Fossil SCM
Improvements to the tools/codecheck1.c injection-attack static analyzer tool.
Commit
2afff83e7eb608f68250359cfbdec2fe2f33ad3cfa8b5ea174091e943a80f772
Parent
ff1c48a9bfbd48d…
2 files changed
+1
-1
+11
-5
+1
-1
| --- src/http_ssl.c | ||
| +++ src/http_ssl.c | ||
| @@ -1175,11 +1175,11 @@ | ||
| 1175 | 1175 | cgi_reply(); |
| 1176 | 1176 | return; |
| 1177 | 1177 | |
| 1178 | 1178 | wellknown_notfound: |
| 1179 | 1179 | fossil_free(zPath); |
| 1180 | - webpage_notfound_error(0); | |
| 1180 | + webpage_notfound_error(0 /*works-like:""*/); | |
| 1181 | 1181 | return; |
| 1182 | 1182 | } |
| 1183 | 1183 | |
| 1184 | 1184 | /* |
| 1185 | 1185 | ** Return the OpenSSL version number being used. Space to hold |
| 1186 | 1186 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -1175,11 +1175,11 @@ | |
| 1175 | cgi_reply(); |
| 1176 | return; |
| 1177 | |
| 1178 | wellknown_notfound: |
| 1179 | fossil_free(zPath); |
| 1180 | webpage_notfound_error(0); |
| 1181 | return; |
| 1182 | } |
| 1183 | |
| 1184 | /* |
| 1185 | ** Return the OpenSSL version number being used. Space to hold |
| 1186 |
| --- src/http_ssl.c | |
| +++ src/http_ssl.c | |
| @@ -1175,11 +1175,11 @@ | |
| 1175 | cgi_reply(); |
| 1176 | return; |
| 1177 | |
| 1178 | wellknown_notfound: |
| 1179 | fossil_free(zPath); |
| 1180 | webpage_notfound_error(0 /*works-like:""*/); |
| 1181 | return; |
| 1182 | } |
| 1183 | |
| 1184 | /* |
| 1185 | ** Return the OpenSSL version number being used. Space to hold |
| 1186 |
+11
-5
| --- tools/codecheck1.c | ||
| +++ tools/codecheck1.c | ||
| @@ -30,12 +30,12 @@ | ||
| 30 | 30 | ** |
| 31 | 31 | ** * Verify that vararg formatting routines like blob_printf() or |
| 32 | 32 | ** db_multi_exec() have the correct number of arguments for their |
| 33 | 33 | ** format string. |
| 34 | 34 | ** |
| 35 | -** * For routines designed to generate SQL, warn about the use of %s | |
| 36 | -** which might allow SQL injection. | |
| 35 | +** * For routines designed to generate SQL or HTML or a URL or JSON, | |
| 36 | +** detect and warn about possible injection attacks. | |
| 37 | 37 | */ |
| 38 | 38 | #include <stdio.h> |
| 39 | 39 | #include <stdlib.h> |
| 40 | 40 | #include <ctype.h> |
| 41 | 41 | #include <string.h> |
| @@ -346,13 +346,14 @@ | ||
| 346 | 346 | ** Processing flags |
| 347 | 347 | */ |
| 348 | 348 | #define FMT_SQL 0x00001 /* Generator for SQL text */ |
| 349 | 349 | #define FMT_HTML 0x00002 /* Generator for HTML text */ |
| 350 | 350 | #define FMT_URL 0x00004 /* Generator for URLs */ |
| 351 | -#define FMT_SAFE 0x00008 /* Generator for human-readable text */ | |
| 352 | -#define FMT_LIT 0x00010 /* Just verify that a string literal */ | |
| 353 | -#define FMT_PX 0x00020 /* Must have a literal prefix in format string */ | |
| 351 | +#define FMT_JSON 0x00008 /* Generator for JSON */ | |
| 352 | +#define FMT_SAFE 0x00010 /* Generator for human-readable text */ | |
