{"id":2887,"date":"2024-01-11T09:03:39","date_gmt":"2024-01-11T08:03:39","guid":{"rendered":"https:\/\/security.humanativaspa.it\/?p=2887"},"modified":"2025-10-21T09:17:03","modified_gmt":"2025-10-21T09:17:03","slug":"a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research","status":"publish","type":"post","link":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/","title":{"rendered":"A collection of weggli patterns for C\/C++ vulnerability research"},"content":{"rendered":"<blockquote><p><em>&#8220;No one cares about the old scene people anymore, I\u2019m sure,<\/em><br \/>\n<em>bunch of old people grepping for the last of the memcpy.&#8221;<\/em><br \/>\n<em>&#8212; Bas Alberts<\/em><\/p><\/blockquote>\n<h3>TL;DR<\/h3>\n<p>Go grab <a href=\"https:\/\/github.com\/0xdea\/weggli-patterns\">my weggli patterns<\/a> for C\/C++ vulnerability research, and hack the planet! \ud83c\udff4\u200d\u2620\ufe0f<\/p>\n<h3>Backstory<\/h3>\n<p>The <a href=\"https:\/\/hnsecurity.it\/big-update-to-my-semgrep-c-cpp-ruleset\/\">recent update<\/a> to my <a href=\"https:\/\/hnsecurity.it\/semgrep-ruleset-for-c-c-vulnerability-research\/\">Semgrep ruleset<\/a> for <strong>C\/C++ vulnerability research<\/strong> sparked quite some interest in the community. Among the feedback I received was <a href=\"https:\/\/twitter.com\/richinseattle\/status\/1729654184633327720\">this Twitter thread<\/a> that especially caught my attention:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Is there a collection of weggli queries out there? Ideally something that covers most of <a href=\"https:\/\/twitter.com\/0xdea?ref_src=twsrc%5Etfw\">@0xdea<\/a>&#39;s awesome semgrep rules? Read his blog btw, it&#39;s great (linked on the git)!<a href=\"https:\/\/t.co\/zynK1cfP5C\">https:\/\/t.co\/zynK1cfP5C<\/a><\/p>\n<p>&mdash; Richard Johnson (@richinseattle) <a href=\"https:\/\/twitter.com\/richinseattle\/status\/1729654184633327720?ref_src=twsrc%5Etfw\">November 29, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><a href=\"https:\/\/github.com\/weggli-rs\/weggli\">Weggli<\/a> is a small yet powerful tool developed by <a href=\"https:\/\/twitter.com\/_fel1x\">Felix Wilhelm<\/a> of <a href=\"https:\/\/googleprojectzero.blogspot.com\/\">Google Project Zero<\/a>. I had played with it when it came out in 2021, but back then I hadn&#8217;t created <strong>an organized collection of weggli queries<\/strong>, since in my day-to-day source code review tasks I&#8217;ve mostly been using <a href=\"https:\/\/semgrep.dev\/\">Semgrep<\/a>. It was time to dig deeper into weggli and see if it could have a place in my <a href=\"https:\/\/hnsecurity.it\/big-update-to-my-semgrep-c-cpp-ruleset\/\">vulnerability research workflow<\/a>, which can be summarized as follows:<\/p>\n<ol>\n<li>Read the <strong>documentation<\/strong> to uncover attack surface and interesting paths.<\/li>\n<li>Scan with <strong>static analysis<\/strong>\u00a0tools\u00a0against interesting paths in the codebase.<\/li>\n<li>Review scan results to quickly <strong>mark hotspots<\/strong> in code where bugs may be.<\/li>\n<li>Understand relevant code around the hotspots to identify <strong>potential vulnerabilities<\/strong>.<\/li>\n<li>Confirm vulnerabilities via <strong>further analysis<\/strong>, dynamic testing, targeted fuzzing, etc.<\/li>\n<li>Identify <strong>variants<\/strong> of confirmed vulnerabilities in other parts of the codebase.<\/li>\n<\/ol>\n<h3>Enter weggli<\/h3>\n<p>Weggli is a blazing fast <strong>semantic search tool<\/strong> for C and C++ codebases, designed to help security researchers identify interesting functionality in large codebases. Its query language resembles code, making it easy to turn interesting code patterns into queries.<\/p>\n<p>Weggli is inspired by <a href=\"https:\/\/semgrep.dev\/\">Semgrep<\/a>, <a href=\"https:\/\/coccinelle.gitlabpages.inria.fr\/website\/\">Coccinelle<\/a>, <a href=\"https:\/\/joern.readthedocs.io\/en\/latest\/\">joern<\/a>, and <a href=\"https:\/\/codeql.github.com\/\">CodeQL<\/a>, but makes some different design decisions:<\/p>\n<ul>\n<li><strong>C++ support<\/strong>: modern C++ constructs, such as lambda expressions, range-based for loops, and constexprs are supported.