From e4a867395b673da0e2f929791a4dfe9d129f6da2 Mon Sep 17 00:00:00 2001 From: generatedunixname89002005279527 Date: Thu, 9 Jan 2025 06:44:21 -0800 Subject: [PATCH] fbcode/security/genai/CodeShield/insecure_code_detector/rules/semgrep/c Reviewed By: hick209 Differential Revision: D67967177 fbshipit-source-id: e026050445ae7576a882f0fae148cb23bd127c06 --- .../rules/semgrep/c/bad-crypto-api-usage.c | 126 ------------------ .../rules/semgrep/c/bugprone-snprintf.c | 82 ------------ .../rules/semgrep/c/crypto-weak-prng.c | 37 ----- .../rules/semgrep/c/fixed_seed_use.c | 26 ---- .../c/integer-overflow-to-buffer-overflow.c | 47 ------- .../rules/semgrep/c/invalid-free.c | 21 --- .../c/mcf-get-c-string-result-ignored.c | 68 ---------- .../semgrep/c/potential-command-injection.c | 27 ---- .../rules/semgrep/c/write-to-stack-buffer.c | 35 ----- 9 files changed, 469 deletions(-) delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/bad-crypto-api-usage.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/bugprone-snprintf.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/crypto-weak-prng.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/fixed_seed_use.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/integer-overflow-to-buffer-overflow.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/invalid-free.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/mcf-get-c-string-result-ignored.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/potential-command-injection.c delete mode 100644 CodeShield/insecure_code_detector/rules/semgrep/c/write-to-stack-buffer.c diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/bad-crypto-api-usage.c b/CodeShield/insecure_code_detector/rules/semgrep/c/bad-crypto-api-usage.c deleted file mode 100644 index d4d90de91..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/bad-crypto-api-usage.c +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -void warnOnMd5Usage() { - // ruleid: md5-usage - MD5_Init(1); - EVP_md5(1); - EVP_md5(); - EVP_md5(1, 2, 3); -} - -void warnOnSha1Usage() { - // ruleid: sha1-usage - SHA1_Init(1); - EVP_sha1(1); - EVP_md5_sha1(1); -} - -void warnOnMd2Md4Hash() { - MD2_Init(1); - EVP_md2(1); - MD4_Init(1); - EVP_md4(1); -} - -void warnOnBlowfishEncryption() { - EVP_bf_cbc(1); - BF_decrypt(1); - BF_ecb_encrypt(1); -} - -void warnOnDesAlgorithm() { - EVP_des_function(1); - EVP_des_ofb(1); - DES_ecb_encrypt(1); -} - -void warnOnEcbModeEncryption() { - EVP_aes_256_ecb(1); -} - -void warnOnUnauthenticatedEncryptionUsage() { - EVP_aes_256_ecb(); - EVP_aes_128_cbc(); - EVP_aes_192_ctr(); - EVP_aes_256_xts(); - EVP_aes_128_cfb(); - EVP_aes_128_ofb(); -} - -void warnOnHardCodedSecret() { - char scrt[] = "secret"; - char password[10]; - char secret[10]; - char privateKey[10]; - char private_key[10]; - char secret_key[10]; - char secretKey[10]; - password = scrt; - secret = scrt; - privateKey = srct; - private_key = srct; - secret_key = srct; - secretKey = srct; - secret_key_abc = srct; - abc_secret_key = srct; - abc_secret_key_abc = srct; - char secretKey2[10] = "secret"; -} - -void warnOnFixedNonceUsage() { - char nonce[]; - char iv[]; - char initializationVector[]; - char initialization_vector[]; - - nonce = "nonce"; - iv = "nonce"; - initializationVector = "nonce"; - initialization_vector = "nonce"; - initialization_vector_abc = "nonce"; - abc_initialization_vector = "nonce"; - // should not warn - defiv = "nonce"; -} - -void warnOnInsufficientKeySize() { - EVP_RSA_gen(512); - EVP_RSA_gen(768); - EVP_RSA_gen(1024); - EVP_RSA_gen(1536); - // should not warn - EVP_RSA_gen(2048); - RSA_generate_key(0, 512, 0, 0); - RSA_generate_key(0, 768, 0, 0); - RSA_generate_key_ex(0, 1024, 0, 0); - RSA_generate_key_ex(0, 1536, 0, 0); - // should not warn - RSA_generate_key_ex(0, 2048, 0, 0); -} - -void warnOnInsufficientKeySizeTwo() { - int keySize1 = 512; - int keySize2 = 768; - int keySize3 = 1024; - int keySize4 = 1536; - int keySize5 = 2048; - - EVP_RSA_gen(keySize1); - EVP_RSA_gen(keySize2); - EVP_RSA_gen(keySize3); - EVP_RSA_gen(keySize4); - - RSA_generate_key(0, keySize1, 0, 0); - RSA_generate_key(0, keySize2, 0, 0); - RSA_generate_key_ex(0, keySize3, 0, 0); - RSA_generate_key_ex(0, keySize4, 0, 0); - // should not warn on keySize5 - - EVP_RSA_gen(keySize5); - RSA_generate_key(0, keySize5, 0, 0); -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/bugprone-snprintf.c b/CodeShield/insecure_code_detector/rules/semgrep/c/bugprone-snprintf.c deleted file mode 100644 index bd84999dc..