def findStrcpy(fileinput, filename):
program = fileinput
functionList, functionBodyList = cfg.find_functions(filename)
firstFunc = functionBodyList[0].get_whereFunctionStarts()
glvar = findGlobal(fileinput, firstFunc)
lineStart = 0
lineStrcpy = 0
programLine = ""
warnings = []
for i in functionList:
if i.get_functionName() == "strcpy":
lineStrcpy = i.get_functionLine()
for j in functionBodyList:
if j.get_whereFunctionStarts() < i.get_whereFunctionStarts():
lineStart = j.get_functionLine()
program.seek(0)
for i in range(lineStrcpy - 1):
program.readline()
programLine = program.readline()
start1, end1 = re.search(
r"\bstrcpy\([0-9a-zA-Z_]*,\"*[0-9a-zA-Z_]*\"*\)",
programLine).span()
arguement = programLine[start1 + 7:end1 - 1]
argv1 = arguement[:arguement.index(",")]
argv2 = arguement[arguement.index(",") + 1:]
program.seek(0)
a = findTheSize(program, argv1, glvar, lineStart, lineStrcpy)
if a != "not define the %s in line %d, it is not safe" % (
argv1, lineStrcpy):
sizeOfargv1 = a
else:
warnings.append(a)
if "\"" in argv2:
sizeOfargv2 = len(argv2) - 2
else:
b = findTheSize(program, argv2, glvar, lineStart, lineStrcpy)
if b != "not define the %s in line %d, it is not safe" % (
argv2, lineStrcpy):
sizeOfargv2 = b
if sizeOfargv1 >= sizeOfargv2:
warnings.append("The strcpy is safe in line %d!" %
(lineStrcpy))
else:
warnings.append(
"Line %d" % (lineStrcpy) + programLine + "\n" +
"This strcpy in line %d is not safe! The size of argv2 is bigger than argv1!"
% (lineStrcpy))
else:
warnings.append(b)
return warnings
def findStrncpy(fileinput, filename):
program = fileinput
program.seek(0)
functionList, functionBodyList = cfg.find_functions(filename)
lineStart = 0
lineStrncpy = 0
programLine = ""
warnings = []
flag = 1
for i in functionList:
if i.get_functionName() == "strncpy":
flag = 0
lineStrncpy = i.get_functionLine()
for j in functionBodyList:
if j.get_whereFunctionStarts() < i.get_whereFunctionStarts():
lineStart = j.get_functionLine()
for i in range(lineStrncpy - 1):
programLine = program.readline()
programLine = program.readline()
start, end = re.search(
r"strncpy\([0-9a-zA-Z_]*,\"*[0-9a-zA-Z_]*\"*,\d+\)",
programLine).span()
arguement = programLine[start + 8:end - 1]
argv1 = arguement[:arguement.index(",")]
argv2Andargv3 = arguement[arguement.index(",") + 1:]
argv2 = argv2Andargv3[:argv2Andargv3.index(",")]
argv3 = argv2Andargv3[argv2Andargv3.index(",") + 1:]
program.seek(0)
a = findTheSize(program, argv1, lineStart, lineStrncpy)
if a != "not define the %s in line %d, it is not safe" % (
argv1, lineStrncpy):
sizeOfargv1 = a
sizeOfargv3 = int(argv3)
if sizeOfargv1 >= sizeOfargv3:
warnings.append("The strncpy is safe in line %d!" %
(lineStrncpy))
else:
warnings.append(
"line %d:" % (lineStrncpy) + programLine + "\n" +
"This strncpy in line %d is not safe! The size of argv2 is bigger than argv1!"