| 353 | +#define FMT_LIT 0x00020 /* Just verify that a string literal */ | |
| 354 | +#define FMT_PX 0x00040 /* Must have a literal prefix in format string */ | |
| 354 | 355 | |
| 355 | 356 | /* |
| 356 | 357 | ** A list of internal Fossil interfaces that take a printf-style format |
| 357 | 358 | ** string. |
| 358 | 359 | */ |
| @@ -360,12 +361,14 @@ | ||
| 360 | 361 | const char *zFName; /* Name of the function */ |
| 361 | 362 | int iFmtArg; /* Index of format argument. Leftmost is 1. */ |
| 362 | 363 | unsigned fmtFlags; /* Processing flags */ |
| 363 | 364 | } aFmtFunc[] = { |
| 364 | 365 | { "admin_log", 1, FMT_SAFE }, |
| 366 | + { "ajax_route_error", 2, FMT_SAFE }, | |
| 365 | 367 | { "audit_append", 3, FMT_SAFE }, |
| 366 | 368 | { "backofficeTrace", 1, FMT_SAFE }, |
| 369 | + { "backoffice_log", 1, FMT_SAFE }, | |
| 367 | 370 | { "blob_append_sql", 2, FMT_SQL }, |
| 368 | 371 | { "blob_appendf", 2, FMT_SAFE }, |
| 369 | 372 | { "cgi_debug", 1, FMT_SAFE }, |
| 370 | 373 | { "cgi_panic", 1, FMT_SAFE }, |
| 371 | 374 | { "cgi_printf", 1, FMT_HTML }, |
| @@ -404,10 +407,11 @@ | ||
| 404 | 407 | { "fossil_fatal_recursive", 1, FMT_SAFE }, |
| 405 | 408 | { "fossil_panic", 1, FMT_SAFE }, |
| 406 | 409 | { "fossil_print", 1, FMT_SAFE }, |
| 407 | 410 | { "fossil_trace", 1, FMT_SAFE }, |
| 408 | 411 | { "fossil_warning", 1, FMT_SAFE }, |
| 412 | + { "gitmirror_message", 2, FMT_SAFE }, | |
| 409 | 413 | { "href", 1, FMT_URL }, |
| 410 | 414 | { "json_new_string_f", 1, FMT_SAFE }, |
| 411 | 415 | { "json_set_err", 2, FMT_SAFE }, |
| 412 | 416 | { "json_warn", 2, FMT_SAFE }, |
| 413 | 417 | { "mprintf", 1, FMT_SAFE }, |
| @@ -416,17 +420,19 @@ | ||
| 416 | 420 | { "pop3_print", 2, FMT_SAFE }, |
| 417 | 421 | { "smtp_send_line", 2, FMT_SAFE }, |
| 418 | 422 | { "smtp_server_send", 2, FMT_SAFE }, |
| 419 | 423 | { "socket_set_errmsg", 1, FMT_SAFE }, |
| 420 | 424 | { "ssl_set_errmsg", 1, FMT_SAFE }, |
| 425 | + { "style_copy_button", 5, FMT_SAFE }, | |
| 421 | 426 | { "style_header", 1, FMT_HTML }, |
| 422 | 427 | { "style_set_current_page", 1, FMT_URL }, |
| 423 | 428 | { "style_submenu_element", 2, FMT_URL }, |
| 424 | 429 | { "style_submenu_sql", 3, FMT_SQL }, |
| 425 | 430 | { "textarea_attribute", 5, FMT_LIT }, |
| 426 | 431 | { "tktsetup_generic", 1, FMT_LIT }, |
| 427 | 432 | { "webpage_error", 1, FMT_SAFE }, |
| 433 | + { "webpage_notfound_error", 1, FMT_SAFE }, | |
| 428 | 434 | { "xfersetup_generic", 1, FMT_LIT }, |
| 429 | 435 | { "xhref", 2, FMT_URL }, |
| 430 | 436 | }; |
| 431 | 437 | |
| 432 | 438 | /* |
| 433 | 439 |
| --- tools/codecheck1.c | |
| +++ tools/codecheck1.c | |
| @@ -30,12 +30,12 @@ | |
| 30 | ** |
| 31 | ** * Verify that vararg formatting routines like blob_printf() or |
| 32 | ** db_multi_exec() have the correct number of arguments for their |
| 33 | ** format string. |
| 34 | ** |
