cleanup: replace banned.h with semgrep

.github/workflows/insecure-api.yaml

@@ -0,0 +1,26 @@
+name: Insecure API check
+on:
+  pull_request:
+    branches:
+      - master
+      - 'release/**'
+      - 'maintainers/**'
+
+jobs:
+  insecure-api:
+    name: check-insecure-api
+    runs-on: ubuntu-latest
+    container:
+      image: returntocorp/semgrep:1.41.0@sha256:85956fbe795a0e8a3825d5252f175887c0e0c6ce7a766a07062c0fb68415cd67
+    steps:
+      - name: Checkout Falco ⤵️
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
+        with:
+          fetch-depth: 0
+      - name: Scan PR for insecure API usage 🕵️
+        run: |
+          semgrep scan \
+            --error \
+            --metrics=off \
+            --baseline-commit ${{ github.event.pull_request.base.sha }} \
+            --config=./semgrep

semgrep/insecure-api-gets.yaml

@@ -0,0 +1,44 @@
+# MIT License
+#
+# Copyright (c) 2022 raptor
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+rules:
+  - id: raptor-insecure-api-gets
+    metadata:
+      author: Marco Ivaldi <raptor@0xdeadbeef.info>
+      references:
+        - https://cwe.mitre.org/data/definitions/242
+        - https://cwe.mitre.org/data/definitions/120
+      confidence: HIGH
+    message: >-
+      The program calls a function that can never be guaranteed to work
+      safely.
+      Certain functions behave in dangerous ways regardless of how they are
+      used. Functions in this category were often implemented without
+      taking security concerns into account. The gets() function is unsafe
+      because it does not perform bounds checking on the size of its input.
+      An attacker can easily send arbitrarily-sized input to gets() and
+      overflow the destination buffer.
+    severity: ERROR
+    languages:
+      - c
+      - cpp
+    pattern: gets(...)

semgrep/insecure-api-sprintf-vsprintf.yaml

@@ -0,0 +1,57 @@
+# MIT License
+#
+# Copyright (c) 2022 raptor
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+rules:
+  - id: raptor-insecure-api-sprintf-vsprintf
+    metadata:
+      author: Marco Ivaldi <raptor@0xdeadbeef.info>
+      references:
+        - https://cwe.mitre.org/data/definitions/676
+        - https://cwe.mitre.org/data/definitions/120
+        - https://cwe.mitre.org/data/definitions/787
+        - https://g.co/kgs/PCHQjJ
+      confidence: HIGH
+    message: >-
+      The program invokes a potentially dangerous function that could
+      introduce a vulnerability if it is used incorrectly, but the function
+      can also be used safely.
+      A buffer overflow condition exists when a program attempts to put
+      more data in a buffer than it can hold, or when a program attempts to
+      put data in a memory area outside of the boundaries of a buffer. The
+      simplest type of error, and the most common cause of buffer
+      overflows, is the classic case in which the program copies the buffer
+      without restricting how much is copied. Other variants exist, but the
+      existence of a classic overflow strongly suggests that the programmer
+      is not considering even the most basic of security protections.
+    severity: ERROR
+    languages:
+      - c
+      - cpp
+    patterns:
+      - pattern-either:
+        - pattern: sprintf($BUF, $FMT, ...)
+        - pattern: vsprintf($BUF, $FMT, ...)
+        # swprintf() and vswprintf() should have a size parameter
+      - metavariable-regex:
+          metavariable: $FMT
+          # NOTE: some format string modifiers are not handled
+          regex: '(".*%l?s.*"|".*%S.*"|[a-zA-Z_][a-zA-Z0-9_]*)'

semgrep/insecure-api-strcpy-stpcpy-strcat.yaml

@@ -0,0 +1,59 @@
+# MIT License
+#
+# Copyright (c) 2022 raptor
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+rules:
+  - id: raptor-insecure-api-strcpy-stpcpy-strcat
+    metadata:
+      author: Marco Ivaldi <raptor@0xdeadbeef.info>
+      references:
+        - https://cwe.mitre.org/data/definitions/676
+        - https://cwe.mitre.org/data/definitions/120
+        - https://cwe.mitre.org/data/definitions/787
+        - https://g.co/kgs/PCHQjJ
+      confidence: HIGH
+    message: >-
+      The program invokes a potentially dangerous function that could
+      introduce a vulnerability if it is used incorrectly, but the function
+      can also be used safely.
+      A buffer overflow condition exists when a program attempts to put
+      more data in a buffer than it can hold, or when a program attempts to
+      put data in a memory area outside of the boundaries of a buffer. The
+      simplest type of error, and the most common cause of buffer
+      overflows, is the classic case in which the program copies the buffer
+      without restricting how much is copied. Other variants exist, but the
+      existence of a classic overflow strongly suggests that the programmer
+      is not considering even the most basic of security protections.
+
+      In the Falco codebase you can use the safer alternative strlcpy().
+    severity: ERROR
+    languages:
+      - c
+      - cpp
+    patterns:
+      - pattern-either:
+        - pattern: strcpy(...)
+        - pattern: stpcpy(...)
+        - pattern: strcat(...)
+        - pattern: wcscpy(...)
+        - pattern: wcpcpy(...)
+        - pattern: wcscat(...)
+      - pattern-not: $FUN($BUF, "...", ...)

