add support for CERT-API01-C check (#1980)
* add support for CERT-API01-C check * remove extra ident and simplify check
This commit is contained in:
parent
bb52a63c4e
commit
cc63728d6a
|
@ -335,6 +335,25 @@ def str11(data):
|
||||||
if valueToken.isNumber and int(valueToken.str)==strlen:
|
if valueToken.isNumber and int(valueToken.str)==strlen:
|
||||||
reportError(valueToken, 'style', 'Do not specify the bound of a character array initialized with a string literal', 'STR11-C')
|
reportError(valueToken, 'style', 'Do not specify the bound of a character array initialized with a string literal', 'STR11-C')
|
||||||
|
|
||||||
|
# API01-C
|
||||||
|
# Avoid laying out strings in memory directly before sensitive data
|
||||||
|
def api01(data):
|
||||||
|
for scope in data.scopes:
|
||||||
|
if scope.type!='Struct':
|
||||||
|
continue
|
||||||
|
token = scope.bodyStart
|
||||||
|
arrayFound=False
|
||||||
|
# loop through the complete struct
|
||||||
|
while token != scope.bodyEnd:
|
||||||
|
if token.isName and token.variable:
|
||||||
|
if token.variable.isArray:
|
||||||
|
arrayFound=True
|
||||||
|
elif arrayFound and not token.variable.isArray and not token.variable.isConst:
|
||||||
|
reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C')
|
||||||
|
# reset flags to report other positions in the same struct
|
||||||
|
arrayFound=False
|
||||||
|
token = token.next
|
||||||
|
|
||||||
for arg in sys.argv[1:]:
|
for arg in sys.argv[1:]:
|
||||||
if arg == '-verify':
|
if arg == '-verify':
|
||||||
VERIFY = True
|
VERIFY = True
|
||||||
|
@ -367,6 +386,7 @@ for arg in sys.argv[1:]:
|
||||||
str11(cfg)
|
str11(cfg)
|
||||||
msc24(cfg)
|
msc24(cfg)
|
||||||
msc30(cfg)
|
msc30(cfg)
|
||||||
|
api01(cfg)
|
||||||
|
|
||||||
if VERIFY:
|
if VERIFY:
|
||||||
for expected in VERIFY_EXPECTED:
|
for expected in VERIFY_EXPECTED:
|
||||||
|
|
|
@ -11,6 +11,26 @@ struct PackedStruct {
|
||||||
short b;
|
short b;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
void api01()
|
||||||
|
{
|
||||||
|
const size_t String_Size = 20;
|
||||||
|
struct bad_node_s
|
||||||
|
{
|
||||||
|
char name[String_Size];
|
||||||
|
struct bad_node_s* next; // cert-API01-C
|
||||||
|
}
|
||||||
|
struct good_node_s
|
||||||
|
{
|
||||||
|
struct good_node_s* next;
|
||||||
|
char name[String_Size];
|
||||||
|
}
|
||||||
|
struct also_good_node_s
|
||||||
|
{
|
||||||
|
struct also_good_node_s* next;
|
||||||
|
char *name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void dostuff(int *data);
|
void dostuff(int *data);
|
||||||
|
|
||||||
void exp05()
|
void exp05()
|
||||||
|
|
Loading…
Reference in New Issue