[cfe-commits] r90444 - /cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp
Ted Kremenek
kremenek at apple.com
Fri Dec 4 10:01:30 PST 2009
Test case?
On Dec 3, 2009, at 1:15 AM, Zhongxing Xu wrote:
> Author: zhongxingxu
> Date: Thu Dec 3 03:15:23 2009
> New Revision: 90444
>
> URL: http://llvm.org/viewvc/llvm-project?rev=90444&view=rev
> Log:
> Add security syntactic checker for mktemp.
> Patch by Lei Zhang!
>
> Modified:
> cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp
>
> Modified: cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp
> URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp?rev=90444&r1=90443&r2=90444&view=diff
>
> ==============================================================================
> --- cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp (original)
> +++ cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp Thu Dec 3 03:15:23 2009
> @@ -23,6 +23,7 @@
> BugReporter &BR;
> IdentifierInfo *II_gets;
> IdentifierInfo *II_getpw;
> + IdentifierInfo *II_mktemp;
> enum { num_rands = 9 };
> IdentifierInfo *II_rand[num_rands];
> IdentifierInfo *II_random;
> @@ -31,7 +32,8 @@
>
> public:
> WalkAST(BugReporter &br) : BR(br),
> - II_gets(0), II_getpw(0), II_rand(), II_random(0), II_setid() {}
> + II_gets(0), II_getpw(0), II_mktemp(0),
> + II_rand(), II_random(0), II_setid() {}
>
> // Statement visitor methods.
> void VisitCallExpr(CallExpr *CE);
> @@ -48,6 +50,7 @@
> void CheckLoopConditionForFloat(const ForStmt *FS);
> void CheckCall_gets(const CallExpr *CE, const FunctionDecl *FD);
> void CheckCall_getpw(const CallExpr *CE, const FunctionDecl *FD);
> + void CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD);
> void CheckCall_rand(const CallExpr *CE, const FunctionDecl *FD);
> void CheckCall_random(const CallExpr *CE, const FunctionDecl *FD);
> void CheckUncheckedReturnValue(CallExpr *CE);
> @@ -79,6 +82,7 @@
> if (const FunctionDecl *FD = CE->getDirectCallee()) {
> CheckCall_gets(CE, FD);
> CheckCall_getpw(CE, FD);
> + CheckCall_mktemp(CE, FD);
> CheckCall_rand(CE, FD);
> CheckCall_random(CE, FD);
> }
> @@ -288,6 +292,42 @@
> }
>
> //===----------------------------------------------------------------------===//
> +// Check: Any use of 'mktemp' is insecure.It is obsoleted by mkstemp().
> +// CWE-377: Insecure Temporary File
> +//===----------------------------------------------------------------------===//
> +
> +void WalkAST::CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD) {
> + if (FD->getIdentifier() != GetIdentifier(II_mktemp, "mktemp"))
> + return;
> +
> + const FunctionProtoType *FPT = dyn_cast<FunctionProtoType>(FD->getType());
> + if(!FPT)
> + return;
> +
> + // Verify that the funcion takes a single argument.
> + if (FPT->getNumArgs() != 1)
> + return;
> +
> + // Verify that the argument is Pointer Type.
> + const PointerType *PT = dyn_cast<PointerType>(FPT->getArgType(0));
> + if (!PT)
> + return;
> +
> + // Verify that the argument is a 'char*'.
> + if (PT->getPointeeType().getUnqualifiedType() != BR.getContext().CharTy)
> + return;
> +
> + // Issue a waring.
> + SourceRange R = CE->getCallee()->getSourceRange();
> + BR.EmitBasicReport("Potential insecure temporary file in call 'mktemp'",
> + "Security",
> + "Call to function 'mktemp' is insecure as it always "
> + "creates or uses insecure temporary file",
> + CE->getLocStart(), &R, 1);
> +}
> +
> +
> +//===----------------------------------------------------------------------===//
> // Check: Linear congruent random number generators should not be used
> // Originally: <rdar://problem/63371000>
> // CWE-338: Use of cryptographically weak prng
>
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
More information about the cfe-commits
mailing list