lang:

C++

regex:

readlink\s?\(

description:

This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. This is often just a bad idea, and it's hard to suggest a simple alternative, reconsider approach.
tags:
race condition cwe-362 cwe-20
results