pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[quandary] add more exec sinks

Browse Source 
Reviewed By: the-st0rm

Differential Revision: D5063078

fbshipit-source-id: 8c831b5
master
Sam Blackshear 8 years ago committed by Facebook Github Bot
parent 73e9963b76
commit d5f4784e61
3 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
infer/src/quandary/ClangTrace.ml
Unescape View File

@ -145,7 +145,7 @@ module SinkKind = struct
| Typ.Procname.C _ -> | Typ.Procname.C _ ->
begin begin
match Typ.Procname.to_string pname with match Typ.Procname.to_string pname with
| "execl" | "execlp" | "execle" | "execv" | "execvp" -> | "execl" | "execlp" | "execle" | "execv" | "execve" | "execvp" | "system" ->
taint_all actuals ShellExec ~report_reachable:false taint_all actuals ShellExec ~report_reachable:false
| "brk" | "calloc" | "malloc" | "realloc" | "sbrk" -> | "brk" | "calloc" | "malloc" | "realloc" | "sbrk" ->
taint_all actuals Allocation ~report_reachable:false taint_all actuals Allocation ~report_reachable:false

6
infer/tests/codetoanalyze/cpp/quandary/execs.cpp
Unescape View File

@ -71,6 +71,12 @@ int callExecBad() {
return execv(NULL, arrSource); return execv(NULL, arrSource);
case 11: case 11:
return execvp(NULL, arrSource); return execvp(NULL, arrSource);
case 12:
return execve(stringSource, NULL, NULL);
case 13:
return execve(NULL, arrSource, NULL);
case 14:
return system(stringSource);
} }
return 0; return 0;
} }

3
infer/tests/codetoanalyze/cpp/quandary/issues.exp
Unescape View File

@ -29,6 +29,9 @@ codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 21, QUANDARY_TAINT_ERR
codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 23, QUANDARY_TAINT_ERROR, [return from getenv,call to execvp] codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 23, QUANDARY_TAINT_ERROR, [return from getenv,call to execvp]
codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 25, QUANDARY_TAINT_ERROR, [return from getenv,call to execv] codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 25, QUANDARY_TAINT_ERROR, [return from getenv,call to execv]
codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 27, QUANDARY_TAINT_ERROR, [return from getenv,call to execvp] codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 27, QUANDARY_TAINT_ERROR, [return from getenv,call to execvp]
codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 29, QUANDARY_TAINT_ERROR, [return from getenv,call to execve]
codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 31, QUANDARY_TAINT_ERROR, [return from getenv,call to execve]
codetoanalyze/cpp/quandary/execs.cpp, execs::callExecBad, 33, QUANDARY_TAINT_ERROR, [return from getenv,call to system]
codetoanalyze/cpp/quandary/files.cpp, files::read_file_call_exec_bad1, 5, QUANDARY_TAINT_ERROR, [return from std::basic_istream<char,std::char_traits<char>>_read,call to execle] codetoanalyze/cpp/quandary/files.cpp, files::read_file_call_exec_bad1, 5, QUANDARY_TAINT_ERROR, [return from std::basic_istream<char,std::char_traits<char>>_read,call to execle]
codetoanalyze/cpp/quandary/files.cpp, files::read_file_call_exec_bad2, 5, QUANDARY_TAINT_ERROR, [return from std::basic_istream<char,std::char_traits<char>>_readsome,call to execle] codetoanalyze/cpp/quandary/files.cpp, files::read_file_call_exec_bad2, 5, QUANDARY_TAINT_ERROR, [return from std::basic_istream<char,std::char_traits<char>>_readsome,call to execle]
codetoanalyze/cpp/quandary/files.cpp, files::read_file_call_exec_bad3, 5, QUANDARY_TAINT_ERROR, [return from std::basic_istream<char,std::char_traits<char>>_getline,call to execle] codetoanalyze/cpp/quandary/files.cpp, files::read_file_call_exec_bad3, 5, QUANDARY_TAINT_ERROR, [return from std::basic_istream<char,std::char_traits<char>>_getline,call to execle]

Write Preview
Loading…
Cancel
Save