Scribd
Upload
20 views52 pages

Code Review Sheet - SIblog - 0318

Uploaded by

0xt3st
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
20 views52 pages

Code Review Sheet - SIblog - 0318

Uploaded by

0xt3st
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 52

Banned Functions

strcpy

strcpyA

strcpyW

wcscpy

_tcscpy

_mbscpy

StrCpy

StrCpyA

StrCpyW

lstrcpy

lstrcpyA

lstrcpyW

_tccpy

_mbccpy

_ftcscpy

strncpy

wcsncpy
_tcsncpy

_mbsncpy

_mbsnbcpy

StrCpyN

StrCpyNA

StrCpyNW

StrNCpy

strcpynA

StrNCpyA

StrNCpyW

lstrcpyn

lstrcpynA

lstrcpynW

strcat

strcatA

strcatW

wcscat

_tcscat

_mbscat

StrCat

StrCatA

StrCatW
lstrcat

lstrcatA

lstrcatW

StrCatBuff

StrCatBuffA

StrCatBuffW

StrCatChainW

_tccat

_mbccat

_ftcscat

strncat

wcsncat

_tcsncat

_mbsncat

_mbsnbcat

StrCatN

StrCatNA

StrCatNW

StrNCat

StrNCatA

StrNCatW

lstrncat
lstrcatnA

lstrcatnW

lstrcatn

sprintfW

sprintfA

wsprintf

wsprintfW

wsprintfA

sprintf

swprintf

_stprintf

wvsprintf

wvsprintfA

wvsprintfW

vsprintf

_vstprintf

vswprintf

wnsprintf

wnsprintfA

wnsprintfW

_snwprintf

snprintf
sntprintf

_vsnprintf

vsnprintf

_vsnwprintf

_vsntprintf

wvnsprintf

wvnsprintfA

wvnsprintfW

_snwprintf

_snprintf

_sntprintf

nsprintf

wvsprintf

wvsprintfA

wvsprintfW

vsprintf

_vstprintf

vswprintf

_vsnprintf

_vsnwprintf

_vsntprintf

wvnsprintf
wvnsprintfA

wvnsprintfW

strncpy

wcsncpy

_tcsncpy

_mbsncpy

_mbsnbcpy

StrCpyN

StrCpyNA

StrCpyNW

StrNCpy

strcpynA

StrNCpyA

StrNCpyW

lstrcpyn

lstrcpynA

lstrcpynW

_fstrncpy

strncat

wcsncat

_tcsncat

_mbsncat
_mbsnbcat

StrCatN

StrCatNA

StrCatNW

StrNCat

StrNCatA

StrNCatW

lstrncat

lstrcatnA

lstrcatnW

lstrcatn

_fstrncat

strtok

_tcstok

wcstok

_mbstok

makepath

_tmakepath

_makepath

_wmakepath

_splitpath

_tsplitpath
_wsplitpath

scanf

wscanf

_tscanf

sscanf

swscanf

_stscanf

snscanf

snwscanf

_sntscanf

_itoa

_itow

_i64toa

_i64tow

_ui64toa

_ui64tot

_ui64tow

_ultoa

_ultot

_ultow

gets

_getts
_gettws

IsBadWritePtr

IsBadHugeWritePtr

IsBadReadPtr

IsBadHugeReadPtr

IsBadCodePtr

IsBadStringPtr

CharToOem

CharToOemA

CharToOemW

OemToChar

OemToCharA

OemToCharW

CharToOemBuffA

CharToOemBuffW

alloca

_alloca

strlen

wcslen

_mbslen

_mbstrlen

StrLen
lstrlen

memcpy

RtlCopyMemory

CopyMemory

wmemcpy

ChangeWindowMessageFilter
Code Review Keywords: 03 2018

Random PrintF

rand( printf

random(

seed(

initstat(

secstate(

drand48(

erand48(

jrand48(

lrand48(

mrand48(

nrand48(

lcong48(

seed48(
SQL injection Command Injecti

CDatabase system(

#include <mysql++.h> popen(

#include<mysql.h> execlp(

#include<sql.h> execvp(

ADODB, #import "msado15.dll" _wsystem(


Certificate Bypass

no_ssl_verifyhost

no_ssl_verifypeer

SSL_CTX_set_cert_verify_callback

CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT

SECURITY_FLAG_IGNORE_UNKNOWN_CA

SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE

SECURITY_FLAG_IGNORE_CERT_CN_INVALID

SECURITY_FLAG_IGNORE_CERT_DATE_INVALID
Code Review Keywords: 03 2018
Vulnerability General

Certificate Bypass SSL


SSLV3
X509
Certificate
http://

Secrets in Source Code password


secret
pwd
key

Encryption sha
md5encrypt
decrypt
MD4
MD5
ECB
DES
Random
SQL Injection

Command Injection

XSS Response.Write

Format String

Comments TODO
FIXME
BUG
BUGBUG
Permissions umask

Mass Assignment

Build Warning Suppression

XML
ywords: 03 2018
.NET

ServerCertificateValidationCallback
RemoteCertificateValidationCallback
ServicePointManager
ServicePointManager.ServerCertificateValidationCallback =
delegate(
Object obj, X509Certificate certificate, X509Chain
chain,SslPolicyErrors errors) {

Random Class
Sql
SqlClient
OracleClient
SqlDataAdapter

Process.Start
System.Diagnostics.CodeAnalysis.SuppressMessage

"System.Xml.XmlReaderSettings.ProhibitDtd
System.Xml.XmlReaderSettings.ValidationType
ValidationType.DTD"
Java Ruby Django/
Python

TrustSelfSignedStrategy ssl_verify_mode verify=False


setDefaultHostnameVerifier VERIFY_NONE (Requests.Get, Post,
HostnameVerifier etc.)
X509TrustManager
TrustStrategy
isTrusted
checkRevocation=false

.encode
.decode

java.util.Random rand() random


whrandom
java.sql ActiveRecord MySWLdb
sql extra()
RawSQL

java.lang.Runtime `` exec
Class.forName( %x[ eval
Class.newInstance( %x{ os.system
Runtime.exec( system( os.popen
exec( execfile
syscall( input
compile
html_safe
without_protection
Perl php

verify_peer
verify_peer_name
allow_self_signed
file_get_contents

crytpt()

rand() rand()
srand() srand()
mt_rand()
mt_srand()
DBI mysql_connect(
Oracle mysql_query(
SQL

System
Exec
`
open
|
eval
/e
$_REQUEST
$_GET
$_POST
$_SERVER

exec
passthru
shell_exec
system
proc_open
popen
parse_ini_file

You might also like