| 35 | ** * For routines designed to generate SQL, warn about the use of %s |
| 36 | ** which might allow SQL injection. |
| 37 | */ |
| 38 | #include <stdio.h> |
| 39 | #include <stdlib.h> |
| 40 | #include <ctype.h> |
| 41 | #include <string.h> |
| @@ -346,13 +346,14 @@ | |
| 346 | ** Processing flags |
| 347 | */ |
| 348 | #define FMT_SQL 0x00001 /* Generator for SQL text */ |
| 349 | #define FMT_HTML 0x00002 /* Generator for HTML text */ |
| 350 | #define FMT_URL 0x00004 /* Generator for URLs */ |
| 351 | #define FMT_SAFE 0x00008 /* Generator for human-readable text */ |
| 352 | #define FMT_LIT 0x00010 /* Just verify that a string literal */ |
| 353 | #define FMT_PX 0x00020 /* Must have a literal prefix in format string */ |
| 354 | |
| 355 | /* |
| 356 | ** A list of internal Fossil interfaces that take a printf-style format |
| 357 | ** string. |
| 358 | */ |
| @@ -360,12 +361,14 @@ | |
| 360 | const char *zFName; /* Name of the function */ |
| 361 | int iFmtArg; /* Index of format argument. Leftmost is 1. */ |
| 362 | unsigned fmtFlags; /* Processing flags */ |
| 363 | } aFmtFunc[] = { |
| 364 | { "admin_log", 1, FMT_SAFE }, |
| 365 | { "audit_append", 3, FMT_SAFE }, |
| 366 | { "backofficeTrace", 1, FMT_SAFE }, |
| 367 | { "blob_append_sql", 2, FMT_SQL }, |
| 368 | { "blob_appendf", 2, FMT_SAFE }, |
| 369 | { "cgi_debug", 1, FMT_SAFE }, |
| 370 | { "cgi_panic", 1, FMT_SAFE }, |
| 371 | { "cgi_printf", 1, FMT_HTML }, |
| @@ -404,10 +407,11 @@ | |
| 404 | { "fossil_fatal_recursive", 1, FMT_SAFE }, |
| 405 | { "fossil_panic", 1, FMT_SAFE }, |
| 406 | { "fossil_print", 1, FMT_SAFE }, |
| 407 | { "fossil_trace", 1, FMT_SAFE }, |
| 408 | { "fossil_warning", 1, FMT_SAFE }, |
| 409 | { "href", 1, FMT_URL }, |
| 410 | { "json_new_string_f", 1, FMT_SAFE }, |
| 411 | { "json_set_err", 2, FMT_SAFE }, |
| 412 | { "json_warn", 2, FMT_SAFE }, |
| 413 | { "mprintf", 1, FMT_SAFE }, |
| @@ -416,17 +420,19 @@ | |
| 416 | { "pop3_print", 2, FMT_SAFE }, |
| 417 | { "smtp_send_line", 2, FMT_SAFE }, |
| 418 | { "smtp_server_send", 2, FMT_SAFE }, |
| 419 | { "socket_set_errmsg", 1, FMT_SAFE }, |
| 420 | { "ssl_set_errmsg", 1, FMT_SAFE }, |
| 421 | { "style_header", 1, FMT_HTML }, |
| 422 | { "style_set_current_page", 1, FMT_URL }, |
| 423 | { "style_submenu_element", 2, FMT_URL }, |
| 424 | { "style_submenu_sql", 3, FMT_SQL }, |
| 425 | { "textarea_attribute", 5, FMT_LIT }, |
| 426 | { "tktsetup_generic", 1, FMT_LIT }, |
| 427 | { "webpage_error", 1, FMT_SAFE }, |
| 428 | { "xfersetup_generic", 1, FMT_LIT }, |
| 429 | { "xhref", 2, FMT_URL }, |
| 430 | }; |
| 431 | |
| 432 | /* |
| 433 |
| --- tools/codecheck1.c | |
| +++ tools/codecheck1.c | |
| @@ -30,12 +30,12 @@ | |
| 30 | ** |
| 31 | ** * Verify that vararg formatting routines like blob_printf() or |
| 32 | ** db_multi_exec() have the correct number of arguments for their |
| 33 | ** format string. |
| 34 | ** |
