cti-ATT-CK-v13.1/capec/2.1/course-of-action/course-of-action--0702663e-005e-40fa-90d8-44404b86fd2c.json

{
    "id": "bundle--7a7923a9-99ac-45f0-9a38-ea71a9c29e76",
    "objects": [
        {
            "created": "2014-06-23T00:00:00.000Z",
            "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
            "description": "\n               <xhtml:p>The code should be reviewed for misuse of the Syslog function call. Manual or automated code review can be used. The reviewer needs to ensure that all format string functions are passed a static string which cannot be controlled by the user and that the proper number of arguments are always sent to that function as well. If at all possible, do not use the %n operator in format strings. The following code shows a correct usage of Syslog():</xhtml:p>\n               <xhtml:div style=\"margin-left:10px;\" class=\"good\">syslog(LOG_ERR, \"%s\", cmdBuf);</xhtml:div>\n               <xhtml:p>The following code shows a vulnerable usage of Syslog():</xhtml:p>\n               <xhtml:div style=\"margin-left:10px;\" class=\"bad\">syslog(LOG_ERR, cmdBuf);<xhtml:div>\n                     <xhtml:i>// the buffer cmdBuff is taking user supplied data.</xhtml:i>\n                  </xhtml:div>\n               </xhtml:div>\n            ",
            "id": "course-of-action--0702663e-005e-40fa-90d8-44404b86fd2c",
            "modified": "2022-02-22T00:00:00.000Z",
            "name": "coa-67-0",
            "object_marking_refs": [
                "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
            ],
            "spec_version": "2.1",
            "type": "course-of-action",
            "x_capec_version": "3.7"
        }
    ],
    "type": "bundle"
}