semgrep/insecure-api-strn.yaml

@@ -0,0 +1,18 @@
+rules:
+  - id: falco-insecure-api-strn
+    metadata:
+      references:
+        - https://cwe.mitre.org/data/definitions/120
+      confidence: HIGH
+    message: >-
+      The libc function strncpy and strncat are not used in the Falco codebase as they are error prone.
+      Read more: https://www.cisa.gov/uscert/bsi/articles/knowledge/coding-practices/strncpy-and-strncat .
+      In the Falco codebase you can use the safer alternatives strlcpy() and strlcat().
+    severity: ERROR
+    languages:
+      - c
+      - cpp
+    patterns:
+      - pattern-either:
+        - pattern: strncpy(...)
+        - pattern: strncat(...)

userspace/engine/evttype_index_ruleset.cpp

@@ -16,7 +16,6 @@ limitations under the License.
 */
 
 #include "evttype_index_ruleset.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 #include <algorithm>
 

userspace/engine/falco_engine.cpp

@@ -44,7 +44,6 @@ limitations under the License.
 #include "formats.h"
 
 #include "utils.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 #include "evttype_index_ruleset.h"
 
 const std::string falco_engine::s_default_ruleset = "falco-default-ruleset";

userspace/engine/falco_utils.cpp

@@ -22,7 +22,6 @@ limitations under the License.
 
 #include "falco_utils.h"
 #include "utils.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 #include <re2/re2.h>
 

userspace/engine/formats.cpp

@@ -19,7 +19,6 @@ limitations under the License.
 
 #include "formats.h"
 #include "falco_engine.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 falco_formats::falco_formats(std::shared_ptr<const falco_engine> engine,
 			     bool json_include_output_property,

userspace/engine/json_evt.cpp

@@ -22,7 +22,6 @@ limitations under the License.
 
 #include "falco_common.h"
 #include "json_evt.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 using json = nlohmann::json;
 using namespace std;

userspace/falco/configuration.cpp

@@ -30,7 +30,6 @@ limitations under the License.
 
 #include "configuration.h"
 #include "logger.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 falco_configuration::falco_configuration():
 	m_json_output(false),

userspace/falco/event_drops.cpp

@@ -17,7 +17,6 @@ limitations under the License.
 
 #include "event_drops.h"
 #include "falco_common.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 syscall_evt_drop_mgr::syscall_evt_drop_mgr():
 	m_num_syscall_evt_drops(0),

userspace/falco/falco.cpp

@@ -22,7 +22,6 @@ limitations under the License.
 
 #include "app/app.h"
 #include "logger.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 static void display_fatal_err(const std::string &&msg)
 {

userspace/falco/falco_outputs.cpp

@@ -35,8 +35,6 @@ limitations under the License.
 #include "outputs_grpc.h"
 #endif
 
-#include "banned.h" // This raises a compilation error when certain functions are used
-
 static const char* s_internal_source = "internal";
 
 falco_outputs::falco_outputs(

userspace/falco/grpc_context.cpp

@@ -18,7 +18,6 @@ limitations under the License.
 #include <sstream>
 
 #include "grpc_context.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 falco::grpc::context::context(::grpc::ServerContext* ctx):
 	m_ctx(ctx)

userspace/falco/grpc_server.cpp

@@ -25,7 +25,6 @@ limitations under the License.
 #include "grpc_server.h"
 #include "grpc_request_context.h"
 #include "falco_utils.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 #define REGISTER_STREAM(req, res, svc, rpc, impl, num)                          \
 	std::vector<request_stream_context<svc, req, res>> rpc##_contexts(num); \

userspace/falco/grpc_server_impl.cpp

@@ -21,7 +21,6 @@ limitations under the License.
 #include "grpc_server_impl.h"
 #include "grpc_queue.h"
 #include "logger.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 bool falco::grpc::server_impl::is_running()
 {

userspace/falco/logger.cpp

@@ -19,7 +19,6 @@ limitations under the License.
 #include "logger.h"
 
 #include "falco_common.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 int falco_logger::level = LOG_INFO;
 bool falco_logger::time_format_iso_8601 = false;

userspace/falco/outputs_file.cpp

@@ -18,7 +18,6 @@ limitations under the License.
 #include "outputs_file.h"
 #include <iostream>
 #include <fstream>
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 void falco::outputs::output_file::open_file()
 {

userspace/falco/outputs_grpc.cpp

@@ -20,7 +20,6 @@ limitations under the License.
 #include "grpc_queue.h"
 #include "falco_common.h"
 #include "formats.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 #if __has_attribute(deprecated)
 #define DISABLE_WARNING_PUSH                        _Pragma("GCC diagnostic push")

userspace/falco/outputs_http.cpp

@@ -17,7 +17,6 @@ limitations under the License.
 
 #include "outputs_http.h"
 #include "logger.h"
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 #define CHECK_RES(fn) res = res == CURLE_OK ? fn : res
 

userspace/falco/outputs_program.cpp

@@ -17,7 +17,6 @@ limitations under the License.
 
 #include "outputs_program.h"
 #include <stdio.h>
-#include "banned.h" // This raises a compilation error when certain functions are used
 
 void falco::outputs::output_program::open_pfile()
 {