{"id":17977055,"url":"https://github.com/0xdea/weggli-patterns","last_synced_at":"2026-01-16T00:50:30.943Z","repository":{"id":209811865,"uuid":"724996719","full_name":"0xdea/weggli-patterns","owner":"0xdea","description":"A collection of my weggli patterns to facilitate vulnerability research.","archived":false,"fork":false,"pushed_at":"2024-01-04T15:44:37.000Z","size":81,"stargazers_count":94,"open_issues_count":0,"forks_count":5,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-02-09T12:16:21.927Z","etag":null,"topics":["code-review","static-analysis","vulnerability-research","weggli","weggli-patterns"],"latest_commit_sha":null,"homepage":"https://github.com/weggli-rs/weggli","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xdea.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-11-29T08:17:10.000Z","updated_at":"2025-01-21T22:11:18.000Z","dependencies_parsed_at":"2023-12-08T16:28:18.447Z","dependency_job_id":"b8554fda-3d24-4def-bd84-2586c2ef8ab9","html_url":"https://github.com/0xdea/weggli-patterns","commit_stats":null,"previous_names":["0xdea/weggli-patterns"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fweggli-patterns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fweggli-patterns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fweggli-patterns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xdea%2Fweggli-patterns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xdea","download_url":"https://codeload.github.com/0xdea/weggli-patterns/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247098018,"owners_count":20883131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-review","static-analysis","vulnerability-research","weggli","weggli-patterns"],"created_at":"2024-10-29T17:26:12.233Z","updated_at":"2025-04-04T00:18:58.579Z","avatar_url":"https://github.com/0xdea.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# weggli-patterns\n[![](https://img.shields.io/github/stars/0xdea/weggli-patterns.svg?style=flat\u0026color=yellow)](https://github.com/0xdea/weggli-patterns)\n[![](https://img.shields.io/github/forks/0xdea/weggli-patterns.svg?style=flat\u0026color=green)](https://github.com/0xdea/weggli-patterns)\n[![](https://img.shields.io/github/watchers/0xdea/weggli-patterns.svg?style=flat\u0026color=red)](https://github.com/0xdea/weggli-patterns)\n[![](https://img.shields.io/badge/twitter-%400xdea-blue.svg)](https://twitter.com/0xdea)\n[![](https://img.shields.io/badge/mastodon-%40raptor-purple.svg)](https://infosec.exchange/@raptor)\n\n\u003e \"No one cares about the old scene people anymore, I’m sure,  \n\u003e bunch of old people grepping for the last of the memcpy.\" \n\u003e \n\u003e -- Bas Alberts\n\nA collection of my weggli patterns to facilitate vulnerability research.\n\nBlog post:  \nhttps://security.humanativaspa.it/a-collection-of-weggli-patterns-for-c-cpp-vulnerability-research\n\nSee also:  \nhttps://github.com/weggli-rs/weggli  \nhttps://dustri.org/b/playing-with-weggli.html  \nhttps://github.com/plowsec/weggli-patterns  \nhttps://github.com/synacktiv/Weggli_rules_SSTIC2023  \nhttps://twitter.com/richinseattle/status/1729654184633327720  \n\n## buffer overflows\n\n### call to unbounded copy functions (CWE-120, CWE-242, CWE-676)\n```\nweggli -R 'func=^gets$' '{$func();}' .\nweggli -R 'func=st(r|p)(cpy|cat)$' '{$func();}' .\nweggli -R 'func=wc(s|p)(cpy|cat)$' '{$func();}' .\nweggli -R 'func=sprintf$' '{$func();}' .\nweggli -R 'func=scanf$' '{$func();}' .\n```\n\n### incorrect use of strncat (CWE-193, CWE-787)\n```\nweggli '{strncat(_,_,sizeof(_));}' .\nweggli '{strncat(_,_,strlen(_));}' .\nweggli '{strncat($dst,$src,sizeof($dst)-strlen($dst));}' .\nweggli '{_ $buf[$len]; strncat($buf,_,$len);}' .\n```\nThe last pattern won't work with integer literals due to [known limitations](https://github.com/weggli-rs/weggli/issues/59).\n\n### destination buffer access using size of source buffer (CWE-806)\n```\nweggli -R 'func=cpy$' '{$func(_,$src,_($src));}' .\nweggli -R 'func=cpy$' '{$len=_($src); $func(_,$src,$len);}' .\nweggli -R 'func=cpy$' '{_ $src[$len]; $func($dst,$src,$len);}' .\n```\nThe last pattern won't work with integer literals due to [known limitations](https://github.com/weggli-rs/weggli/issues/59).\n\n### use of sizeof() on a pointer type (CWE-467)\n```\nweggli '{_* $ptr; sizeof($ptr);}' .\nweggli '{_* $ptr=_; sizeof($ptr);}' .\nweggli '_ $func(_* $ptr) {sizeof($ptr);}' .\n```\nApparently, global variables are not supported so this won't work:\n```\nweggli '_* $ptr=_; _ $func(_) {sizeof($ptr);}' .\n```\n\n### use of sizeof() on a character constant\n```\nweggli \"sizeof('_')\" .\n```\nIn C (but not in C++) character constants have type int.\n\n### lack of explicit NUL-termination after strncpy(), etc. (CWE-170)\n```\nweggli -R 'func=ncpy$' '{$func($buf,_); not:$buf[_]=_;}' .\n```\nSome possible variants: memcpy, read, readlink, fread, etc.\n\n### off-by-one error (CWE-193)\n```\nweggli '{$buf[sizeof($buf)];}' .\nweggli '{_ $buf[$len]; $buf[$len]=_;}' .\nweggli '{strlen($src)\u003esizeof($dst);}' .\nweggli '{strlen($src)\u003c=sizeof($dst);}' .\nweggli '{sizeof($dst)\u003cstrlen($src);}' .\nweggli '{sizeof($dst)\u003e=strlen($src);}' .\nweggli '{$buf[strlen($buf)-1];}' .\nweggli -R 'func=allocf?$' '{$func(strlen($buf));}' .\nweggli -R 'func=allocf?$' '{$len=strlen(_); $ptr=$func($len);}' .\nweggli -R 'func=allocf?$' '{$len=snprintf(_); $ptr=$func($len);}' .\n```\nThe second pattern won't work with integer literals due to [known limitations](https://github.com/weggli-rs/weggli/issues/59).  \n`\u003c` should also cover `\u003e` and `\u003c=` should also cover `\u003e=`; however, let's keep all variants just to be sure.\n\n### use of pointer subtraction to determine size (CWE-469)\n```\nweggli '{_* $ptr1; $ptr1-$ptr2;}' .\nweggli '{_* $ptr2; $ptr1-$ptr2;}' .\nweggli '{_* $ptr1=_; $ptr1-$ptr2;}' .\nweggli '{_* $ptr2=_; $ptr1-$ptr2;}' .\nweggli '_ $func(_* $ptr1) {$ptr1-$ptr2;}' .\nweggli '_ $func(_* $ptr2) {$ptr1-$ptr2;}' .\n```\n\n### potentially unsafe use of the return value of snprintf(), etc. (CWE-787)\n```\nweggli -R 'func=(nprintf|lcpy|lcat)$' '{$ret=$func();}' .