rspec/rules/S1081/rationale.adoc

An attacker typically provides input that exceeds the expected size. This could be through a text field in a user interface, a file that the program reads, or data sent over a network. The insecure function processes this input and places the result into a provided buffer.
	
If the input is larger than the buffer can handle, the insecure function will overwrite the memory following the buffer. This situation is known as a buffer overflow vulnerability.

When using typical C or C++ functions, it's up to the developer to make sure the size of the buffer to be written to is large enough to avoid buffer overflows.
Modify rule S1081: Change text to education framework format (APPSEC-1210) (#3341) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: Jamie Anderson <127742609+jamie-anderson-sonarsource@users.noreply.github.com> 2023-10-25 13:43:01 +02:00			`An attacker typically provides input that exceeds the expected size. This could be through a text field in a user interface, a file that the program reads, or data sent over a network. The insecure function processes this input and places the result into a provided buffer.`

			`If the input is larger than the buffer can handle, the insecure function will overwrite the memory following the buffer. This situation is known as a buffer overflow vulnerability.`

			`When using typical C or C++ functions, it's up to the developer to make sure the size of the buffer to be written to is large enough to avoid buffer overflows.`