Test case? On Dec 3, 2009, at 1:15 AM, Zhongxing Xu wrote:
> Author: zhongxingxu > Date: Thu Dec 3 03:15:23 2009 > New Revision: 90444 > > URL: http://llvm.org/viewvc/llvm-project?rev=90444&view=rev > Log: > Add security syntactic checker for mktemp. > Patch by Lei Zhang! > > Modified: > cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp > > Modified: cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp > URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp?rev=90444&r1=90443&r2=90444&view=diff > > ============================================================================== > --- cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp (original) > +++ cfe/trunk/lib/Analysis/CheckSecuritySyntaxOnly.cpp Thu Dec 3 03:15:23 > 2009 > @@ -23,6 +23,7 @@ > BugReporter &BR; > IdentifierInfo *II_gets; > IdentifierInfo *II_getpw; > + IdentifierInfo *II_mktemp; > enum { num_rands = 9 }; > IdentifierInfo *II_rand[num_rands]; > IdentifierInfo *II_random; > @@ -31,7 +32,8 @@ > > public: > WalkAST(BugReporter &br) : BR(br), > - II_gets(0), II_getpw(0), II_rand(), II_random(0), II_setid() {} > + II_gets(0), II_getpw(0), II_mktemp(0), > + II_rand(), II_random(0), II_setid() {} > > // Statement visitor methods. > void VisitCallExpr(CallExpr *CE); > @@ -48,6 +50,7 @@ > void CheckLoopConditionForFloat(const ForStmt *FS); > void CheckCall_gets(const CallExpr *CE, const FunctionDecl *FD); > void CheckCall_getpw(const CallExpr *CE, const FunctionDecl *FD); > + void CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD); > void CheckCall_rand(const CallExpr *CE, const FunctionDecl *FD); > void CheckCall_random(const CallExpr *CE, const FunctionDecl *FD); > void CheckUncheckedReturnValue(CallExpr *CE); > @@ -79,6 +82,7 @@ > if (const FunctionDecl *FD = CE->getDirectCallee()) { > CheckCall_gets(CE, FD); > CheckCall_getpw(CE, FD); > + CheckCall_mktemp(CE, FD); > CheckCall_rand(CE, FD); > CheckCall_random(CE, FD); > } > @@ -288,6 +292,42 @@ > } > > //===----------------------------------------------------------------------===// > +// Check: Any use of 'mktemp' is insecure.It is obsoleted by mkstemp(). > +// CWE-377: Insecure Temporary File > +//===----------------------------------------------------------------------===// > + > +void WalkAST::CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD) { > + if (FD->getIdentifier() != GetIdentifier(II_mktemp, "mktemp")) > + return; > + > + const FunctionProtoType *FPT = dyn_cast<FunctionProtoType>(FD->getType()); > + if(!FPT) > + return; > + > + // Verify that the funcion takes a single argument. > + if (FPT->getNumArgs() != 1) > + return; > + > + // Verify that the argument is Pointer Type. > + const PointerType *PT = dyn_cast<PointerType>(FPT->getArgType(0)); > + if (!PT) > + return; > + > + // Verify that the argument is a 'char*'. > + if (PT->getPointeeType().getUnqualifiedType() != BR.getContext().CharTy) > + return; > + > + // Issue a waring. > + SourceRange R = CE->getCallee()->getSourceRange(); > + BR.EmitBasicReport("Potential insecure temporary file in call 'mktemp'", > + "Security", > + "Call to function 'mktemp' is insecure as it always " > + "creates or uses insecure temporary file", > + CE->getLocStart(), &R, 1); > +} > + > + > +//===----------------------------------------------------------------------===// > // Check: Linear congruent random number generators should not be used > // Originally: <rdar://problem/63371000> > // CWE-338: Use of cryptographically weak prng > > > _______________________________________________ > cfe-commits mailing list > [email protected] > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits _______________________________________________ cfe-commits mailing list [email protected] http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
