def findStrcpy(fileinput, filename): program = fileinput functionList, functionBodyList = cfg.find_functions(filename) firstFunc = functionBodyList[0].get_whereFunctionStarts() glvar = findGlobal(fileinput, firstFunc) lineStart = 0 lineStrcpy = 0 programLine = "" warnings = [] for i in functionList: if i.get_functionName() == "strcpy": lineStrcpy = i.get_functionLine() for j in functionBodyList: if j.get_whereFunctionStarts() < i.get_whereFunctionStarts(): lineStart = j.get_functionLine() program.seek(0) for i in range(lineStrcpy - 1): program.readline() programLine = program.readline() start1, end1 = re.search( r"\bstrcpy\([0-9a-zA-Z_]*,\"*[0-9a-zA-Z_]*\"*\)", programLine).span() arguement = programLine[start1 + 7:end1 - 1] argv1 = arguement[:arguement.index(",")] argv2 = arguement[arguement.index(",") + 1:] program.seek(0) a = findTheSize(program, argv1, glvar, lineStart, lineStrcpy) if a != "not define the %s in line %d, it is not safe" % ( argv1, lineStrcpy): sizeOfargv1 = a else: warnings.append(a) if "\"" in argv2: sizeOfargv2 = len(argv2) - 2 else: b = findTheSize(program, argv2, glvar, lineStart, lineStrcpy) if b != "not define the %s in line %d, it is not safe" % ( argv2, lineStrcpy): sizeOfargv2 = b if sizeOfargv1 >= sizeOfargv2: warnings.append("The strcpy is safe in line %d!" % (lineStrcpy)) else: warnings.append( "Line %d" % (lineStrcpy) + programLine + "\n" + "This strcpy in line %d is not safe! The size of argv2 is bigger than argv1!" % (lineStrcpy)) else: warnings.append(b) return warnings
def findStrncpy(fileinput, filename): program = fileinput program.seek(0) functionList, functionBodyList = cfg.find_functions(filename) lineStart = 0 lineStrncpy = 0 programLine = "" warnings = [] flag = 1 for i in functionList: if i.get_functionName() == "strncpy": flag = 0 lineStrncpy = i.get_functionLine() for j in functionBodyList: if j.get_whereFunctionStarts() < i.get_whereFunctionStarts(): lineStart = j.get_functionLine() for i in range(lineStrncpy - 1): programLine = program.readline() programLine = program.readline() start, end = re.search( r"strncpy\([0-9a-zA-Z_]*,\"*[0-9a-zA-Z_]*\"*,\d+\)", programLine).span() arguement = programLine[start + 8:end - 1] argv1 = arguement[:arguement.index(",")] argv2Andargv3 = arguement[arguement.index(",") + 1:] argv2 = argv2Andargv3[:argv2Andargv3.index(",")] argv3 = argv2Andargv3[argv2Andargv3.index(",") + 1:] program.seek(0) a = findTheSize(program, argv1, lineStart, lineStrncpy) if a != "not define the %s in line %d, it is not safe" % ( argv1, lineStrncpy): sizeOfargv1 = a sizeOfargv3 = int(argv3) if sizeOfargv1 >= sizeOfargv3: warnings.append("The strncpy is safe in line %d!" % (lineStrncpy)) else: warnings.append( "line %d:" % (lineStrncpy) + programLine + "\n" + "This strncpy in line %d is not safe! The size of argv2 is bigger than argv1!" % (lineStrncpy)) else: warnings.append(a) if flag: warnings.append("No strncpy") return warnings
def findTheSensitive(fileInput, filename): program = fileInput functionList, functionBodyList = cfg.find_functions(filename) warningsfun = [] warnings = [] for i in functionList: if i.get_functionName() in sensitiveFunctions: warningsfun.append((i.get_functionName(), i.get_functionLine())) if len(warningsfun) != 0: for i in warningsfun: warnings.append("%s may be dangerous in line %d" % (i[0], i[1])) else: warnings.append("no other sensitive function") return warnings
def findMemcpy(fileinput, filename): program = fileinput functionList, functionBodyList = cfg.find_functions(filename) lineStart = 0 lineMemcpy = 0 programLine = "" warnings = [] for i in functionList: if i.get_functionName() == "memcpy": flag = 0 lineMemcpy = i.get_functionLine() for j in functionBodyList: if j.get_whereFunctionStarts() < i.get_whereFunctionStarts(): lineStart = j.get_functionLine() for i in range(lineMemcpy - 1): program.readline() programLine = program.readline() start, end = re.search( r"\bmemcpy\([0-9a-zA-Z_]*,\"*[0-9a-zA-Z_]*\"*,\w+\)", programLine).span() arguement = programLine[start + 7:end - 1] argv1 = arguement[:arguement.index(",")] argv2Andargv3 = arguement[arguement.index(",") + 1:] argv2 = argv2Andargv3[:argv2Andargv3.index(",")] argv3 = argv2Andargv3[argv2Andargv3.index(",") + 1:] filepath = "sample\\" + filename command = "java -jar codersensor\\CodeSensor.jar " + filepath + " >midFile\\signDetect.txt" os.system(command) variables = integerOverflowDetect.analyseCodersensor( "signDetect.txt")[1] for i in variables: if i.get_name() == argv3: if "unsigned" in i.get_type(): pass else: warnings.append("Line %d" % (lineMemcpy) + programLine + "\n" + "In line %d the memcpy is not safe!" % lineMemcpy) return warnings
def findPrintf(fileinput, filename): program = fileinput functionList, functionBodyList = cfg.find_functions(filename) lineStart = 0 linePrintf = 0 argvindex = 0 programLine = "" flag = 1 warnings = [] for i in functionList: program.seek(0) argvindex = 0 isSafe = True if i.get_functionName() == "printf": flag = 0 linePrintf = i.get_functionLine() for j in functionBodyList: if j.get_whereFunctionStarts() < i.get_whereFunctionStarts(): lineStart = j.get_functionLine() for i in range(linePrintf - 1): k = program.readline() programLine = program.readline() for i in range(len(programLine)): if programLine[i] == '"': start = i break for i in range(len(programLine)): if programLine[i] == '"': end = i formatString = programLine[start + 1:end] for i in range(end, len(programLine)): if programLine[i] == ')': endOfFunction = i whatLeft = programLine[end + 1:endOfFunction] args = whatLeft.split(",") del args[0] i = 0 for i in range(len(formatString)): k = formatString[i] if formatString[i] == '%' and formatString[i - 1] != "\\": if formatString[i + 1] == 'd' or ( formatString[i + 1].isdigit() and formatString[i + 2] == 'd'): if argvindex >= len(args): warnings.append( "Not safe, the number of args of printf in line %d is not matched!" % linePrintf) isSafe = False else: if matchType(fileinput, args[argvindex].strip(), lineStart, linePrintf) == "int": argvindex = argvindex + 1 continue elif matchType( fileinput, args[argvindex].strip(), lineStart, linePrintf ) == "not define the %s in line %d, it is not safe" % ( args[argvindex].strip(), end): warnings.append( "not define the %s in line %d, it is not safe" % (args[argvindex].strip(), end)) isSafe = False else: warnings.append( "The argv does not match the type in line %d, it should be an int argv" % (linePrintf)) isSafe = False argvindex = argvindex + 1 elif formatString[i + 1] == 's': if argvindex >= len(args): warnings.append( "Not safe, the number of args of printf in line %d is not matched!" % linePrintf) isSafe = False else: if matchType(fileinput, args[argvindex].strip(), lineStart, linePrintf) == "chs": argvindex = argvindex + 1 continue elif matchType( fileinput, args[argvindex].strip(), lineStart, linePrintf ) == "not define the %s in line %d, it is not safe" % ( args[argvindex].strip(), end): warnings.append( "not define the %s in line %d, it is not safe" % (args[argvindex].strip(), end)) isSafe = False else: warnings.append( "The argv does not match the type in line %d, it should be an char* argv" % (linePrintf)) isSafe = False argvindex = argvindex + 1 elif formatString[i + 1] == 'c': if argvindex >= len(args): warnings.append( "Not safe, the number of args of printf in line %d is not matched!" % linePrintf) isSafe = False else: if matchType(fileinput, args[argvindex].strip(), lineStart, linePrintf) == "cha": argvindex = argvindex + 1 continue elif matchType( fileinput, args[argvindex].strip(), lineStart, linePrintf ) == "not define the %s in line %d, it is not safe" % ( args[argvindex].strip(), end): warnings.append( "not define the %s in line %d, it is not safe" % (args[argvindex].strip(), end)) isSafe = False else: warnings.append( "The argv does not match the type in line %d, it should be an char argv" % (linePrintf)) isSafe = False argvindex = argvindex + 1 if isSafe: warnings.append("The printf in line %d is safe, don't worry!" % (linePrintf)) if flag: warnings.append("No printf") return warnings