\n```\n\n### direct write into buffer allocated on the stack (CWE-121)\n```\nweggli -R 'func=(cpy|cat|memmove|memset|sn?printf)$' '{_ $buf[_]; $func($buf,_);}' .\nweggli '{_ $buf[_]; $buf[_]=_;}' .\n```\nSome possible variants: bcopy, gets, fgets, getwd, getcwd, fread, read, pread, recv, recvfrom, etc.\n\n## integer overflows\n\n### incorrect unsigned comparison (CWE-697)\n```\nweggli -R '$type=(unsigned|size_t)' '{$type $var; $var\u003c0;}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var; $var\u003c=0;}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var; $var\u003e=0;}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var=_; $var\u003c0;}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var=_; $var\u003c=0;}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var=_; $var\u003e=0;}' .\n```\n`\u003c` should also cover `\u003e` and `\u003c=` should also cover `\u003e=`; however, let's keep all variants just to be sure.\n\n### signed/unsigned conversion (CWE-195, CWE-196)\n```\nweggli -R '$copy=(cpy|ncat)$' '{int $len; $copy(_,_,$len);}' .\nweggli -R '$copy=(cpy|ncat)$' '{int $len=_; $copy(_,_,$len);}' .\nweggli -R '$copy=(cpy|ncat)$' '_ $func(int $len) {$copy(_,_,$len);}' .\n\nweggli -R '$copy=nprintf$' '{int $len; $copy(_,$len);}' .\nweggli -R '$copy=nprintf$' '{int $len=_; $copy(_,$len);}' .\nweggli -R '$copy=nprintf$' '_ $func(int $len) {$copy(_,$len);}' .\n\nweggli -R '$type=(unsigned|size_t)' '{$type $var1; int $var2; $var2=_($var1);}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var1; int $var2; $var1=_($var2);}' .\nweggli -R '$type=(unsigned|size_t)' '{$type $var1; int $var2=_($var1);}' .\nweggli -R '$type=(unsigned|size_t)' '{int $var1; $type $var2; $var2=_($var1);}' .\nweggli -R '$type=(unsigned|size_t)' '{int $var1; $type $var2; $var1=_($var2);}' .\nweggli -R '$type=(unsigned|size_t)' '{int $var1=_; $type $var2=_($var1);}' .\n\nweggli -R '$type=(unsigned|size_t)' '_ $func(int $var2) {$type $var1; $var1=_($var2);}' .\nweggli -R '$type=(unsigned|size_t)' '_ $func(int $var2) {$type $var1=_($var2);}' .\n\nweggli -R '$type=(unsigned|size_t)' '$type $func(_) {int $var; return $var;}' .\nweggli -R '$type=(unsigned|size_t)' 'int $func(_) {$type $var; return $var;}' .\n```\nThere are many possible variants of these patterns...\n\n### integer truncation (CWE-197)\n```\nweggli -R 'type=(short|int|long)' '{$type $large; char $narrow; $narrow = $large; }' .\nweggli -R 'type=(short|int|long)' '{$type $large; char $narrow = $large; }' .\nweggli -R 'type=(int|long)' '{$type $large; short $narrow; $narrow = $large; }' .\nweggli -R 'type=(int|long)' '{$type $large; short $narrow = $large; }' .\nweggli '{long $large; int $narrow; $narrow = $large; }' .\nweggli '{long $large; int $narrow = $large; }' .\n\nweggli -R 'type=(short|int|long)' '_ $func($type $large) {char $narrow; $narrow = $large; }' .\nweggli -R 'type=(short|int|long)' '_ $func($type $large) {char $narrow = $large; }' .\nweggli -R 'type=(int|long)' '_ $func($type $large) {short $narrow; $narrow = $large; }' .\nweggli -R 'type=(int|long)' '_ $func($type $large) {short $narrow = $large; }' .