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/bugprone-snprintf.c +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -#include -#include - -void WarnOnMisuseofSnprintf() { - char buf[50]; - char str[60]; - int ret = 0; - // ruleid: bugprone-snprintf - ret = snprintf(buf, sizeof(buf), "%s", str); - buf[ret] = '\0'; - - // ruleid: bugprone-snprintf - ret = snprintf(buf, sizeof(buf), "%s", str); - *(buf + ret) = '\0'; -} - -void NoWarnOnNoMisuseInBinaryOperator() { - char buf[50]; - char str[60]; - int ret = 0; - ret = snprintf(buf, sizeof(buf), "%s", str); - // ok: bugprone-snprintf - if (ret < sizeof(buf)) { - printf("ret is greater"); - } else { - printf("%d", ret); - } -} - -void NoWarnOnNonMisuseInDeclarationStatement() { - char divider[101]; - char color[10] = "adfadf"; - int bytes_read = snprintf(divider, sizeof(divider), "%s", color); - // ok: bugprone-snprintf - if (bytes_read < sizeof(divider)) { - memset(divider + bytes_read, '-', sizeof(divider) - bytes_read); - } - divider[100] = '\0'; -} - -void NoWarnOnNonStringFormatType(int a) { - char buf[50]; - char str[60]; - int ret = 0; - ret = snprintf(buf, sizeof(buf), "%d", a); - // ok: bugprone-snprintf - printf("%d", ret); -} - -void NoWarnOnMisuseErrorValidationInBinaryOperator() { - char buf[50]; - char str[60]; - int ret = 0; - ret = snprintf(buf, sizeof(buf), "%s", str); - // ok: bugprone-snprintf - if (os_snprintf_error(sizeof(buf), ret)) { - printf("ret is greater"); - } else { - printf("%d", ret); - } -} - -void NoWarnOnMisuseInUsageWithIncorrectErrorValidationInBinaryOperator() { - char buf[50]; - char str[60]; - int ret = 0; - int x = 0; - ret = snprintf(buf, sizeof(buf), "%s", str); - // ok: bugprone-snprintf - if (true) { - if (10 < ret) { - printf("ret is greater"); - } - } -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/crypto-weak-prng.c b/CodeShield/insecure_code_detector/rules/semgrep/c/crypto-weak-prng.c deleted file mode 100644 index 435477944..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/crypto-weak-prng.c +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -#include - -void test_1() { - // ruleid: crypto-weak-prng - int number = rand(); -} - -int test_2() { - // ruleid: crypto-weak-prng - return rand(); -} - -void test_3() { - // ruleid: crypto-weak-prng - if (rand() % 2 == 0) { - printf("Even number generated"); - } else { - printf("Odd number generated"); - } -} - -void test_4() { - // ok: crypto-weak-prng - int number = 5; -} - -void generate_seeded_random() { - // ok: crypto-weak-prng - srand(time(0)); -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/fixed_seed_use.c b/CodeShield/insecure_code_detector/rules/semgrep/c/fixed_seed_use.c deleted file mode 100644 index d10eba2c8..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/fixed_seed_use.c +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -#include -#include - -int main() { - unsigned int seed; - // ruleid: fixed-seed-usage - seed = 10; - srand(seed); - printf("Random value: %d\n", rand()); - - FILE* urandom = fopen("/dev/urandom", "r"); - // ok: fixed-seed-usage - unsigned int rngSeed; - fread(&rngSeed, sizeof(rngSeed), 1, urandom); - fclose(urandom); - srand(rngSeed); - printf("Random value: %d\n", rand()); - return 0; -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/integer-overflow-to-buffer-overflow.c b/CodeShield/insecure_code_detector/rules/semgrep/c/integer-overflow-to-buffer-overflow.c deleted file mode 100644 index cc412e68a..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/integer-overflow-to-buffer-overflow.c +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -#include - -void test1(int x) { - // ruleid: potential-integer-overflow-to-buffer-overflow - char* buf = (char*)malloc(x * 2); // Integer overflow - if (buf != NULL) { - // Buffer overflow - buf[x] = 'a'; - } -} - -void test2(int x) { - if (x < 100) { - // ok: potential-integer-overflow-to-buffer-overflow - char* buf = (char*)malloc(x * 2); - if (buf != NULL) { - buf[x] = 'a'; - } - } -} - -void test3(int x) { - if (x > 100) { - return; - } - // ok: potential-integer-overflow-to-buffer-overflow - char* buf = (char*)malloc(x * 2); - if (buf != NULL) { - buf[x] = 'a'; - } -} - -void test4(int x) { - int CONSTANT = 100; - // ok: potential-integer-overflow-to-buffer-overflow - char* buf = (char*)malloc(CONSTANT * 2); - if (buf != NULL) { - buf[x] = 'a'; - } -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/invalid-free.c b/CodeShield/insecure_code_detector/rules/semgrep/c/invalid-free.c deleted file mode 100644 index 64dbee4b2..