Skip to content

Step 10 #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Step 10 #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
593aa7a
Step.4
cradiator Mar 11, 2022
e11940e
step.5
cradiator Mar 11, 2022
7ba5c7f
step-6
cradiator Mar 11, 2022
6ff6d76
step-7
cradiator Mar 11, 2022
db26abc
Step-8
cradiator Mar 12, 2022
3108ad2
Step-9
cradiator Mar 12, 2022
3963a18
step-10
cradiator Mar 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions 10_taint_tracking.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,36 @@
/**
* @kind path-problem
*/

import cpp
import semmle.code.cpp.dataflow.TaintTracking
import DataFlow::PathGraph

class NetworkByteSwap extends Expr {
NetworkByteSwap() {
exists(MacroInvocation invocation |
invocation.getMacroName() in ["ntohs", "ntohl", "ntohll"] and
invocation.getExpr() = this
)
}
}

class Config extends TaintTracking::Configuration {
Config() {this = "NetworkToMemFuncLength"}

override predicate isSource(DataFlow::Node source) {
source.asExpr() instanceof NetworkByteSwap
}

override predicate isSink(DataFlow::Node sink) {
exists(FunctionCall call |
call.getTarget().getName() = "memcpy" and
call.getArgument(2) = sink.asExpr()
)
}
}

from Config cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where cfg.hasFlowPath(source, sink)
select sink, source, sink, "Network byte swap flows to memcpy"

4 changes: 4 additions & 0 deletions 4_memcpy_definitions.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
import cpp

from Function func
where func.getName() = "memcpy"
select func
5 changes: 4 additions & 1 deletion 5_macro_definitions.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
import cpp


from Macro macro
where macro.getName() in ["ntohs", "ntohl", "ntohll"]
select macro
4 changes: 4 additions & 0 deletions 6_memcpy_calls.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
import cpp

from FunctionCall call
where call.getTarget().getName() = "memcpy"
select call
4 changes: 4 additions & 0 deletions 7_macro_invocations.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,5 @@
import cpp

from MacroInvocation invocation
where invocation.getMacroName() in ["ntohs", "ntohl", "ntohll"]
select invocation
5 changes: 5 additions & 0 deletions 8_macro_expressions.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,6 @@

import cpp

from MacroInvocation invocation
where invocation.getMacroName() in ["ntohs", "ntohl", "ntohll"]
select invocation.getExpr()
11 changes: 11 additions & 0 deletions 9_class_network_byteswap.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,12 @@
import cpp

class NetworkByteSwap extends Expr {
NetworkByteSwap() {
exists(MacroInvocation invocation |
invocation.getMacroName() in ["ntohs", "ntohl", "ntohll"] and
invocation.getExpr() = this
)
}
}

from NetworkByteSwap n select n