\nweggli '_ $func(long $large) {int $narrow; $narrow = $large; }' .\nweggli '_ $func(long $large) {int $narrow = $large; }' .\n```\nThere are many possible variants of these patterns...\n\n### use of signed or short sizes, lengths, offsets, counts (CWE-190, CWE-680)\n```\nweggli 'short _' .\nweggli 'int _' .\n```\nSome possible variants: short int, unsigned short, unsigned short int, int.\n\n### cast of the return value of strlen(), wcslen() to short (CWE-190, CWE-680)\n```\nweggli -R 'func=(str|wcs)len$' '{short $len; $len=$func();}' .\n```\nSome possible variants: short int, unsigned short, unsigned short int, even signed int.\n\n### integer wraparound (CWE-128, CWE-131, CWE-190, CWE-680)\n```\nweggli -R 'func=allocf?$' '{$func(_*_);}' .\nweggli -R 'func=allocf?$' '{$func(_+_);}' .\nweggli -R 'func=allocf?$' '{$n=_*_; $func($n);}' .\nweggli -R 'func=allocf?$' '{$n=_+_; $func($n);}' .\n\nweggli -R 'alloc=allocf?$' -R 'copy=cpy$' '{$alloc($x*_); $copy(_,_,$x);}' .\nweggli -R 'alloc=allocf?$' -R 'copy=cpy$' '{$alloc($x+_); $copy(_,_,$x);}' .\nweggli -u -R 'alloc=allocf?$' -R 'copy=cpy$' '{$n=_*_; $alloc($n); $copy(_,_,$x);}' .\nweggli -u -R 'alloc=allocf?$' -R 'copy=cpy$' '{$n=_+_; $alloc($n); $copy(_,_,$x);}' .\n\nweggli '{$x\u003e_||($x+$y)\u003e_;}' .\nweggli '{$x\u003e=_||($x+$y)\u003e_;}' .\nweggli '{$x\u003e_||($x+$y)\u003e=_;}' .\nweggli '{$x\u003e=_||($x+$y)\u003e=_;}' .\nweggli '{$x\u003c_\u0026\u0026($x+$y)\u003c_;}' .\nweggli '{$x\u003c=_\u0026\u0026($x+$y)\u003c_;}' .\nweggli '{$x\u003c_\u0026\u0026($x+$y)\u003c=_;}' .\nweggli '{$x\u003c=_\u0026\u0026($x+$y)\u003c=_;}' .\n\nweggli '{$x\u003e_||($x*$y)\u003e_;}' .\nweggli '{$x\u003e=_||($x*$y)\u003e_;}' .\nweggli '{$x\u003e_||($x*$y)\u003e=_;}' .\nweggli '{$x\u003e=_||($x*$y)\u003e=_;}' .\nweggli '{$x\u003c_\u0026\u0026($x*$y)\u003c_;}' .\nweggli '{$x\u003c=_\u0026\u0026($x*$y)\u003c_;}' .\nweggli '{$x\u003c_\u0026\u0026($x*$y)\u003c=_;}' .\nweggli '{$x\u003c=_\u0026\u0026($x*$y)\u003c=_;}' .\n```\n`\u003c` should also cover `\u003e` and `\u003c=` should also cover `\u003e=`; however, let's keep all variants just to be sure.\n\n## format strings\n\n### call to printf(), scanf(), syslog() family functions (CWE-134)\n```\nweggli -R 'func=(printf|scanf|syslog)$' '{$func();}' .\n```\nSome possible variants: printk, warn, vwarn, warnx, vwarnx, err, verr, errx, verrx, warnc, vwarnc, errc, verrc, etc.\n\n## memory management\n\n### call to alloca() (CWE-676, CWE-1325)\n```\nweggli -R 'func=alloca$' '{$func();}' .\n```\n\n### use after free (CWE-416)\n```\nweggli '{free($ptr); not:$ptr=_; not:free($ptr); _($ptr);}' .\n```\n\n### double free (CWE-415)\n```\nweggli '{free($ptr); not:$ptr=_; free($ptr);}' .\n```\n\n### calling free() on memory not allocated in the heap (CWE-590)\n```\nweggli '{_ $ptr[]; free($ptr);}' .\nweggli '{_ $ptr[]=_; free($ptr);}' .\n\nweggli '{_ $ptr[]; $ptr2=$ptr; free($ptr2);}' .\nweggli '{_ $ptr[]=_; $ptr2=$ptr; free($ptr2);}' .\n\nweggli '{_ $var; free(\u0026$var);}' .\nweggli '{_ $var=_; free(\u0026$var);}' .