Skip to content

Commit a2ce77a

Browse files
author
Sakshis
committed
world-writable-file-cpp
1 parent 80ad8ff commit a2ce77a

File tree

3 files changed

+312
-0
lines changed

3 files changed

+312
-0
lines changed

rules/cpp/security/world-writable-file-cpp.yml

Lines changed: 172 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,172 @@
1+
id: world-writable-file-cpp
2+
language: cpp
3+
severity: warning
4+
message: >-
5+
This call makes a world-writable file which allows any user on a
6+
machine to write to the file. This may allow attackers to influence the
7+
behaviour of this process by writing to the file.
8+
note: >-
9+
[CWE-732]: Incorrect Permission Assignment for Critical Resource
10+
[REFERENCES]
11+
- https://wiki.sei.cmu.edu/confluence/display/c/FIO06-C.+Create+files+with+appropriate+access+permissions
12+
utils:
13+
match_identifier_with_stringliteral_mode:
14+
kind: identifier
15+
pattern: $MODE
16+
follows:
17+
stopBy: end
18+
kind: string_literal
19+
has:
20+
stopBy: end
21+
kind: string_content
22+
inside:
23+
stopBy: end
24+
kind: argument_list
25+
inside:
26+
kind: call_expression
27+
has:
28+
kind: identifier
29+
regex: ^(chmod|fchmod|fchmodat|open|openat|creat)$
30+
inside:
31+
kind: expression_statement
32+
follows:
33+
stopBy: end
34+
kind: declaration
35+
all:
36+
- has:
37+
kind: type_identifier
38+
- has:
39+
kind: init_declarator
40+
all:
41+
- has:
42+
kind: identifier
43+
field: declarator
44+
pattern: $MODE
45+
- has:
46+
kind: number_literal
47+
field: value
48+
pattern: $BINARY
49+
match_identifier_with_identifier_mode:
50+
kind: identifier
51+
pattern: $MODE
52+
inside:
53+
stopBy: end
54+
kind: argument_list
55+
has:
56+
stopBy: end
57+
kind: identifier
58+
inside:
59+
stopBy: end
60+
kind: call_expression
61+
has:
62+
stopBy: end
63+
kind: identifier
64+
regex: "^fchmod$"
65+
inside:
66+
stopBy: end
67+
kind: expression_statement
68+
follows:
69+
stopBy: end
70+
kind: declaration
71+
all:
72+
- has:
73+
kind: type_identifier
74+
- has:
75+
kind: init_declarator
76+
all:
77+
- has:
78+
kind: identifier
79+
field: declarator
80+
pattern: $MODE
81+
- has:
82+
kind: number_literal
83+
field: value
84+
pattern: $BINARY
85+
match_binary_expression:
86+
kind: binary_expression
87+
all:
88+
- has:
89+
kind: binary_expression
90+
has:
91+
kind: identifier
92+
regex: ^(S_IWOTH|S_IWUSR|S_IGRP|S_IROTH|S_IRUSR|S_IWOTH)$
93+
- has:
94+
kind: identifier
95+
regex: ^(S_IWOTH|S_IWUSR|S_IGRP|S_IRUSR|S_IWOTH)$
96+
inside:
97+
stopBy: end
98+
kind: call_expression
99+
has:
100+
kind: identifier
101+
regex: (chmod|fchmod|fchmodat|open|openat)
102+
inside:
103+
kind: expression_statement
104+
match_binary_with_identifier:
105+
kind: identifier
106+
regex: "^S_IWOTH$"
107+
follows:
108+
stopBy: end
109+
kind: string_literal
110+
has:
111+
kind: string_content
112+
inside:
113+
stopBy: end
114+
kind: argument_list
115+
inside:
116+
kind: call_expression
117+
has:
118+
kind: identifier
119+
inside:
120+
kind: expression_statement
121+
match_binary_with_two_identifier:
122+
kind: binary_expression
123+
all:
124+
- has:
125+
kind: identifier
126+
regex: ^(S_IWUSR)$
127+
- has:
128+
kind: identifier
129+
regex: ^(S_IWOTH)$
130+
inside:
131+
kind: argument_list
132+
inside:
133+
kind: call_expression
134+
has:
135+
kind: identifier
136+
regex: ^(open)$
137+
match_binary_expression_with_three_identifier:
138+
kind: binary_expression
139+
all:
140+
- has:
141+
kind: binary_expression
142+
all:
143+
- has:
144+
kind: identifier
145+
regex: ^(S_IWOTH)$
146+
- has:
147+
kind: identifier
148+
regex: ^(S_IUSR)$
149+
- has:
150+
kind: identifier
151+
regex: ^(S_IGRP)$
152+
inside:
153+
kind: argument_list
154+
inside:
155+
kind: call_expression
156+
has:
157+
kind: identifier
158+
regex: ^(openat)$
159+
inside:
160+
kind: expression_statement
161+
162+
rule:
163+
any:
164+
- matches: match_identifier_with_stringliteral_mode
165+
- matches: match_identifier_with_identifier_mode
166+
- matches: match_binary_expression
167+
- matches: match_binary_with_identifier
168+
- matches: match_binary_with_two_identifier
169+
- matches: match_binary_expression_with_three_identifier
170+
constraints:
171+
BINARY:
172+
regex: ^0[0-7]*[2367]$