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/invalid-free.c +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -void func1() { - // ruleid: invalid-free - char buf[10]; - free(buf); -} - -void func2() { - // ruleid: invalid-free - char ptr; - free(&ptr); -} - -char ptr; -free(&ptr); diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/mcf-get-c-string-result-ignored.c b/CodeShield/insecure_code_detector/rules/semgrep/c/mcf-get-c-string-result-ignored.c deleted file mode 100644 index d57b0dd17..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/mcf-get-c-string-result-ignored.c +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -typedef const void* MCFStringRef; -typedef unsigned int MCFStringEncoding; - -bool MCFStringGetCString( - MCFStringRef str, - char* buffer, - int bufferSize, - MCFStringEncoding encoding); - -void WarnOnIgnoredResultSuggestFix(MCFStringRef strref) { - char buffer[256]; - // ruleid: mcf-get-cstring-result-ignored - MCFStringGetCString(strref, buffer, 256, 0x08000100); -} - -char* WarnOnIgnoredResultSuggestFix2(MCFStringRef strref) { - char buffer[256]; - // ruleid: mcf-get-cstring-result-ignored - MCFStringGetCString(strref, buffer, 256, 0x08000100); -} - -bool WarnOnIgnoredResultSuggestFix3(MCFStringRef strref) { - char buffer[256]; - // ruleid: mcf-get-cstring-result-ignored - MCFStringGetCString(strref, buffer, 256, 0x08000100); -} - -double WarnOnIgnoredResultSuggestFix4(MCFStringRef strref) { - char buffer[256]; - // ruleid: mcf-get-cstring-result-ignored - MCFStringGetCString(strref, buffer, 256, 0x08000100); -} - -void NoWarnOnAssignedResult(MCFStringRef strref) { - char buffer[256]; - // ok: mcf-get-cstring-result-ignored - bool ret = MCFStringGetCString(strref, buffer, 256, 0x08000100); -} - -void NoWarnOnIfCheck(MCFStringRef strref) { - char buffer[256]; - // ok: mcf-get-cstring-result-ignored - if (MCFStringGetCString(strref, buffer, 256, 0x08000100)) { - return; - } - // ok: mcf-get-cstring-result-ignored - if (!MCFStringGetCString(strref, buffer, 256, 0x08000100)) { - return; - } -} - -bool NoWarnOnReturn(MCFStringRef strref) { - char buffer[256]; - return MCFStringGetCString(strref, buffer, 256, 0x08000100); -} - -int check(bool); -bool NoWarnOnOtherFunctionCall(MCFStringRef strref) { - char buffer[256]; - check(MCFStringGetCString(strref, buffer, 256, 0x08000100)); -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/potential-command-injection.c b/CodeShield/insecure_code_detector/rules/semgrep/c/potential-command-injection.c deleted file mode 100644 index 64b9b7d4f..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/potential-command-injection.c +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -void test_1(char* cmd) { - // ruleid: potential-command-injection - system(cmd); -} - -void test_2() { - // ok: potential-command-injection - system("ls"); -} - -void test_3() { - // ok: potential-command-injection - char* cmd = "ls"; - system(cmd); -} - -void test_4() { - // ok: potential-command-injection - system(F_CLEAR); -} diff --git a/CodeShield/insecure_code_detector/rules/semgrep/c/write-to-stack-buffer.c b/CodeShield/insecure_code_detector/rules/semgrep/c/write-to-stack-buffer.c deleted file mode 100644 index 9654c0932..000000000 --- a/CodeShield/insecure_code_detector/rules/semgrep/c/write-to-stack-buffer.c +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) Meta Platforms, Inc. and affiliates. - * - * This source code is licensed under the MIT license found in the - * LICENSE file in the root directory of this source tree. - */ - -int func(int n) { - char buf[100]; - // ruleid: write-to-stack-buffer - memcpy(buf, src, n); - return n; -} - -void func2() { - char buf[100]; - int n = func(); - if (n < 100) { - // ok: write-to-stack-buffer - memcpy(buf, src, n); - } -} - -int func3(int n) { - char buf[100]; - // ok: write-to-stack-buffer - memcpy(buf, "hello", n); - return n; -} - -int func4(char* buf, char* src, int n) { - // ok: write-to-stack-buffer - memcpy(buf, src, n); - return n; -}