Description of the issue
When gets() is used, the cpp/unbounded-write rule triggers with the message "This 'call to gets' with input ... may overflow".
The cpp/unbounded-write rule is mapped to CWEs 120, 787, 805. However, the use of GETS is the 'classic' use of a dangerous function example, so seems like use of this method should be mapped to CWE 242. The MITRE writeup for CWE 242 uses gets() as Example 1 of this CWE.
Recommended Fix
Seems like gets() should be included in the rule cpp/dangerous-function-overflow instead, which IS mapped to CWE-242.
Description of the issue
When gets() is used, the cpp/unbounded-write rule triggers with the message "This 'call to gets' with input ... may overflow".
The cpp/unbounded-write rule is mapped to CWEs 120, 787, 805. However, the use of GETS is the 'classic' use of a dangerous function example, so seems like use of this method should be mapped to CWE 242. The MITRE writeup for CWE 242 uses gets() as Example 1 of this CWE.
Recommended Fix
Seems like gets() should be included in the rule cpp/dangerous-function-overflow instead, which IS mapped to CWE-242.