Add security syntactic checker for mktemp.
Patch by Lei Zhang! llvm-svn: 90444
This commit is contained in:
parent
98f2067ca4
commit
39bba629f3
|
@ -23,6 +23,7 @@ class WalkAST : public StmtVisitor<WalkAST> {
|
||||||
BugReporter &BR;
|
BugReporter &BR;
|
||||||
IdentifierInfo *II_gets;
|
IdentifierInfo *II_gets;
|
||||||
IdentifierInfo *II_getpw;
|
IdentifierInfo *II_getpw;
|
||||||
|
IdentifierInfo *II_mktemp;
|
||||||
enum { num_rands = 9 };
|
enum { num_rands = 9 };
|
||||||
IdentifierInfo *II_rand[num_rands];
|
IdentifierInfo *II_rand[num_rands];
|
||||||
IdentifierInfo *II_random;
|
IdentifierInfo *II_random;
|
||||||
|
@ -31,7 +32,8 @@ class WalkAST : public StmtVisitor<WalkAST> {
|
||||||
|
|
||||||
public:
|
public:
|
||||||
WalkAST(BugReporter &br) : BR(br),
|
WalkAST(BugReporter &br) : BR(br),
|
||||||
II_gets(0), II_getpw(0), II_rand(), II_random(0), II_setid() {}
|
II_gets(0), II_getpw(0), II_mktemp(0),
|
||||||
|
II_rand(), II_random(0), II_setid() {}
|
||||||
|
|
||||||
// Statement visitor methods.
|
// Statement visitor methods.
|
||||||
void VisitCallExpr(CallExpr *CE);
|
void VisitCallExpr(CallExpr *CE);
|
||||||
|
@ -48,6 +50,7 @@ public:
|
||||||
void CheckLoopConditionForFloat(const ForStmt *FS);
|
void CheckLoopConditionForFloat(const ForStmt *FS);
|
||||||
void CheckCall_gets(const CallExpr *CE, const FunctionDecl *FD);
|
void CheckCall_gets(const CallExpr *CE, const FunctionDecl *FD);
|
||||||
void CheckCall_getpw(const CallExpr *CE, const FunctionDecl *FD);
|
void CheckCall_getpw(const CallExpr *CE, const FunctionDecl *FD);
|
||||||
|
void CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD);
|
||||||
void CheckCall_rand(const CallExpr *CE, const FunctionDecl *FD);
|
void CheckCall_rand(const CallExpr *CE, const FunctionDecl *FD);
|
||||||
void CheckCall_random(const CallExpr *CE, const FunctionDecl *FD);
|
void CheckCall_random(const CallExpr *CE, const FunctionDecl *FD);
|
||||||
void CheckUncheckedReturnValue(CallExpr *CE);
|
void CheckUncheckedReturnValue(CallExpr *CE);
|
||||||
|
@ -79,6 +82,7 @@ void WalkAST::VisitCallExpr(CallExpr *CE) {
|
||||||
if (const FunctionDecl *FD = CE->getDirectCallee()) {
|
if (const FunctionDecl *FD = CE->getDirectCallee()) {
|
||||||
CheckCall_gets(CE, FD);
|
CheckCall_gets(CE, FD);
|
||||||
CheckCall_getpw(CE, FD);
|
CheckCall_getpw(CE, FD);
|
||||||
|
CheckCall_mktemp(CE, FD);
|
||||||
CheckCall_rand(CE, FD);
|
CheckCall_rand(CE, FD);
|
||||||
CheckCall_random(CE, FD);
|
CheckCall_random(CE, FD);
|
||||||
}
|
}
|
||||||
|
@ -287,6 +291,42 @@ void WalkAST::CheckCall_getpw(const CallExpr *CE, const FunctionDecl *FD) {
|
||||||
CE->getLocStart(), &R, 1);
|
CE->getLocStart(), &R, 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//===----------------------------------------------------------------------===//
|
||||||
|
// Check: Any use of 'mktemp' is insecure.It is obsoleted by mkstemp().
|
||||||
|
// CWE-377: Insecure Temporary File
|
||||||
|
//===----------------------------------------------------------------------===//
|
||||||
|
|
||||||
|
void WalkAST::CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD) {
|
||||||
|
if (FD->getIdentifier() != GetIdentifier(II_mktemp, "mktemp"))
|
||||||
|
return;
|
||||||
|
|
||||||
|
const FunctionProtoType *FPT = dyn_cast<FunctionProtoType>(FD->getType());
|
||||||
|
if(!FPT)
|
||||||
|
return;
|
||||||
|
|
||||||
|
// Verify that the funcion takes a single argument.
|
||||||
|
if (FPT->getNumArgs() != 1)
|
||||||
|
return;
|
||||||
|
|
||||||
|
// Verify that the argument is Pointer Type.
|
||||||
|
const PointerType *PT = dyn_cast<PointerType>(FPT->getArgType(0));
|
||||||
|
if (!PT)
|
||||||
|
return;
|
||||||
|
|
||||||
|
// Verify that the argument is a 'char*'.
|
||||||
|
if (PT->getPointeeType().getUnqualifiedType() != BR.getContext().CharTy)
|
||||||
|
return;
|
||||||
|
|
||||||
|
// Issue a waring.
|
||||||
|
SourceRange R = CE->getCallee()->getSourceRange();
|
||||||
|
BR.EmitBasicReport("Potential insecure temporary file in call 'mktemp'",
|
||||||
|
"Security",
|
||||||
|
"Call to function 'mktemp' is insecure as it always "
|
||||||
|
"creates or uses insecure temporary file",
|
||||||
|
CE->getLocStart(), &R, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//===----------------------------------------------------------------------===//
|
//===----------------------------------------------------------------------===//
|
||||||
// Check: Linear congruent random number generators should not be used
|
// Check: Linear congruent random number generators should not be used
|
||||||
// Originally: <rdar://problem/63371000>
|
// Originally: <rdar://problem/63371000>
|
||||||
|
|
Loading…
Reference in New Issue