tests/__snapshots__/world-writable-file-cpp-snapshot.yml

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
id: world-writable-file-cpp
2+
snapshots:
3+
? |
4+
void test_octal_bad() {
5+
mode_t mode = 0666;
6+
chmod("/tmp/foo", mode);
7+
int fd = open_log();
8+
fchmod(fd, mode);
9+
int dirfd = open_log_dir();
10+
fchmodat(dirfd, "log", mode, AT_SYMLINK_NOFOLLOW);
11+
open("log", O_CREAT, mode);
12+
openat(fd, "log", O_CREAT, mode);
13+
creat("log", mode);
14+
}
15+
: labels:
16+
- source: mode
17+
style: primary
18+
start: 62
19+
end: 66
20+
- source: mode_t
21+
style: secondary
22+
start: 24
23+
end: 30
24+
- source: mode
25+
style: secondary
26+
start: 31
27+
end: 35
28+
- source: '0666'
29+
style: secondary
30+
start: 38
31+
end: 42
32+
- source: mode = 0666
33+
style: secondary
34+
start: 31
35+
end: 42
36+
- source: mode_t mode = 0666;
37+
style: secondary
38+
start: 24
39+
end: 43
40+
- source: chmod("/tmp/foo", mode);
41+
style: secondary
42+
start: 44
43+
end: 68
44+
- source: chmod
45+
style: secondary
46+
start: 44
47+
end: 49
48+
- source: chmod("/tmp/foo", mode)
49+
style: secondary
50+
start: 44
51+
end: 67
52+
- source: ("/tmp/foo", mode)
53+
style: secondary
54+
start: 49
55+
end: 67
56+
- source: /tmp/foo
57+
style: secondary
58+
start: 51
59+
end: 59
60+
- source: '"/tmp/foo"'
61+
style: secondary
62+
start: 50
63+
end: 60
64+
? |
65+
void test_symbol_direct_bad() {
66+
chmod("/tmp/foo", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
67+
int fd = open_log();
68+
fchmod(fd, S_IROTH | S_IWOTH | S_IRUSR | S_IWUSR);
69+
int dirfd = open_log_dir();
70+
fchmodat(dirfd, "log", S_IWOTH);
71+
open("log", O_CREAT, S_IWUSR | S_IWOTH);
72+
openat(fd, "log", O_CREAT, S_IWOTH | S_IUSR | S_IGRP);
73+
creat("log", S_IWOTH);
74+
}
75+
: labels:
76+
- source: S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH
77+
style: primary
78+
start: 50
79+
end: 107
80+
- source: S_IROTH
81+
style: secondary
82+
start: 90
83+
end: 97
84+
- source: S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH
85+
style: secondary
86+
start: 50
87+
end: 97
88+
- source: S_IWOTH
89+
style: secondary
90+
start: 100
91+
end: 107
92+
- source: chmod("/tmp/foo", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
93+
style: secondary
94+
start: 32
95+
end: 109
96+
- source: chmod
97+
style: secondary
98+
start: 32
99+
end: 37
100+
- source: chmod("/tmp/foo", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)
101+
style: secondary
102+
start: 32
103+
end: 108

tests/cpp/world-writable-file-cpp-test.yml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
id: world-writable-file-cpp
2+
valid:
3+
- |
4+
void test_symbol_direct_good() {
5+
chmod("/tmp/foo", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH);
6+
int fd = open_log();
7+
fchmod(fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH);
8+
int dirfd = open_log_dir();
9+
fchmodat(dirfd, "log", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH, AT_SYMLINK_NOFOLLOW);
10+
open("log", O_CREAT, mode);
11+
openat(fd, "log", O_CREAT, mode);
12+
creat("log", mode);
13+
}
14+
invalid:
15+
- |
16+
void test_octal_bad() {
17+
mode_t mode = 0666;
18+
chmod("/tmp/foo", mode);
19+
int fd = open_log();
20+
fchmod(fd, mode);
21+
int dirfd = open_log_dir();
22+
fchmodat(dirfd, "log", mode, AT_SYMLINK_NOFOLLOW);
23+
open("log", O_CREAT, mode);
24+
openat(fd, "log", O_CREAT, mode);
25+
creat("log", mode);
26+
}
27+
- |
28+
void test_symbol_direct_bad() {
29+
chmod("/tmp/foo", S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
30+
int fd = open_log();
31+
fchmod(fd, S_IROTH | S_IWOTH | S_IRUSR | S_IWUSR);
32+
int dirfd = open_log_dir();
33+
fchmodat(dirfd, "log", S_IWOTH);
34+
open("log", O_CREAT, S_IWUSR | S_IWOTH);
35+
openat(fd, "log", O_CREAT, S_IWOTH | S_IUSR | S_IGRP);
36+
creat("log", S_IWOTH);
37+
}

0 commit comments

Comments
 (0)