\nweggli '{_ $var[]; free(\u0026$var);}' .\nweggli '{_ $var[]=_; free(\u0026$var);}' .\nweggli '{_ *$var; free(\u0026$var);}' .\nweggli '{_ *$var=_; free(\u0026$var);}' .\n\nweggli '{$ptr=alloca(_); free($ptr);}' .\n```\n\n### returning the address of a stack-allocated variable (CWE-562)\n```\nweggli '{_ $ptr[]; return $ptr;}' .\nweggli '{_ $ptr[]=_; return $ptr;}' .\n\nweggli '{_ $ptr[]; $ptr2=$ptr; return $ptr2;}' .\nweggli '{_ $ptr[]=_; $ptr2=$ptr; return $ptr2;}' .\n\nweggli '{_ $var; return \u0026$var;}' .\nweggli '{_ $var=_; return \u0026$var;}' .\nweggli '{_ $var[]; return \u0026$var;}' .\nweggli '{_ $var[]=_; return \u0026$var;}' .\nweggli '{_ *$var; return \u0026$var;}' .\nweggli '{_ *$var=_; return \u0026$var;}' .\n```\n\n### unchecked return code of malloc(), etc. (CWE-252, CWE-690)\n```\nweggli -R 'func=allocf?$' '{$ret=$func(); not:if(_($ret)){};}' .\n```\n\n### call to putenv() with a stack-allocated variable (CWE-686)\n```\nweggli '{_ $ptr[]; putenv($ptr);}' .\nweggli '{_ $ptr[]=_; putenv($ptr);}' .\n\nweggli '{_ $ptr[]; $ptr2=$ptr; putenv($ptr2);}' .\nweggli '{_ $ptr[]=_; $ptr2=$ptr; putenv($ptr2);}' .\n```\n\n### exposure of underlying memory addresses (CWE-200, CWE-209, CWE-497)\n```\nweggli -R 'func=printf$' -R 'fmt=(.*%\\w*x.*|.*%\\w*X.*|.*%\\w*p.*)' '{$func(\"$fmt\");}' .\n```\n\n### mismatched memory management routines (CWE-762)\n```\nweggli -R 'func=allocf?$|strdn?up$' '{not:$ptr=$func(); free($ptr);}' .\n\nweggli --cpp -R 'func=allocf?$|strn?dup$' '{not:$ptr=$func(); free($ptr);}' .\nweggli --cpp '{not:$ptr=new $obj; delete $ptr;}' .\n```\nApparently, delete[] is not supported so this won't work properly:\n```\nweggli --cpp '{not:$ptr=new $obj[$len]; delete[] $ptr;}' .\n```\n\n### use of uninitialized pointers (CWE-457, CWE-824, CWE-908)\n```\nweggli '{_* $ptr; not:$ptr=_; not:_(\u0026$ptr); $func($ptr);}' .\nweggli '{_* $ptr; not:$ptr=_; not:_(\u0026$ptr); _($ptr);}' .\n```\nThese patterns might generate many false positives that should be manually investigated.\n\n## command injection\n\n### call to system(), popen() (CWE-78, CWE-88, CWE-676)\n```\nweggli -R 'func=(system|popen)$' '{$func();}' .\nweggli -R 'func=(system|popen)$' '{$func($arg);}' .\n```\nThe second pattern is meant to filter out string literals, but it might cause some false negatives.\n\n## race conditions\n\n### call to access(), stat(), lstat() (CWE-367)\n```\nweggli -R 'func=(access|l?stat)$' '{$func();}' .\n```\n\n### call to mktemp(), tmpnam(), tempnam() (CWE-377)\n```\nweggli -R 'func=(mktemp|te?mpnam)$' '{$func();}' .\n```\n\n### call to signal() (CWE-364, CWE-479, CWE-828)\n```\nweggli -R 'func=signal$' '{$func();}' .\n```\n\n## privilege management\n\n### privilege management functions called in the wrong order (CWE-696)\n```\nweggli '{not:setuid(0); setuid(); setgid();}' .\nweggli '{not:seteuid(0); seteuid(); not:seteuid(0); setegid();}' .\nweggli '{not:seteuid(0); seteuid(); not:seteuid(0); setuid();}' .\nweggli '{not:seteuid(0); seteuid(); not:seteuid(0); seteuid();}' .