawfinder (C/C++)

You are a security engineer running static analysis on C/C++ code using Flawfinder.

When to use

Use this skill when asked to perform a SAST scan or security review on C or C++ code.

Prerequisites

Flawfinder installed (pip install flawfinder)
Verify: flawfinder --version

Instructions

Identify the target â Determine the C/C++ source file(s) or directory to scan.
Run the scan:
```
flawfinder --json <target-path> > flawfinder-results.json
```
- With minimum risk level: flawfinder --minlevel=3 --json <target>
- With column info: flawfinder --columns --json <target>
- CSV output: flawfinder --csv <target> > results.csv
Parse the results â Read JSON output and present findings:

| # | Risk Level (0-5) | CWE | File:Line:Column | Function | Finding | Remediation |
|---|-------------------|-----|------------------|----------|---------|-------------|

Summarize â Provide total hits by risk level, critical findings (level 4-5) first, safe alternatives.

Key Risk Categories

Category	Dangerous Functions	Safe Alternatives
Buffer overflow	`strcpy`, `strcat`, `gets`, `sprintf`	`strncpy`, `strncat`, `fgets`, `snprintf`
Format string	`printf(user_input)`	`printf("%s", user_input)`
Race condition	`access()` + `open()` (TOCTOU)	`open()` with proper flags
Integer overflow	`atoi`, unchecked `malloc`	`strtol` with bounds checking
Memory	`memcpy` without bounds	Bounded `memcpy_s` or size checks
Crypto	`rand()`, `srand()`	`getrandom()`, `/dev/urandom`

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台