step 10

ysf · Mar 2, 2022 · 28bee4a · 28bee4a · github-actions · Mar 2, 2022
1 parent 58d2045
commit 28bee4a
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/10_taint_tracking.ql b/10_taint_tracking.ql
@@ -1 +1,31 @@
+/**
+ * @kind path-problem
+ */
 
+import cpp
+import semmle.code.cpp.dataflow.TaintTracking
+import DataFlow::PathGraph
+class NetworkByteSwap extends Expr {
+    NetworkByteSwap () {
+      exists(MacroInvocation mi |
+            mi.getExpr() = this and
+            mi.getMacroName() in ["ntohll", "ntohs", "ntohl"]    
+      )
+    }
+  }
+class Config extends TaintTracking::Configuration {
+  Config() { this = "NetworkToMemFuncLength" }
+
+  override predicate isSource(DataFlow::Node source) {
+    source.asExpr() instanceof NetworkByteSwap
+  }
+  override predicate isSink(DataFlow::Node sink) {
+      exists(Function f |
+        f.hasName("memcpy")
+    )    
+  }
+}
+
+from Config cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+where cfg.hasFlowPath(source, sink)
+select sink, source, sink, "Network byte swap flows to memcpy"