<\/li>\n<li><strong>Minimal setup<\/strong>: it should work out-of-the box against most software. Most importantly, it does not require the ability to build the software and can work with incomplete sources or missing dependencies.<\/li>\n<li><strong>Interactive<\/strong>: most of the time, a weggli query will be faster than a grep search. The goal is to enable an interactive workflow where quick switching between code review and query creation\/improvement is possible.<\/li>\n<li><strong>Greedy<\/strong>: weggli&#8217;s pattern matching is designed to find as many useful matches as possible for a specific query. While this increases the risk of false positives, it simplifies query creation and manual code review.<\/li>\n<\/ul>\n<p>Here it is in action:<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/github.com\/weggli-rs\/weggli\/blob\/main\/example.gif?raw=true\" alt=\"example.gif\" \/><\/p>\n<h3>My pattern collection<\/h3>\n<p>In a couple of weeks, I&#8217;ve managed to convert most of <a href=\"https:\/\/github.com\/0xdea\/semgrep-rules\">my Semgrep rules<\/a> into weggli patterns, and I&#8217;ve written some additional patterns that leverage weggli&#8217;s unique abilities. Although not strictly equivalent to my Semgrep rules, which are generally more comprehensive and field-tested, these patterns should provide fairly complete coverage. Most of all, they should function as <strong>examples that can (and should) be customized for your specific needs<\/strong>.<\/p>\n<p>My weggli pattern collection can be found <a href=\"https:\/\/github.com\/0xdea\/weggli-patterns\/\">here<\/a>. It covers vulnerabilities in the following broad <strong>categories<\/strong>:<\/p>\n<ul>\n<li>Buffer overflows<\/li>\n<li>Integer overflows<\/li>\n<li>Format strings<\/li>\n<li>Memory management<\/li>\n<li>Command injection<\/li>\n<li>Race conditions<\/li>\n<li>Privilege management<\/li>\n<li>Miscellaneous<\/li>\n<\/ul>\n<p>In order to compare these patterns to my Semgrep rules, let&#8217;s see how they fare against a <a href=\"https:\/\/hnsecurity.it\/big-update-to-my-semgrep-c-cpp-ruleset\/\">familiar codebase<\/a>. As a sample target, I\u2019ve once again picked <a href=\"https:\/\/github.com\/zephyrproject-rtos\/zephyr\/releases\/tag\/v3.4.0\">Zephyr 3.4.0<\/a>, which I&#8217;ve <a href=\"https:\/\/hnsecurity.it\/ost2-zephyr-rtos-and-a-bunch-of-cves\">previously audited<\/a> with the help of Semgrep.<\/p>\n<p>The following screenshot (you may click on images to view them full-size) shows that weggli could detect a <strong>buffer overflow due to strcat() use <\/strong>that I&#8217;ve <a href=\"https:\/\/github.com\/zephyrproject-rtos\/zephyr\/security\/advisories\/GHSA-gghm-c696-f4j4\">reported<\/a> to the Zephyr project and that is now fixed:<\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-15-at-14.35.21-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-2945 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-15-at-14.35.21-1.png\" alt=\"\" width=\"2880\" height=\"1800\" \/><\/a><\/p>\n<p>The following screenshot shows\u00a0<a href=\"https:\/\/github.com\/zephyrproject-rtos\/zephyr\/security\/advisories\/GHSA-8x3p-q3r5-xh9g\">another bug<\/a> that I\u2019ve discovered in the Zephyr IPM driver. It&#8217;s a <strong>signed to unsigned conversion error that causes a buffer overflow<\/strong>:<\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-15-at-14.41.51-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-2946 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-15-at-14.41.51-1.png\" alt=\"\" width=\"2880\" height=\"1094\" \/><\/a><\/p>\n<p>Finally, the screenshot below shows a <a href=\"https:\/\/github.com\/zephyrproject-rtos\/zephyr\/security\/advisories\/GHSA-2g3m-p6c7-8rr3\">buffer overflow in the CANbus subsystem<\/a>, caused by an ineffective size check due to relying on <strong>assertions that are compiled-out in production releases<\/strong>:<\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-15-at-14.43.46-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-2947 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-15-at-14.43.46-1.png\" alt=\"\" width=\"2880\" height=\"922\" \/><\/a><\/p>\n<p>As a bonus, here&#8217;s another couple of simple bugs that I&#8217;ve recently found while auditing other open source projects.<\/p>\n<p><strong>Accidental use of the sizeof() operator on a pointer<\/strong> instead of its target in <a href=\"https:\/\/savannah.nongnu.org\/projects\/lwip\/\">lwIP<\/a> (this one turned out to be a duplicate bug report):<\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-16-at-17.02.43-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-2974 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-16-at-17.02.43-1.png\" alt=\"\" width=\"2880\" height=\"1372\" \/><\/a><\/p>\n<p><strong>Wrong order of arguments in call to memset()<\/strong> in <a href=\"https:\/\/github.com\/FreeRTOS\/FreeRTOS\/pull\/1104\">FreeRTOS<\/a>\u00a0demo code:<\/p>\n<p><a href=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-16-at-17.20.33-1.png\"><img decoding=\"async\" class=\"aligncenter wp-image-2975 size-full\" src=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2023\/12\/Screenshot-2023-12-16-at-17.20.33-1.png\" alt=\"\" width=\"2880\" height=\"1150\" \/><\/a><\/p>\n<p>These are just a few examples, but you get the idea&#8230; As can be seen, weggli is able to find more or less the same vulnerabilities that Semgrep can find. Its query language, however, is less powerful than Semgrep&#8217;s. In addition, weggli doesn&#8217;t support scanning for more than one pattern at once and has limited support for automation. Still, if you like <strong>robust, no-nonsense command-line tools<\/strong>, weggli might be right for you. I hope my patterns can help you approach it and quickly master it.<\/p>\n<h3>Conclusion<\/h3>\n<p>Weggli&#8217;s query language is less expressive than Semgrep&#8217;s. Therefore, <a href=\"https:\/\/github.com\/0xdea\/semgrep-rules\/blob\/main\/c\/incorrect-use-of-strncpy-stpncpy-strlcpy.yaml\">some<\/a> <a href=\"https:\/\/github.com\/0xdea\/semgrep-rules\/blob\/main\/c\/format-string-bugs.yaml\">Semgrep<\/a> <a href=\"https:\/\/github.com\/0xdea\/semgrep-rules\/blob\/main\/c\/mismatched-memory-management-cpp.yaml\">rules<\/a> cannot be easily converted into weggli patterns. With weggli, it&#8217;s also harder to manage rulesets, automate workflows, and <a href=\"https:\/\/hnsecurity.it\/big-update-to-my-semgrep-c-cpp-ruleset\/\">parse output in your favorite code editor<\/a>. Despite these limitations, this small tool has gained its place in my vulnerability research workflow.<\/p>\n<p>As it turns out, <a href=\"https:\/\/github.com\/0xdea\/weggli-patterns\/tree\/main?tab=readme-ov-file#use-of-uninitialized-pointers-cwe-457-cwe-824-cwe-908\">some<\/a> <a href=\"https:\/\/github.com\/0xdea\/weggli-patterns\/tree\/main?tab=readme-ov-file#use-of-sizeof-on-a-character-constant\">patterns<\/a> are actually easier to express in weggli. Its simple and elegant syntax, together with its amazing performance and greedy pattern matching, make it an ideal tool for locating <strong>security hotspots in large codebases<\/strong> on which to focus during <strong>manual code review<\/strong>. In addition, the ability to provide seamless context switching between code review and query building is particularly useful for <strong>variant analysis<\/strong>. Give it a try and see what it can do by yourself!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;No one cares about the old scene people anymore, I\u2019m sure, bunch of old people grepping for the last of [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":159899,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[88,91],"tags":[82,96,116,117,196],"class_list":["post-2887","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tools","category-articles","tag-vulnerability-research","tag-static-analysis","tag-c-c","tag-code-review","tag-weggli"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HN Security A collection of weggli patterns for C\/C++ vulnerability research<\/title>\n<meta name=\"description\" content=\"Introducing a collection of weggli patterns for C\/C++ SAST and vulnerability research.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/\" \/>\n<meta property=\"og:locale\" content=\"it_IT\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HN Security A collection of weggli patterns for C\/C++ vulnerability research\" \/>\n<meta property=\"og:description\" content=\"Introducing a collection of weggli patterns for C\/C++ SAST and vulnerability research.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/\" \/>\n<meta property=\"og:site_name\" content=\"HN Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-11T08:03:39+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-21T09:17:03+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"836\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marco Ivaldi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hnsec\" \/>\n<meta name=\"twitter:site\" content=\"@hnsec\" \/>\n<meta name=\"twitter:label1\" content=\"Scritto da\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marco Ivaldi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tempo di lettura stimato\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/\"},\"author\":{\"name\":\"Marco Ivaldi\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\"},\"headline\":\"A collection of weggli patterns for C\\\/C++ vulnerability research\",\"datePublished\":\"2024-01-11T08:03:39+00:00\",\"dateModified\":\"2025-10-21T09:17:03+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/\"},\"wordCount\":933,\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/C.jpg\",\"keywords\":[\"vulnerability research\",\"static analysis\",\"c\\\/c++\",\"code review\",\"weggli\"],\"articleSection\":[\"Tools\",\"Articles\"],\"inLanguage\":\"it-IT\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/\",\"name\":\"HN Security A collection of weggli patterns for C\\\/C++ vulnerability research\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/C.jpg\",\"datePublished\":\"2024-01-11T08:03:39+00:00\",\"dateModified\":\"2025-10-21T09:17:03+00:00\",\"description\":\"Introducing a collection of weggli patterns for C\\\/C++ SAST and vulnerability research.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#breadcrumb\"},\"inLanguage\":\"it-IT\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/C.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/C.jpg\",\"width\":1600,\"height\":836},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A collection of weggli patterns for C\\\/C++ vulnerability research\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#website\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"name\":\"HN Security\",\"description\":\"Offensive Security Specialists\",\"publisher\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"it-IT\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#organization\",\"name\":\"HN Security\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"contentUrl\":\"https:\\\/\\\/hnsecurity.it\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/hn-libellula.jpg\",\"width\":696,\"height\":696,\"caption\":\"HN Security\"},\"image\":{\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/hnsec\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hnsecurity\\\/\",\"https:\\\/\\\/github.com\\\/hnsecurity\",\"https:\\\/\\\/infosec.exchange\\\/@hnsec\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/#\\\/schema\\\/person\\\/89a4174c275f05d6148fb0fdedc8de4f\",\"name\":\"Marco Ivaldi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"it-IT\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g\",\"caption\":\"Marco Ivaldi\"},\"url\":\"https:\\\/\\\/hnsecurity.it\\\/it\\\/blog\\\/author\\\/marco-ivaldi\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HN Security A collection of weggli patterns for C\/C++ vulnerability research","description":"Introducing a collection of weggli patterns for C\/C++ SAST and vulnerability research.