Earlybird tests #33
Description
Hello,
Didn't know where to ask this question so I raised this issue.
I tried earlybird on the following poor, test, C source code :
#include<stdio.h>
#include<string.h>
int main(void) {
char enteredPass[30];
char password[30]="MyPassw0rd";
printf("Enter Password:\n");
scanf("%s", enteredPass);
if (strcmp(enteredPass, password) == 0) {
printf("%s is my Password!\nOops\n", password);
return 0;
} else {
printf("You didn't found it!\n");
return -1;
}
}
and nothing is detected by earlybird.
I got :
1 files scanned in 2.048829ms
2021/10/08 11:42:22
144 rules observed
***** Total issues found *****
0 TOTAL ISSUES
How is this possible?
This is almost exactly what is described as C example in CWE-798.
Thanks for the help.