security-syntax-checks.m revision 5188507b9a1b09ec95c14ffadf0e832f2b47aa8a 
1// RUN: %clang_cc1 -triple i386-apple-darwin10 -analyze -analyzer-checker=security.experimental.SecuritySyntactic %s -verify
2
3// <rdar://problem/6336718> rule request: floating point used as loop 
4//  condition (FLP30-C, FLP-30-CPP)
5//
6// For reference: https://www.securecoding.cert.org/confluence/display/seccode/FLP30-C.+Do+not+use+floating+point+variables+as+loop+counters
7//
8void test_float_condition() {
9  for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // expected-warning{{Variable 'x' with floating point type 'float'}}
10  for (float x = 100000001.0f; x <= 100000010.0f; x += 1.0f) {} // expected-warning{{Variable 'x' with floating point type 'float'}}
11  for (float x = 100000001.0f; x <= 100000010.0f; x++ ) {} // expected-warning{{Variable 'x' with floating point type 'float'}}
12  for (double x = 100000001.0; x <= 100000010.0; x++ ) {} // expected-warning{{Variable 'x' with floating point type 'double'}}
13  for (double x = 100000001.0; ((x)) <= 100000010.0; ((x))++ ) {} // expected-warning{{Variable 'x' with floating point type 'double'}}
14  
15  for (double x = 100000001.0; 100000010.0 >= x; x = x + 1.0 ) {} // expected-warning{{Variable 'x' with floating point type 'double'}}
16  
17  int i = 0;
18  for (double x = 100000001.0; ((x)) <= 100000010.0; ((x))++, ++i ) {} // expected-warning{{Variable 'x' with floating point type 'double'}}
19  
20  typedef float FooType;
21  for (FooType x = 100000001.0f; x <= 100000010.0f; x++ ) {} // expected-warning{{Variable 'x' with floating point type 'FooType'}}
22}
23
24// <rdar://problem/6335715> rule request: gets() buffer overflow
25// Part of recommendation: 300-BSI (buildsecurityin.us-cert.gov)
26char* gets(char *buf);
27
28void test_gets() {
29  char buff[1024];
30  gets(buff); // expected-warning{{Call to function 'gets' is extremely insecure as it can always result in a buffer overflow}}
31}
32
33int getpw(unsigned int uid, char *buf);
34
35void test_getpw() {
36  char buff[1024];
37  getpw(2, buff); // expected-warning{{The getpw() function is dangerous as it may overflow the provided buffer. It is obsoleted by getpwuid().}}
38}
39
40// <rdar://problem/6337132> CWE-273: Failure to Check Whether Privileges Were
41//  Dropped Successfully
42typedef unsigned int __uint32_t;
43typedef __uint32_t __darwin_uid_t;
44typedef __uint32_t __darwin_gid_t;
45typedef __darwin_uid_t uid_t;
46typedef __darwin_gid_t gid_t;
47int setuid(uid_t);
48int setregid(gid_t, gid_t);
49int setreuid(uid_t, uid_t);
50extern void check(int);
51void abort(void);
52
53void test_setuid() 
54{
55  setuid(2); // expected-warning{{The return value from the call to 'setuid' is not checked.  If an error occurs in 'setuid', the following code may execute with unexpected privileges}}
56  setuid(0); // expected-warning{{The return value from the call to 'setuid' is not checked.  If an error occurs in 'setuid', the following code may execute with unexpected privileges}}
57  if (setuid (2) != 0)
58    abort();
59
60  // Currently the 'setuid' check is not flow-sensitive, and only looks
61  // at whether the function was called in a compound statement.  This
62  // will lead to false negatives, but there should be no false positives.
63  int t = setuid(2);  // no-warning
64  (void)setuid (2); // no-warning
65
66  check(setuid (2)); // no-warning
67
68  setreuid(2,2); // expected-warning{{The return value from the call to 'setreuid' is not checked.  If an error occurs in 'setreuid', the following code may execute with unexpected privileges}}
69  setregid(2,2); // expected-warning{{The return value from the call to 'setregid' is not checked.  If an error occurs in 'setregid', the following code may execute with unexpected privileges}}
70}
71
72// <rdar://problem/6337100> CWE-338: Use of cryptographically weak prng
73int      rand(void);
74double   drand48(void);
75double   erand48(unsigned short[3]);
76long     jrand48(unsigned short[3]);
77void     lcong48(unsigned short[7]);
78long     lrand48(void);
79long     mrand48(void);
80long     nrand48(unsigned short[3]);
81long     random(void);
82int      rand_r(unsigned *);
83
84void test_rand()
85{
86  unsigned short a[7];
87  unsigned b;
88  
89  rand();	// expected-warning{{Function 'rand' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
90  drand48();	// expected-warning{{Function 'drand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
91  erand48(a);	// expected-warning{{Function 'erand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
92  jrand48(a);	// expected-warning{{Function 'jrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
93  lcong48(a);	// expected-warning{{Function 'lcong48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
94  lrand48();	// expected-warning{{Function 'lrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
95  mrand48();	// expected-warning{{Function 'mrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
96  nrand48(a);	// expected-warning{{Function 'nrand48' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
97  rand_r(&b);	// expected-warning{{Function 'rand_r' is obsolete because it implements a poor random number generator.  Use 'arc4random' instead}}
98  random();	// expected-warning{{The 'random' function produces a sequence of values that an adversary may be able to predict.  Use 'arc4random' instead}}
99}
100
101char *mktemp(char *buf);
102
103void test_mktemp() {
104  char *x = mktemp("/tmp/zxcv"); // expected-warning{{Call to function 'mktemp' is insecure as it always creates or uses insecure temporary file}}
105}
106