% (lineStrncpy))
else:
warnings.append(a)
if flag:
warnings.append("No strncpy")
return warnings
def findTheSensitive(fileInput, filename):
program = fileInput
functionList, functionBodyList = cfg.find_functions(filename)
warningsfun = []
warnings = []
for i in functionList:
if i.get_functionName() in sensitiveFunctions:
warningsfun.append((i.get_functionName(), i.get_functionLine()))
if len(warningsfun) != 0:
for i in warningsfun:
warnings.append("%s may be dangerous in line %d" % (i[0], i[1]))
else:
warnings.append("no other sensitive function")
return warnings
def findMemcpy(fileinput, filename):
program = fileinput
functionList, functionBodyList = cfg.find_functions(filename)
lineStart = 0
lineMemcpy = 0
programLine = ""
warnings = []
for i in functionList:
if i.get_functionName() == "memcpy":
flag = 0
lineMemcpy = i.get_functionLine()
for j in functionBodyList:
if j.get_whereFunctionStarts() < i.get_whereFunctionStarts():
lineStart = j.get_functionLine()
for i in range(lineMemcpy - 1):
program.readline()
programLine = program.readline()
start, end = re.search(
r"\bmemcpy\([0-9a-zA-Z_]*,\"*[0-9a-zA-Z_]*\"*,\w+\)",
programLine).span()
arguement = programLine[start + 7:end - 1]
argv1 = arguement[:arguement.index(",")]
argv2Andargv3 = arguement[arguement.index(",") + 1:]
argv2 = argv2Andargv3[:argv2Andargv3.index(",")]
argv3 = argv2Andargv3[argv2Andargv3.index(",") + 1:]
filepath = "sample\\" + filename
command = "java -jar codersensor\\CodeSensor.jar " + filepath + " >midFile\\signDetect.txt"
os.system(command)
variables = integerOverflowDetect.analyseCodersensor(
"signDetect.txt")[1]
for i in variables:
if i.get_name() == argv3:
if "unsigned" in i.get_type():
pass
else:
warnings.append("Line %d" % (lineMemcpy) +
programLine + "\n" +
"In line %d the memcpy is not safe!" %
lineMemcpy)
return warnings
def findPrintf(fileinput, filename):
program = fileinput
functionList, functionBodyList = cfg.find_functions(filename)
lineStart = 0
linePrintf = 0
argvindex = 0
programLine = ""
flag = 1
warnings = []
for i in functionList:
program.seek(0)
argvindex = 0
isSafe = True
if i.get_functionName() == "printf":
flag = 0
linePrintf = i.get_functionLine()
for j in functionBodyList:
if j.get_whereFunctionStarts() < i.get_whereFunctionStarts():
lineStart = j.get_functionLine()
for i in range(linePrintf - 1):
k = program.readline()
programLine = program.readline()
for i in range(len(programLine)):
if programLine[i] == '"':
start = i
break
for i in range(len(programLine)):
if programLine[i] == '"':
end = i
formatString = programLine[start + 1:end]
for i in range(end, len(programLine)):
if programLine[i] == ')':
endOfFunction = i
whatLeft = programLine[end + 1:endOfFunction]
args = whatLeft.split(",")
del args[0]
i = 0
for i in range(len(formatString)):
k = formatString[i]
if formatString[i] == '%' and formatString[i - 1] != "\\":
if formatString[i + 1] == 'd' or (
formatString[i + 1].isdigit()
and formatString[i + 2] == 'd'):
if argvindex >= len(args):
warnings.append(
"Not safe, the number of args of printf in line %d is not matched!"
% linePrintf)
isSafe = False
else:
if matchType(fileinput, args[argvindex].strip(),
lineStart, linePrintf) == "int":
argvindex = argvindex + 1
continue
elif matchType(
fileinput, args[argvindex].strip(),
lineStart, linePrintf
) == "not define the %s in line %d, it is not safe" % (
args[argvindex].strip(), end):
warnings.append(
"not define the %s in line %d, it is not safe"
% (args[argvindex].strip(), end))
isSafe = False
else:
warnings.append(
"The argv does not match the type in line %d, it should be an int argv"
% (linePrintf))
isSafe = False
argvindex = argvindex + 1
elif formatString[i + 1] == 's':
if argvindex >= len(args):
warnings.append(
"Not safe, the number of args of printf in line %d is not matched!"
% linePrintf)
isSafe = False
else:
if matchType(fileinput, args[argvindex].strip(),
lineStart, linePrintf) == "chs":
argvindex = argvindex + 1
continue
elif matchType(
fileinput, args[argvindex].strip(),
lineStart, linePrintf
) == "not define the %s in line %d, it is not safe" % (
args[argvindex].strip(), end):
warnings.append(
"not define the %s in line %d, it is not safe"
% (args[argvindex].strip(), end))
isSafe = False
else:
warnings.append(
"The argv does not match the type in line %d, it should be an char* argv"
% (linePrintf))
isSafe = False
argvindex = argvindex + 1
elif formatString[i + 1] == 'c':
if argvindex >= len(args):
warnings.append(
"Not safe, the number of args of printf in line %d is not matched!"
% linePrintf)
isSafe = False
else:
if matchType(fileinput, args[argvindex].strip(),
lineStart, linePrintf) == "cha":
argvindex = argvindex + 1
continue
elif matchType(
fileinput, args[argvindex].strip(),
lineStart, linePrintf
) == "not define the %s in line %d, it is not safe" % (
args[argvindex].strip(), end):
warnings.append(
"not define the %s in line %d, it is not safe"
% (args[argvindex].strip(), end))
isSafe = False
else:
warnings.append(
"The argv does not match the type in line %d, it should be an char argv"
% (linePrintf))
isSafe = False
argvindex = argvindex + 1
if isSafe:
warnings.append("The printf in line %d is safe, don't worry!" %
(linePrintf))
if flag:
warnings.append("No printf")
return warnings