add support for CERT-API01-C check (#1980)
* add support for CERT-API01-C check * remove extra ident and simplify check
This commit is contained in:
parent
bb52a63c4e
commit
cc63728d6a
|
@ -335,6 +335,25 @@ def str11(data):
|
|||
if valueToken.isNumber and int(valueToken.str)==strlen:
|
||||
reportError(valueToken, 'style', 'Do not specify the bound of a character array initialized with a string literal', 'STR11-C')
|
||||
|
||||
# API01-C
|
||||
# Avoid laying out strings in memory directly before sensitive data
|
||||
def api01(data):
|
||||
for scope in data.scopes:
|
||||
if scope.type!='Struct':
|
||||
continue
|
||||
token = scope.bodyStart
|
||||
arrayFound=False
|
||||
# loop through the complete struct
|
||||
while token != scope.bodyEnd:
|
||||
if token.isName and token.variable:
|
||||
if token.variable.isArray:
|
||||
arrayFound=True
|
||||
elif arrayFound and not token.variable.isArray and not token.variable.isConst:
|
||||
reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C')
|
||||
# reset flags to report other positions in the same struct
|
||||
arrayFound=False
|
||||
token = token.next
|
||||
|
||||
for arg in sys.argv[1:]:
|
||||
if arg == '-verify':
|
||||
VERIFY = True
|
||||
|
@ -367,6 +386,7 @@ for arg in sys.argv[1:]:
|
|||
str11(cfg)
|
||||
msc24(cfg)
|
||||
msc30(cfg)
|
||||
api01(cfg)
|
||||
|
||||
if VERIFY:
|
||||
for expected in VERIFY_EXPECTED:
|
||||
|
|
|
@ -11,6 +11,26 @@ struct PackedStruct {
|
|||
short b;
|
||||
};
|
||||
|
||||
void api01()
|
||||
{
|
||||
const size_t String_Size = 20;
|
||||
struct bad_node_s
|
||||
{
|
||||
char name[String_Size];
|
||||
struct bad_node_s* next; // cert-API01-C
|
||||
}
|
||||
struct good_node_s
|
||||
{
|
||||
struct good_node_s* next;
|
||||
char name[String_Size];
|
||||
}
|
||||
struct also_good_node_s
|
||||
{
|
||||
struct also_good_node_s* next;
|
||||
char *name;
|
||||
}
|
||||
}
|
||||
|
||||
void dostuff(int *data);
|
||||
|
||||
void exp05()
|
||||
|
|
Loading…
Reference in New Issue