| 35 | ** * For routines designed to generate SQL or HTML or a URL or JSON, |
| 36 | ** detect and warn about possible injection attacks. |
| 37 | */ |
| 38 | #include <stdio.h> |
| 39 | #include <stdlib.h> |
| 40 | #include <ctype.h> |
| 41 | #include <string.h> |
| @@ -346,13 +346,14 @@ | |
| 346 | ** Processing flags |
| 347 | */ |
| 348 | #define FMT_SQL 0x00001 /* Generator for SQL text */ |
| 349 | #define FMT_HTML 0x00002 /* Generator for HTML text */ |
| 350 | #define FMT_URL 0x00004 /* Generator for URLs */ |
| 351 | #define FMT_JSON 0x00008 /* Generator for JSON */ |
| 352 | #define FMT_SAFE 0x00010 /* Generator for human-readable text */ |
| 353 | #define FMT_LIT 0x00020 /* Just verify that a string literal */ |
| 354 | #define FMT_PX 0x00040 /* Must have a literal prefix in format string */ |
| 355 | |
| 356 | /* |
| 357 | ** A list of internal Fossil interfaces that take a printf-style format |
| 358 | ** string. |
| 359 | */ |
| @@ -360,12 +361,14 @@ | |
| 361 | const char *zFName; /* Name of the function */ |
| 362 | int iFmtArg; /* Index of format argument. Leftmost is 1. */ |
| 363 | unsigned fmtFlags; /* Processing flags */ |
| 364 | } aFmtFunc[] = { |
| 365 | { "admin_log", 1, FMT_SAFE }, |
| 366 | { "ajax_route_error", 2, FMT_SAFE }, |
| 367 | { "audit_append", 3, FMT_SAFE }, |
| 368 | { "backofficeTrace", 1, FMT_SAFE }, |
| 369 | { "backoffice_log", 1, FMT_SAFE }, |
| 370 | { "blob_append_sql", 2, FMT_SQL }, |
| 371 | { "blob_appendf", 2, FMT_SAFE }, |
| 372 | { "cgi_debug", 1, FMT_SAFE }, |
| 373 | { "cgi_panic", 1, FMT_SAFE }, |
| 374 | { "cgi_printf", 1, FMT_HTML }, |
| @@ -404,10 +407,11 @@ | |
| 407 | { "fossil_fatal_recursive", 1, FMT_SAFE }, |
| 408 | { "fossil_panic", 1, FMT_SAFE }, |
| 409 | { "fossil_print", 1, FMT_SAFE }, |
| 410 | { "fossil_trace", 1, FMT_SAFE }, |
| 411 | { "fossil_warning", 1, FMT_SAFE }, |
| 412 | { "gitmirror_message", 2, FMT_SAFE }, |
| 413 | { "href", 1, FMT_URL }, |
| 414 | { "json_new_string_f", 1, FMT_SAFE }, |
| 415 | { "json_set_err", 2, FMT_SAFE }, |
| 416 | { "json_warn", 2, FMT_SAFE }, |
| 417 | { "mprintf", 1, FMT_SAFE }, |
| @@ -416,17 +420,19 @@ | |
| 420 | { "pop3_print", 2, FMT_SAFE }, |
| 421 | { "smtp_send_line", 2, FMT_SAFE }, |
| 422 | { "smtp_server_send", 2, FMT_SAFE }, |
| 423 | { "socket_set_errmsg", 1, FMT_SAFE }, |
| 424 | { "ssl_set_errmsg", 1, FMT_SAFE }, |
| 425 | { "style_copy_button", 5, FMT_SAFE }, |
| 426 | { "style_header", 1, FMT_HTML }, |
| 427 | { "style_set_current_page", 1, FMT_URL }, |
| 428 | { "style_submenu_element", 2, FMT_URL }, |
| 429 | { "style_submenu_sql", 3, FMT_SQL }, |
| 430 | { "textarea_attribute", 5, FMT_LIT }, |
| 431 | { "tktsetup_generic", 1, FMT_LIT }, |
| 432 | { "webpage_error", 1, FMT_SAFE }, |
| 433 | { "webpage_notfound_error", 1, FMT_SAFE }, |
| 434 | { "xfersetup_generic", 1, FMT_LIT }, |
| 435 | { "xhref", 2, FMT_URL }, |
| 436 | }; |
| 437 | |
| 438 | /* |
| 439 |