mango seems unable to identify "sprintf" vulnerabilities

[randomssr]

Dear Authors,

I am truly honored to have the opportunity to read your paper, and I sincerely appreciate your open-sourcing of the code. However, I encountered some issues while using it and would like to seek your guidance.

I used Mango to reproduce the cstecgi.cgi vulnerability in the TOTOLINK EX1200L, with the following commands, but did not find any sprintf-related vulnerabilities, even though some vulnerabilities have already been reported as CVEs. I would greatly appreciate your insights on this matter.

The command is
mango squashfs-root/www/cgi-bin/cstecgi.cgi --env-dict ex1200/env.json --results ex1200/websgetvar --category strfmt --source websGetVar --keyword-dict keywords.json

The execution is normal.

The CVE-2024-7909 is as follows, and mango could not find any errors concerned with sprintfhttps://github.com/BeaCox/IoT_vuln/tree/main/totolink/EX1200L/setLanguageCfg_bof

[Cl4sm]

Hi! This is a bug in mango, the str-fmt option for vulnerabilities is not written correctly.
I made a potential fix in #9, but it's not complete. The first arg doesn't actually get evaluated via the sprintf mango handler since it's considered a sink when the strfmt category is active. This will lead to excessive false positives as is.
When I have time I'll come back and fix it.