File tree Expand file tree Collapse file tree 3 files changed +140
-0
lines changed Expand file tree Collapse file tree 3 files changed +140
-0
lines changed Original file line number Diff line number Diff line change 1+ id : dont-call-system-cpp
2+ language : cpp
3+ severity : warning
4+ message : >-
5+ Don't call `system`. It's a high-level wrapper that allows for stacking
6+ multiple commands. Always prefer a more restrictive API such as calling
7+ `execve` from the `exec` family.
8+ note : >-
9+ [CWE-78] Improper Neutralization of Special Elements used in an OS
10+ Command ('OS Command Injection').
11+ [REFERENCES]
12+ - https://owasp.org/Top10/A03_2021-Injection
13+
14+ ast-grep-essentials : true
15+
16+ utils :
17+ PATTERN_SYSTEM_INSIDE_IF_STATEMENT :
18+ kind : call_expression
19+ all :
20+ - has :
21+ stopBy : neighbor
22+ kind : identifier
23+ regex : ' ^system$'
24+ - has :
25+ stopBy : neighbor
26+ kind : argument_list
27+ - inside :
28+ stopBy : end
29+ kind : parenthesized_expression
30+ inside :
31+ kind : if_statement
32+ PATTERN_SYSTEM :
33+ any :
34+ - kind : expression_statement
35+ - kind : return_statement
36+ - kind : field_declaration
37+ has :
38+ stopBy : neighbor
39+ kind : call_expression
40+ all :
41+ - has :
42+ stopBy : neighbor
43+ kind : identifier
44+ regex : ' ^system$'
45+ - has :
46+ stopBy : neighbor
47+ kind : argument_list
48+ rule :
49+ any :
50+ - matches : PATTERN_SYSTEM_INSIDE_IF_STATEMENT
51+ - matches : PATTERN_SYSTEM
52+ not :
53+ all :
54+ - has :
55+ stopBy : end
56+ kind : ERROR
57+ - inside :
58+ has :
59+ stopBy : end
60+ kind : ERROR
61+
Original file line number Diff line number Diff line change 1+ id : dont-call-system-cpp
2+ snapshots :
3+ ? |
4+ void test_002(const char *input)
5+ {
6+ char cmdbuf[BUFFERSIZE];
7+ int len_wanted = snprintf(cmdbuf, BUFFERSIZE,
8+ " any_cmd '%s'" , input);
9+ system(cmdbuf);
10+ }
11+ void test_001(const char *input)
12+ {
13+ char cmdbuf[BUFFERSIZE];
14+ int len_wanted = snprintf(cmdbuf, BUFFERSIZE,
15+ " any_cmd '%s'" , input);
16+ if (len_wanted >= BUFFERSIZE)
17+ {
18+ /* Handle error */
19+ }
20+ else if (len_wanted < 0)
21+ {
22+ /* Handle error */
23+ }
24+ else if (system(cmdbuf) == -1)
25+ {
26+ /* Handle error */
27+ }
28+ }
29+ : labels :
30+ - source : system(cmdbuf);
31+ style : primary
32+ start : 156
33+ end : 171
34+ - source : system
35+ style : secondary
36+ start : 156
37+ end : 162
38+ - source : (cmdbuf)
39+ style : secondary
40+ start : 162
41+ end : 170
42+ - source : system(cmdbuf)
43+ style : secondary
44+ start : 156
45+ end : 170
Original file line number Diff line number Diff line change 1+ id : dont-call-system-cpp
2+ valid :
3+ - |
4+ void test_003(const char *input)
5+ {
6+ storer->store_binary(Clocks->system());
7+ }
8+ invalid :
9+ - |
10+ void test_002(const char *input)
11+ {
12+ char cmdbuf[BUFFERSIZE];
13+ int len_wanted = snprintf(cmdbuf, BUFFERSIZE,
14+ "any_cmd '%s'", input);
15+ system(cmdbuf);
16+ }
17+ void test_001(const char *input)
18+ {
19+ char cmdbuf[BUFFERSIZE];
20+ int len_wanted = snprintf(cmdbuf, BUFFERSIZE,
21+ "any_cmd '%s'", input);
22+ if (len_wanted >= BUFFERSIZE)
23+ {
24+ /* Handle error */
25+ }
26+ else if (len_wanted < 0)
27+ {
28+ /* Handle error */
29+ }
30+ else if (system(cmdbuf) == -1)
31+ {
32+ /* Handle error */
33+ }
34+ }
You can’t perform that action at this time.
0 commit comments