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/","og_locale":"it_IT","og_type":"article","og_title":"HN Security A collection of weggli patterns for C\/C++ vulnerability research","og_description":"Introducing a collection of weggli patterns for C\/C++ SAST and vulnerability research.","og_url":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/","og_site_name":"HN Security","article_published_time":"2024-01-11T08:03:39+00:00","article_modified_time":"2025-10-21T09:17:03+00:00","og_image":[{"width":1600,"height":836,"url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg","type":"image\/jpeg"}],"author":"Marco Ivaldi","twitter_card":"summary_large_image","twitter_creator":"@hnsec","twitter_site":"@hnsec","twitter_misc":{"Scritto da":"Marco Ivaldi","Tempo di lettura stimato":"6 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#article","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/"},"author":{"name":"Marco Ivaldi","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f"},"headline":"A collection of weggli patterns for C\/C++ vulnerability research","datePublished":"2024-01-11T08:03:39+00:00","dateModified":"2025-10-21T09:17:03+00:00","mainEntityOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/"},"wordCount":933,"publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg","keywords":["vulnerability research","static analysis","c\/c++","code review","weggli"],"articleSection":["Tools","Articles"],"inLanguage":"it-IT"},{"@type":"WebPage","@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/","url":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/","name":"HN Security A collection of weggli patterns for C\/C++ vulnerability research","isPartOf":{"@id":"https:\/\/hnsecurity.it\/it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#primaryimage"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#primaryimage"},"thumbnailUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg","datePublished":"2024-01-11T08:03:39+00:00","dateModified":"2025-10-21T09:17:03+00:00","description":"Introducing a collection of weggli patterns for C\/C++ SAST and vulnerability research.","breadcrumb":{"@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/"]}]},{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#primaryimage","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg","width":1600,"height":836},{"@type":"BreadcrumbList","@id":"https:\/\/hnsecurity.it\/it\/blog\/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hnsecurity.it\/it\/"},{"@type":"ListItem","position":2,"name":"A collection of weggli patterns for C\/C++ vulnerability research"}]},{"@type":"WebSite","@id":"https:\/\/hnsecurity.it\/it\/#website","url":"https:\/\/hnsecurity.it\/it\/","name":"HN Security","description":"Offensive Security Specialists","publisher":{"@id":"https:\/\/hnsecurity.it\/it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hnsecurity.it\/it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https:\/\/hnsecurity.it\/it\/#organization","name":"HN Security","url":"https:\/\/hnsecurity.it\/it\/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/","url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","contentUrl":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2026\/01\/hn-libellula.jpg","width":696,"height":696,"caption":"HN Security"},"image":{"@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/hnsec","https:\/\/www.linkedin.com\/company\/hnsecurity\/","https:\/\/github.com\/hnsecurity","https:\/\/infosec.exchange\/@hnsec"]},{"@type":"Person","@id":"https:\/\/hnsecurity.it\/it\/#\/schema\/person\/89a4174c275f05d6148fb0fdedc8de4f","name":"Marco Ivaldi","image":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a8a96db06e7315a061d28b320ee7bb4c9d0f1535c58bf0f54218bf8a7569bea0?s=96&d=mm&r=g","caption":"Marco Ivaldi"},"url":"https:\/\/hnsecurity.it\/it\/blog\/author\/marco-ivaldi\/"}]}},"jetpack_featured_media_url":"https:\/\/hnsecurity.it\/wp-content\/uploads\/2025\/09\/C.jpg","_links":{"self":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/2887","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/comments?post=2887"}],"version-history":[{"count":2,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/2887\/revisions"}],"predecessor-version":[{"id":160912,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/posts\/2887\/revisions\/160912"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media\/159899"}],"wp:attachment":[{"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/media?parent=2887"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/categories?post=2887"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hnsecurity.it\/it\/wp-json\/wp\/v2\/tags?post=2887"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}