step-31

xcorail · xcorail · commit 112ced996bda · 2020-01-31T15:52:54.000+01:00
diff --git a/courses/cpp/uboot/answers/31_taint_tracking.ql b/courses/cpp/uboot/answers/31_taint_tracking.ql
@@ -0,0 +1,31 @@
+/**
+* @kind path-problem
+*/
+
+import cpp
+import semmle.code.cpp.dataflow.TaintTracking
+import DataFlow::PathGraph
+ 
+class NetworkRead extends Expr {
+  NetworkRead() {
+      exists(MacroInvocation i | this = i.getExpr()
+        and i.getMacroName().regexpMatch("ntoh(l|ll|s)"))
+  }
+}
+
+class Config extends TaintTracking::Configuration {
+  Config() { this = "NetworkToMemFuncLength" }
+ 
+  override predicate isSource(DataFlow::Node source) {
+      source.asExpr() instanceof NetworkRead
+  }
+ 
+  override predicate isSink(DataFlow::Node sink) {
+    exists (FunctionCall fc |
+        sink.asExpr() = fc.getArgument(2) and fc.getTarget().getName()= "memcpy")
+  }
+}
+
+from Config cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+where cfg.hasFlowPath(source, sink)
+select sink, source, sink, "ntoh flows to memcpy"
diff --git a/courses/cpp/uboot/image/config/config.json b/courses/cpp/uboot/image/config/config.json
@@ -8,6 +8,7 @@
     "21_memcpy_calls.ql": "step-21.csv",
     "22_macro_invocations.ql": "step-22.csv",
     "23_macro_expressions.ql": "step_23.csv",
-    "24_class_network_reads.ql": "step-24.csv"
+    "24_class_network_reads.ql": "step-24.csv",
+    "31_taint_tracking": false
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`"21_memcpy_calls.ql": "step-21.csv",`
`9`	`9`	`"22_macro_invocations.ql": "step-22.csv",`
`10`	`10`	`"23_macro_expressions.ql": "step_23.csv",`
`11`		`- "24_class_network_reads.ql": "step-24.csv"`
	`11`	`+ "24_class_network_reads.ql": "step-24.csv",`
	`12`	`+ "31_taint_tracking": false`
`12`	`13`	`}`
`13`	`14`	`}`