add support for CERT-API01-C check (#1980)

* add support for CERT-API01-C check

* remove extra ident and simplify check
This commit is contained in:
fuzzelhjb 2019-07-24 10:39:31 +02:00 committed by Daniel Marjamäki
parent bb52a63c4e
commit cc63728d6a
2 changed files with 40 additions and 0 deletions

View File

@ -335,6 +335,25 @@ def str11(data):
if valueToken.isNumber and int(valueToken.str)==strlen:
reportError(valueToken, 'style', 'Do not specify the bound of a character array initialized with a string literal', 'STR11-C')
# API01-C
# Avoid laying out strings in memory directly before sensitive data
def api01(data):
for scope in data.scopes:
if scope.type!='Struct':
continue
token = scope.bodyStart
arrayFound=False
# loop through the complete struct
while token != scope.bodyEnd:
if token.isName and token.variable:
if token.variable.isArray:
arrayFound=True
elif arrayFound and not token.variable.isArray and not token.variable.isConst:
reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C')
# reset flags to report other positions in the same struct
arrayFound=False
token = token.next
for arg in sys.argv[1:]:
if arg == '-verify':
VERIFY = True
@ -367,6 +386,7 @@ for arg in sys.argv[1:]:
str11(cfg)
msc24(cfg)
msc30(cfg)
api01(cfg)
if VERIFY:
for expected in VERIFY_EXPECTED:

View File

@ -11,6 +11,26 @@ struct PackedStruct {
short b;
};
void api01()
{
const size_t String_Size = 20;
struct bad_node_s
{
char name[String_Size];
struct bad_node_s* next; // cert-API01-C
}
struct good_node_s
{
struct good_node_s* next;
char name[String_Size];
}
struct also_good_node_s
{
struct also_good_node_s* next;
char *name;
}
}
void dostuff(int *data);
void exp05()