28Şub
What are some good examples to illustrate CWE in C?
I want to give good illustrations for CWEs in C/C++. I define "good" as follows:
Most of the time when we want to illustrate stack overflow (CWE-121), we will show the following code (taken from https://cwe.mitre.org/data/definitions/121.html)
#define BUFSIZE 256
int main(int argc, char **argv) {
char buf[BUFSIZE];
strcpy(buf, argv[1]);
}
This is indeed a fairly good illustration of stack overflow. However, this example doesn't demonstrate the complexity of developing large projects. On the other hand, CVEs are just too professional and complicated.
How can I create examples in C/C++ that lie in the middle?