\n```\n\n### unchecked return code of setuid(), seteuid() (CWE-252)\n```\nweggli -R 'func=sete?uid$' '{strict:$func();}' .\n```\n\n## miscellaneous\n\n### wrong order of arguments in call to memset() \n```\nweggli -R 'func=memset(_explicit)?$' '{$func(_,_,0);}' .\nweggli -R 'func=memset(_explicit)?$' '{$func(_,sizeof(_),_);}' .\n```\n\n### call to rand(), srand() (CWE-330, CWE-338)\n```\nweggli -R 'func=s?rand$' '{$func();}' .\n```\n\n### source and destination overlap in sprintf(), snprintf()\n```\nweggli -R 'func=^sn?printf$' '{$func($dst,_,$dst);}' .\nweggli -R 'func=^sn?printf$' '{$func($dst,_,_,$dst);}' .\nweggli -R 'func=^sn?printf$' '{$func($dst,_,_,_,$dst);}' .\n```\nAnd so on...\n\n### size check implemented with an assertion macro\n```\nweggli -R 'assert=(?i)^\\w*assert\\w*\\s*$' '{$assert(_\u003c_);}' .\nweggli -R 'assert=(?i)^\\w*assert\\w*\\s*$' '{$assert(_\u003c=_);}' .\nweggli -R 'assert=(?i)^\\w*assert\\w*\\s*$' '{$assert(_\u003e_);}' .\nweggli -R 'assert=(?i)^\\w*assert\\w*\\s*$' '{$assert(_\u003e=_);}' .\n```\n`\u003c` should also cover `\u003e` and `\u003c=` should also cover `\u003e=`; however, let's keep all variants just to be sure.\n\n### unchecked return code of scanf(), etc. (CWE-252)\n```\nweggli -R 'func=scanf$' '{strict:$func();}' .\n```\n\n### call to atoi(), atol(), atof(), atoll()\n```\nweggli -R 'func=ato(i|ll?|f)$' '{$func();}' .\n```\n\n### command-line argument or environment variable access\n```\nweggli -R 'var=argv|envp' '{$var[_];}' .\n```\n\n### missing default case in a switch construct (CWE-478)\n```\nweggli -l 'switch(_) {_; not:default:_; _;}' .\n```\n`-l` might be overkill and lead to missing additional matches in the same function.\n\n### missing break or equivalent statement in a switch construct (CWE-484)\n```\nweggli -l 'switch(_) {case _: not:break; not:exit; not:return; not:goto _; case _:_;}' .\n```\n`-l` might be overkill and lead to missing additional matches in the same function.\n\n### missing return statement in a non-void function (CWE-393, CWE-394)\n```\nweggli -R 'type!=void' '$type $func(_) {_; not:return;}' .\n```\n\n### typos with security implications (CWE-480, CWE-481, CWE-482, CWE-483)\n```\nweggli '{for (_==_;_;_) {}}' .\nweggli 'if (_=_) {}' .\nweggli 'if (_\u0026_) {}' .\nweggli 'if (_|_) {}' .\nweggli '{_=+_;}' .\nweggli '{_=-_;}' .\nweggli -R 'func=strn?cpy$' 'if ($func()==_) {}' .\n```\nThere are many possible additional patterns in this category...\n\n### keywords that suggest the presence of bugs\n```\nweggli -R 'pattern=(?i)(unsafe|insecure|dangerous|warning|overflow)' '$pattern' .\n\nweggli -R 'func=(?i)(encode|decode|convert|interpret|compress|fragment|reassemble)' '_ $func(_) {}' .\nweggli -R 'func=(?i)(mutex|lock|toctou|parallelism|semaphore|retain|release|garbage|mutual)' '_ $func(_) {}' .\n```\nThere are many possible additional patterns in this category...\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdea%2Fweggli-patterns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xdea%2Fweggli-patterns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xdea%2Fweggli-patterns/lists"}