security-syntax-checks.m revision bd842e3f5b83f4fb962c1a421df18aaa919be5ca
1// RUN: clang-cc -triple i386-apple-darwin10 -analyze -warn-security-syntactic %s -verify 2 3// <rdar://problem/6336718> rule request: floating point used as loop 4// condition (FLP30-C, FLP-30-CPP) 5// 6// For reference: https://www.securecoding.cert.org/confluence/display/seccode/FLP30-C.+Do+not+use+floating+point+variables+as+loop+counters 7// 8void test_float_condition() { 9 for (float x = 0.1f; x <= 1.0f; x += 0.1f) {} // expected-warning{{Variable 'x' with floating point type 'float'}} 10 for (float x = 100000001.0f; x <= 100000010.0f; x += 1.0f) {} // expected-warning{{Variable 'x' with floating point type 'float'}} 11 for (float x = 100000001.0f; x <= 100000010.0f; x++ ) {} // expected-warning{{Variable 'x' with floating point type 'float'}} 12 for (double x = 100000001.0; x <= 100000010.0; x++ ) {} // expected-warning{{Variable 'x' with floating point type 'double'}} 13 for (double x = 100000001.0; ((x)) <= 100000010.0; ((x))++ ) {} // expected-warning{{Variable 'x' with floating point type 'double'}} 14 15 for (double x = 100000001.0; 100000010.0 >= x; x = x + 1.0 ) {} // expected-warning{{Variable 'x' with floating point type 'double'}} 16 17 int i = 0; 18 for (double x = 100000001.0; ((x)) <= 100000010.0; ((x))++, ++i ) {} // expected-warning{{Variable 'x' with floating point type 'double'}} 19 20 typedef float FooType; 21 for (FooType x = 100000001.0f; x <= 100000010.0f; x++ ) {} // expected-warning{{Variable 'x' with floating point type 'FooType'}} 22} 23 24// <rdar://problem/6335715> rule request: gets() buffer overflow 25// Part of recommendation: 300-BSI (buildsecurityin.us-cert.gov) 26char* gets(char *buf); 27 28void test_gets() { 29 char buff[1024]; 30 gets(buff); // expected-warning{{Call to function 'gets' is extremely insecure as it can always result in a buffer overflow}} 31} 32 33int getpw(unsigned int uid, char *buf); 34 35void test_getpw() { 36 char buff[1024]; 37 getpw(2, buff); // expected-warning{{The getpw() function is dangerous as it may overflow the provided buffer. It is obsoleted by getpwuid().}} 38} 39 40// <rdar://problem/6337132> CWE-273: Failure to Check Whether Privileges Were 41// Dropped Successfully 42typedef unsigned int __uint32_t; 43typedef __uint32_t __darwin_uid_t; 44typedef __uint32_t __darwin_gid_t; 45typedef __darwin_uid_t uid_t; 46typedef __darwin_gid_t gid_t; 47int setuid(uid_t); 48int setregid(gid_t, gid_t); 49int setreuid(uid_t, uid_t); 50extern void check(int); 51 52void test_setuid() 53{ 54 setuid(2); // expected-warning{{The return value from the call to 'setuid' is not checked. If an error occurs in 'setuid', the following code may execute with unexpected privileges}} 55 setuid(0); // expected-warning{{The return value from the call to 'setuid' is not checked. If an error occurs in 'setuid', the following code may execute with unexpected privileges}} 56 if (setuid (2) != 0) 57 abort(); 58 59 // Currently the 'setuid' check is not flow-sensitive, and only looks 60 // at whether the function was called in a compound statement. This 61 // will lead to false negatives, but there should be no false positives. 62 int t = setuid(2); // no-warning 63 (void)setuid (2); // no-warning 64 65 check(setuid (2)); // no-warning 66 67 setreuid(2,2); // expected-warning{{The return value from the call to 'setreuid' is not checked. If an error occurs in 'setreuid', the following code may execute with unexpected privileges}} 68 setregid(2,2); // expected-warning{{The return value from the call to 'setregid' is not checked. If an error occurs in 'setregid', the following code may execute with unexpected privileges}} 69} 70 71// <rdar://problem/6337100> CWE-338: Use of cryptographically weak prng 72int rand(void); 73double drand48(void); 74double erand48(unsigned short[3]); 75long jrand48(unsigned short[3]); 76void lcong48(unsigned short[7]); 77long lrand48(void); 78long mrand48(void); 79long nrand48(unsigned short[3]); 80long random(void); 81int rand_r(unsigned *); 82 83void test_rand() 84{ 85 unsigned short a[7]; 86 unsigned b; 87 88 rand(); // expected-warning{{Function 'rand' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 89 drand48(); // expected-warning{{Function 'drand48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 90 erand48(a); // expected-warning{{Function 'erand48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 91 jrand48(a); // expected-warning{{Function 'jrand48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 92 lcong48(a); // expected-warning{{Function 'lcong48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 93 lrand48(); // expected-warning{{Function 'lrand48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 94 mrand48(); // expected-warning{{Function 'mrand48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 95 nrand48(a); // expected-warning{{Function 'nrand48' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 96 rand_r(&b); // expected-warning{{Function 'rand_r' is obsolete because it implements a poor random number generator. Use 'arc4random' instead}} 97 random(); // expected-warning{{The 'random' function produces a sequence of values that an adversary may be able to predict. Use 'arc4random' instead}} 98} 99