Skip to content

C
cwe_checker
Unverified Commit 31d8a219 by Melvin Klimke Committed by GitHub
Options

switched from readelf to objdump in cwe_215.ml and cconv.ml. (#51)

parent f2aa97ea
Showing with 12 additions and 8 deletions
src/checkers/cwe_215.ml
...@@ -23,7 +23,7 @@ let version = "0.1" ...@@ -23,7 +23,7 @@ let version = "0.1"
let check_cwe _ project _ _ _ = let check_cwe _ project _ _ _ =
match Project.get project filename with match Project.get project filename with
| Some fname -> begin | Some fname -> begin
let cmd = Format.sprintf "readelf --debug-dump=decodedline %s | grep CU" fname in let cmd = Format.sprintf "objdump --dwarf=decodedline %s | grep CU" fname in
try try
let in_chan = Unix.open_process_in cmd in let in_chan = Unix.open_process_in cmd in
In_channel.input_lines in_chan |> List.iter ~f:(fun l -> In_channel.input_lines in_chan |> List.iter ~f:(fun l ->
......
src/utils/cconv.ml
...@@ -94,7 +94,7 @@ let is_return_register (var: Var.t) (project: Project.t) : Bool.t = ...@@ -94,7 +94,7 @@ let is_return_register (var: Var.t) (project: Project.t) : Bool.t =
Option.is_some (List.find ret_register ~f:(String.equal (Var.name var))) Option.is_some (List.find ret_register ~f:(String.equal (Var.name var)))
(** Parse a line from the dyn-syms output table of readelf. Return the name of a symbol if the symbol is an extern function name. *) (** Parse a line from the dyn-syms output table of readelf. Return the name of a symbol if the symbol is an extern function name. *)
let parse_dyn_sym_line line = let parse_dyn_sym_line (line : string) : string option =
let line = ref (String.strip line) in let line = ref (String.strip line) in
let str_list = ref [] in let str_list = ref [] in
while Option.is_some (String.rsplit2 !line ~on:' ') do while Option.is_some (String.rsplit2 !line ~on:' ') do
...@@ -104,10 +104,14 @@ let parse_dyn_sym_line line = ...@@ -104,10 +104,14 @@ let parse_dyn_sym_line line =
done; done;
str_list := !line :: !str_list; str_list := !line :: !str_list;
match !str_list with match !str_list with
| _ :: value :: _ :: "FUNC" :: _ :: _ :: _ :: name :: _ -> begin | value :: func1 :: func2 :: _ -> begin
match ( String.strip ~drop:(fun x -> x = '0') value, String.lsplit2 name ~on:'@') with match ( String.strip ~drop:(fun x -> x = '0') value ) with
| ("", Some(left, _)) -> Some(left) | "" -> begin
| ("", None) -> Some(name) if (String.equal func1 "DF" || String.equal func2 "DF") then (
List.last !str_list
)
else None
end
| _ -> None (* The symbol has a nonzero value, so we assume that it is not an extern function symbol. *) | _ -> None (* The symbol has a nonzero value, so we assume that it is not an extern function symbol. *)
end end
| _ -> None | _ -> None
...@@ -119,13 +123,13 @@ let parse_dyn_syms project = ...@@ -119,13 +123,13 @@ let parse_dyn_syms project =
match Project.get project filename with match Project.get project filename with
| None -> failwith "[CWE-checker] Project has no file name." | None -> failwith "[CWE-checker] Project has no file name."
| Some(fname) -> begin | Some(fname) -> begin
let cmd = Format.sprintf "readelf --dyn-syms %s" fname in let cmd = Format.sprintf "objdump --dynamic-syms %s" fname in
try try
let in_chan = Unix.open_process_in cmd in let in_chan = Unix.open_process_in cmd in
let lines = In_channel.input_lines in_chan in let lines = In_channel.input_lines in_chan in
let () = In_channel.close in_chan in begin let () = In_channel.close in_chan in begin
match lines with match lines with
| _ :: _ :: _ :: tail -> (* The first three lines are not part of the table *) | _ :: _ :: _ :: _ :: tail -> (* The first four lines are not part of the table *)
let symbol_set = String.Set.of_list (List.filter_map tail ~f:parse_dyn_sym_line) in let symbol_set = String.Set.of_list (List.filter_map tail ~f:parse_dyn_sym_line) in
dyn_syms := Some(symbol_set); dyn_syms := Some(symbol_set);
symbol_set symbol_set
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment