Fixed CWE367: use symbols defined in config.json (#28)

4034acbb · Thomas Barabosch · Enkelmann · 08951c01 · 4034acbb · 4034acbb
Commit 4034acbb authored Jul 19, 2019 by Thomas Barabosch Committed by Enkelmann Jul 19, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 30 additions and 24 deletions

CHANGES.md CHANGES.md +1 -0

cwe_367.ml src/checkers/cwe_367.ml +29 -24

No files found.
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,6 +2,7 @@ dev
 ====

 -   Added more documentation to checks (PR #26)
+-   Fixed check CWE367: use symbols defined in config.json (PR #28)

 0.2 (2019-06-25)
 =====

--- a/src/checkers/cwe_367.ml
+++ b/src/checkers/cwe_367.ml
@@ -34,29 +34,34 @@ let is_reachable sub source sink =
  let sink_blk = get_blk_tid_of_tid sub sink_tid in
  Graphlib.Std.Graphlib.is_reachable (module Graphs.Tid) cfg source_blk sink_blk

-let handle_sub sub program tid_map _symbols source sink =
-  if (Symbol_utils.sub_calls_symbol program sub source) && (Symbol_utils.sub_calls_symbol program sub sink) then
-    begin
-      let calls = Symbol_utils.get_direct_callsites_of_sub sub in
-      let source_calls = get_calls_to_symbol source calls program in
-      let sink_calls = get_calls_to_symbol sink calls program in
-      Seq.iter source_calls ~f:(fun source_call ->
-          Seq.iter sink_calls ~f:(fun sink_call ->
-                                if is_reachable sub source_call sink_call then
-                                  Log_utils.warn
-                                    "[%s] {%s} (Time-of-check Time-of-use Race Condition) %s is reachable from %s at %s (%s). This could lead to a TOCTOU."
-                                    name
-                                    version
-                                    sink
-                                    source
-                                    (Address_translation.translate_tid_to_assembler_address_string (Term.tid sub) tid_map)
-                                    (Term.name sub)
-                                else
-                                  ()))
+let handle_sub sub program tid_map _symbols source_sink_pair =
+  match source_sink_pair with
+  | [source;sink;] -> begin
+      if (Symbol_utils.sub_calls_symbol program sub source) && (Symbol_utils.sub_calls_symbol program sub sink) then
+        begin
+          let calls = Symbol_utils.get_direct_callsites_of_sub sub in
+          let source_calls = get_calls_to_symbol source calls program in
+          let sink_calls = get_calls_to_symbol sink calls program in
+          Seq.iter source_calls ~f:(fun source_call ->
+              Seq.iter sink_calls ~f:(fun sink_call ->
+                  if is_reachable sub source_call sink_call then
+                    Log_utils.warn
+                      "[%s] {%s} (Time-of-check Time-of-use Race Condition) %s is reachable from %s at %s (%s). This could lead to a TOCTOU."
+                      name
+                      version
+                      sink
+                      source
+                      (Address_translation.translate_tid_to_assembler_address_string (Term.tid sub) tid_map)
+                      (Term.name sub)
+                  else
+                    ()))
+        end
+      else
+        ()
    end
-  else
-    ()
+  | _ -> ()

-let check_cwe program _proj tid_map _symbol_pairs _ =
-  let symbols = Symbol_utils.build_symbols ["access"; "open";] in
-  Seq.iter (Term.enum sub_t program) ~f:(fun s -> handle_sub s program tid_map symbols "access" "open")
+let check_cwe program _proj tid_map symbol_pairs _ =
+  List.iter symbol_pairs ~f:(fun current_pair -> 
+  let symbols = Symbol_utils.build_symbols current_pair in
+  Seq.iter (Term.enum sub_t program) ~f:(fun s -> handle_sub s program tid_map symbols current_pair))