work

jsinglet · jsinglet · commit 40cbfc705fab · 2022-09-22T13:11:41.000-04:00
diff --git a/c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected b/c/cert/test/rules/CON34-C/AppropriateThreadObjectStorageDurations.expected
@@ -1 +1,4 @@
-No expected results have yet been specified
+| main.c:23:3:23:13 | call to thrd_create | $@ not declared with appropriate storage duration | main.c:23:24:23:29 | & ... | Shared object |
+| main.c:74:3:74:13 | call to thrd_create | $@ not declared with appropriate storage duration | main.c:74:24:74:24 | p | Shared object |
+| main.c:85:3:85:13 | call to thrd_create | $@ not declared with appropriate storage duration | main.c:85:24:85:24 | p | Shared object |
+| main.c:94:3:94:13 | call to thrd_create | $@ not declared with appropriate storage duration | main.c:94:24:94:24 | p | Shared object |
diff --git a/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected b/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.expected
@@ -0,0 +1 @@
+| main.c:14:7:14:13 | call to tss_get | Call to a thread specific storage function from within a threaded context on an object that may not be owned by this thread. |
diff --git a/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.qlref b/c/cert/test/rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.qlref
@@ -0,0 +1 @@
+rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql
diff --git a/c/cert/test/rules/CON34-C/main.c b/c/cert/test/rules/CON34-C/main.c
@@ -55,24 +55,62 @@ void m5() {
   thrd_t id;
   int *value = (int *)malloc(sizeof(int));
 
+  tss_create(&k, free);
   tss_set(k, value);
 
   void *p = tss_get(k);
 
   thrd_create(&id, t1, p); // COMPLIANT
 }
 
-void m6(void *v) {
+void m5a() {
+  thrd_t id;
+  int *value = (int *)malloc(sizeof(int));
+
+  tss_set(k, value);
+
+  void *p = tss_get(k);
+
+  thrd_create(&id, t1, p); // NON_COMPLIANT - k not initialized.
+}
+
+void m6() {
+  thrd_t id;
+  int *value = (int *)malloc(sizeof(int));
+
+  tss_create(&k, free);
+
+  void *p = tss_get(k);
+
+  thrd_create(&id, t1, p); // NON_COMPLIANT -- get without set
+}
+
+void m6a() {
+  thrd_t id;
+  int *value = (int *)malloc(sizeof(int));
+
+  void *p = tss_get(k);
+
+  thrd_create(&id, t1, p); // NON_COMPLIANT -- get without set
+}
+
+void m7(void *v) {
   int *value =
       tss_get(k); // COMPLIANT (AUDIT) - A non-threaded function without a
                   // `tss_set` should not be considered suspicious.
   int a = *value + 1;
 }
 
-void m7() {
+void m8() {
   thrd_t id;
   int *value = (int *)malloc(sizeof(int));
   thrd_create(&id, t2,
               value); // COMPLIANT - note that t2 (which is now a threaded
                       // function) is NON_COMPLIANT in an audit query.
 }
+
+void m9() {
+  thrd_t id;
+  static int value = 100;
+  thrd_create(&id, t1, &value); // COMPLIANT - compliant for static values.
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+\| main.c:14:7:14:13 \| call to tss_get \| Call to a thread specific storage function from within a threaded context on an object that may not be owned by this thread. \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+rules/CON34-C/ThreadObjectStorageDurationsNotInitialized.ql`