Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
C
cwe_checker
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
fact-depend
cwe_checker
Commits
784569d5
Unverified
Commit
784569d5
authored
Mar 04, 2021
by
Enkelmann
Committed by
GitHub
Mar 04, 2021
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
CWE560: better bounds for sane umask arguments (#153)
parent
b20691f2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
7 additions
and
5 deletions
+7
-5
cwe_560.rs
src/cwe_checker_lib/src/checkers/cwe_560.rs
+6
-4
cwe_560.c
test/artificial_samples/cwe_560.c
+1
-1
No files found.
src/cwe_checker_lib/src/checkers/cwe_560.rs
View file @
784569d5
...
...
@@ -10,7 +10,7 @@
//! ## How the check works
//!
//! This check looks for umask calls and checks if they have a reasonable value, i.e. smaller than
//! a certain value, currently set to
1000 and greater than a reasonable value for umask, currently set to 100
.
//! a certain value, currently set to
0o777 and greater than a reasonable value for umask, currently set to 0o177
.
//!
//! ## False Positives
//!
...
...
@@ -37,8 +37,8 @@ pub static CWE_MODULE: CweModule = CweModule {
run
:
check_cwe
,
};
pub
static
UPPER_BOUND_CORRECT_UMASK_ARG_VALUE
:
u64
=
100
;
pub
static
UPPER_BOUND_CORRECT_CHMOD_ARG_VALUE
:
u64
=
1000
;
pub
static
UPPER_BOUND_CORRECT_UMASK_ARG_VALUE
:
u64
=
0
o177
;
pub
static
UPPER_BOUND_CORRECT_CHMOD_ARG_VALUE
:
u64
=
0
o777
;
/// Compute the parameter value of umask out of the basic block right before the umask call.
///
...
...
@@ -77,8 +77,10 @@ fn get_umask_permission_arg(
}
/// Is the given argument value considered to be a chmod-style argument?
///
/// Note that `0o777` is not considered a chmod-style argument as it also denotes a usually correct umask argument.
fn
is_chmod_style_arg
(
arg
:
u64
)
->
bool
{
arg
>
UPPER_BOUND_CORRECT_UMASK_ARG_VALUE
&&
arg
<
=
UPPER_BOUND_CORRECT_CHMOD_ARG_VALUE
arg
>
UPPER_BOUND_CORRECT_UMASK_ARG_VALUE
&&
arg
!
=
UPPER_BOUND_CORRECT_CHMOD_ARG_VALUE
}
/// Generate the CWE warning for a detected instance of the CWE.
...
...
test/artificial_samples/cwe_560.c
View file @
784569d5
...
...
@@ -6,7 +6,7 @@
#include <unistd.h>
void
umask_incorrect
(){
umask
(
666
);
umask
(
0
666
);
int
fd
=
open
(
"some_random_file"
,
O_CREAT
|
O_WRONLY
,
0666
);
close
(
fd
);
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment