rspec/rules/S1081/rationale.adoc

An attacker typically provides input that exceeds the expected size. This could be through a text field in a user interface, a file that the program reads, or data sent over a network. The insecure function processes this input and places the result into a provided buffer.

If the input is larger than the buffer can handle, the insecure function will overwrite the memory following the buffer. This situation is known as a buffer overflow vulnerability.

When using typical C or {cpp} functions, it's up to the developer to make sure the size of the buffer to be written to is large enough to avoid buffer overflows.
Modify rule S1081: Change text to education framework format (APPSEC-1210) (#3341) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com> 2023-10-25 13:43:01 +02:00			`An attacker typically provides input that exceeds the expected size. This could be through a text field in a user interface, a file that the program reads, or data sent over a network. The insecure function processes this input and places the result into a provided buffer.`
Fix asciidoc w.r.t. C++ (#3519) "C++" spelled as-is can result in unexpected rendering, such as C++20 was released before C++17 renders as C20 was released before C17 Make consistent use of `[source,cpp]`. 2023-12-21 15:51:41 +01:00
Modify rule S1081: Change text to education framework format (APPSEC-1210) (#3341) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com> 2023-10-25 13:43:01 +02:00			`If the input is larger than the buffer can handle, the insecure function will overwrite the memory following the buffer. This situation is known as a buffer overflow vulnerability.`

Fix asciidoc w.r.t. C++ (#3519) "C++" spelled as-is can result in unexpected rendering, such as C++20 was released before C++17 renders as C20 was released before C17 Make consistent use of `[source,cpp]`. 2023-12-21 15:51:41 +01:00			`When using typical C or {cpp} functions, it's up to the developer to make sure the size of the buffer to be written to is large enough to avoid buffer overflows.`