ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

S3519: Add notes for migration to LaYC

Browse Source 
Adding very useful LaYC migration notes from Balazs.
This commit is contained in:
tomasz-kaminski-sonarsource 2023-08-03 16:51:44 +02:00 committed by GitHub
parent d45bde0019
commit da1e6f4fc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
rules/S3519/cfamily/rule.adoc
View File

@ -64,6 +64,76 @@ Secondary: * Index value for arrays
== Comments And Links
(visible only on this page)
Possible messages of the rule S3519:
* alpha.security.ArrayBoundV2
[source,cpp]
----
void access_exceeds(void) {
int id_sequence[3];
id_sequence[0] = 123;
id_sequence[1] = 234;
id_sequence[2] = 345;
id_sequence[3] = 456; // Noncompliant: accessing out of bounds.
// Out of bound memory access (access exceeds upper limit of memory block)
}
void access_precedes(int x) {
int buf[100];
int *p = buf;
--p;
p[0] = 1; // Out of bound memory access (accessed memory precedes memory block)
}
int getchar(void);
void access_tainted(void) {
int m = getchar();
Buffer[m] = 1; // Out of bound memory access (index is tainted)
}
----
* alpha.security.ReturnPtrRange
[source,cpp]
----
int *test_idx_sym(int i) {
static int arr[10];
if (i != 40)
return arr;
return arr + i; // Returned pointer value points outside the original object
}
----
* alpha.unix.cstring.OutOfBounds
[source,cpp]
----
char* my_calloc(int n) {
char *p = malloc(n);
memset(p, 0, n + /*null terminator*/1); // OOB: off by one
// Memory set function overflows the destination buffer
return p;
}
void memcpy1(void) {
char src[] = {1, 2, 3, 4};
char dst[10];
memcpy(dst, src, 5); // Memory copy function accesses out-of-bound array element
}
----
Typical bugs:
* Off-by-one bugs
Mitigations (extra mile):
* asan
* valgrind
* Use "bounded" alternative functions, such as `strncpy`.
* Compilation flags to harden the binary: FORTIFY_SOURCE, stack-canaries, ASLR
* fuzzing
Clarification question regarding inclusion forthis link in [https://discuss.sonarsource.com/t/layc-2023-languages-team-updates/14242/31?u=tomasz_kaminski[discuss].
Possibly missing CWEs from rspec:
* https://cwe.mitre.org/data/definitions/787.html
* https://cwe.mitre.org/data/definitions/193.html
=== is related to: S5782
endif::env-github,rspecator-view[]