Claude-skill-registry detecting-format-string
Detects format string vulnerabilities by identifying unsafe printf family function calls with user-controlled format strings. Use when analyzing logging, error handling, or investigating memory disclosure via format strings.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/detecting-format-string" ~/.claude/skills/majiayu000-claude-skill-registry-detecting-format-string && rm -rf "$T"
manifest:
skills/data/detecting-format-string/SKILL.mdsource content
Format String Detection
Detection Workflow
- Identify printf calls: Find printf, fprintf, sprintf, snprintf, syslog functions
- Trace format string source: Use
to trace format string to user inputxrefs_to - Check format specifier: Verify if format string is constant literal or user-controlled
- Assess exploitability: Can attacker control format string? Can they read/write memory?
Key Patterns
- user input as format stringprintf(user_string)
- direct use of user inputfprintf(file, user_input)- Memory read via %s, %x format specifiers
- Memory write via %n format specifier
Output Format
Report with: id, type, severity, confidence, location, sink, source, format string, format specifier status, exploitability, attack vector, evidence, mitigation.
Severity Guidelines
- CRITICAL: Format string with %n and user control
- HIGH: Format string with user control (read-only)
- MEDIUM: Format string with limited user control
- LOW: Format string with constant format string
See Also
- Detailed detection patterns and exploitation scenariospatterns.md
- Example analysis cases and code samplesexamples.md
- CWE references and mitigation strategiesreferences.md