Skip to content

added the function name to message in a couple of rules #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
parsiya wants to merge 1 commit into
base: main
Choose a base branch
from
+80 −68
Open

added the function name to message in a couple of rules #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions c/command-injection.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ rules:
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
confidence: HIGH
message: >-
The program invokes a potentially dangerous function that could
The program invokes $FUN', a potentially dangerous function that could
introduce a vulnerability if it is used incorrectly, but the function
can also be used safely.
The software constructs all or part of an OS command using
Expand All @@ -23,7 +23,10 @@ rules:
- c
- cpp
patterns:
- pattern-either:
- pattern: system(...)
- pattern: popen(...)
- pattern: $FUN(...)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
- pattern: system
- pattern: popen
- pattern-not: $FUN("...", ...)
137 changes: 73 additions & 64 deletions c/format-string-bugs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ rules:
confidence: MEDIUM
# NOTE: generic va_list matching for custom functions is not covered.
message: >-
The software uses a function that accepts a format string as an
The software uses '$FUN' that accepts a format string as an
argument, but the format string originates from an external source.
When an attacker can modify an externally-controlled format string,
this can lead to buffer overflows, denial of service, or data
Expand All @@ -29,72 +29,81 @@ rules:
pattern-either:
# format string in 1st arg
- patterns:
- pattern-either:
# printf family
- pattern: printf(...)
- pattern: vprintf(...)
- pattern: wprintf(...)
- pattern: vwprintf(...)
- pattern: vcprintf(...)
- pattern: vcwprintf(...)
- pattern: vscprintf(...)
- pattern: vscwprintf(...)
- pattern: printk(...)
# scanf family
- pattern: scanf(...)
- pattern: vscanf(...)
- pattern: wscanf(...)
- pattern: vwscanf(...)
# err/warn family
- pattern: warn(...)
- pattern: vwarn(...)
- pattern: warnx(...)
- pattern: vwarnx(...)
- pattern: $FUN(...)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
# printf family
- pattern: printf
- pattern: vprintf
- pattern: wprintf
- pattern: vwprintf
- pattern: vcprintf
- pattern: vcwprintf
- pattern: vscprintf
- pattern: vscwprintf
- pattern: printk
# scanf family
- pattern: scanf
- pattern: vscanf
- pattern: wscanf
- pattern: vwscanf
# err/warn family
- pattern: warn
- pattern: vwarn
- pattern: warnx
- pattern: vwarnx
- pattern-not: $FUN("...", ...)
# format string in 2nd arg
- patterns:
- pattern-either:
# printf family
- pattern: fprintf(...)
- pattern: vfprintf(...)
- pattern: fwprintf(...)
- pattern: vfwprintf(...)
- pattern: sprintf(...)
- pattern: vsprintf(...)
- pattern: asprintf(...)
- pattern: vasprintf(...)
- pattern: dprintf(...)
- pattern: vdprintf(...)
- pattern: wsprintf(...)
# scanf family
- pattern: fscanf(...)
- pattern: vfscanf(...)
- pattern: fwscanf(...)
- pattern: vfwscanf(...)
- pattern: sscanf(...)
- pattern: vsscanf(...)
- pattern: swscanf(...)
- pattern: vswscanf(...)
# syslog family
- pattern: syslog(...)
- pattern: vsyslog(...)
# err/warn family
- pattern: err(...)
- pattern: verr(...)
- pattern: errx(...)
- pattern: verrx(...)
- pattern: warnc(...)
- pattern: vwarnc(...)
- pattern: $FUN(...)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
# printf family
- pattern: fprintf
- pattern: vfprintf
- pattern: fwprintf
- pattern: vfwprintf
- pattern: sprintf
- pattern: vsprintf
- pattern: asprintf
- pattern: vasprintf
- pattern: dprintf
- pattern: vdprintf
- pattern: wsprintf
# scanf family
- pattern: fscanf
- pattern: vfscanf
- pattern: fwscanf
- pattern: vfwscanf
- pattern: sscanf
- pattern: vsscanf
- pattern: swscanf
- pattern: vswscanf
# syslog family
- pattern: syslog
- pattern: vsyslog
# err/warn family
- pattern: err
- pattern: verr
- pattern: errx
- pattern: verrx
- pattern: warnc
- pattern: vwarnc
- pattern-not: $FUN($ARG1, "...", ...)
# format string in 3rd arg
- patterns:
- pattern-either:
# printf family
- pattern: snprintf(...)
- pattern: vsnprintf(...)
- pattern: swprintf(...)
- pattern: vswprintf(...)
# err/warn family
- pattern: errc(...)
- pattern: verrc(...)
- pattern-not: $FUN($ARG1, $ARG2, "...", ...)
- pattern: $FUN(...)
- metavariable-pattern:
metavariable: $FUN
pattern-either:
# printf family
- pattern: snprintf
- pattern: vsnprintf
- pattern: swprintf
- pattern: vswprintf
# err/warn family
- pattern: errc
- pattern: verrc
- pattern-not: $FUN($ARG1, $ARG2, "...", ...)