tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

FopenUsageChecker.cpp (3313B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include "FopenUsageChecker.h"
      6 #include "CustomMatchers.h"
      7 
      8 void FopenUsageChecker::registerMatchers(MatchFinder *AstMatcher) {
      9 
     10  auto hasConstCharPtrParam = [](const unsigned int Position) {
     11    return hasParameter(
     12        Position, hasType(hasCanonicalType(pointsTo(asString("const char")))));
     13  };
     14 
     15  auto hasParamOfType = [](const unsigned int Position, const char *Name) {
     16    return hasParameter(Position, hasType(asString(Name)));
     17  };
     18 
     19  auto hasIntegerParam = [](const unsigned int Position) {
     20    return hasParameter(Position, hasType(isInteger()));
     21  };
     22 
     23  AstMatcher->addMatcher(
     24      callExpr(
     25          allOf(
     26              isFirstParty(),
     27              callee(functionDecl(allOf(
     28                  isInSystemHeader(),
     29                  anyOf(
     30                      allOf(anyOf(allOf(hasName("fopen"),
     31                                        hasConstCharPtrParam(0)),
     32                                  allOf(hasName("fopen_s"),
     33                                        hasParameter(
     34                                            0, hasType(pointsTo(pointsTo(
     35                                                   asString("FILE"))))),
     36                                        hasConstCharPtrParam(2))),
     37                            hasConstCharPtrParam(1)),
     38                      allOf(anyOf(hasName("open"),
     39                                  allOf(hasName("_open"), hasIntegerParam(2)),
     40                                  allOf(hasName("_sopen"), hasIntegerParam(3))),
     41                            hasConstCharPtrParam(0), hasIntegerParam(1)),
     42                      allOf(hasName("_sopen_s"),
     43                            hasParameter(0, hasType(pointsTo(isInteger()))),
     44                            hasConstCharPtrParam(1), hasIntegerParam(2),
     45                            hasIntegerParam(3), hasIntegerParam(4)),
     46                      allOf(hasName("OpenFile"), hasConstCharPtrParam(0),
     47                            hasParamOfType(1, "LPOFSTRUCT"),
     48                            hasIntegerParam(2)),
     49                      allOf(hasName("CreateFileA"), hasConstCharPtrParam(0),
     50                            hasIntegerParam(1), hasIntegerParam(2),
     51                            hasParamOfType(3, "LPSECURITY_ATTRIBUTES"),
     52                            hasIntegerParam(4), hasIntegerParam(5),
     53                            hasParamOfType(6, "HANDLE")))))),
     54              unless(isInWhitelistForFopenUsage())))
     55          .bind("funcCall"),
     56      this);
     57 }
     58 
     59 void FopenUsageChecker::check(const MatchFinder::MatchResult &Result) {
     60  const CallExpr *FuncCall = Result.Nodes.getNodeAs<CallExpr>("funcCall");
     61  static const char *ExtraInfo =
     62      "On Windows executed functions: fopen, fopen_s, open, _open, _sopen, "
     63      "_sopen_s, OpenFile, CreateFileA should never be used due to lossy "
     64      "conversion from UTF8 to ANSI.";
     65 
     66  if (FuncCall) {
     67    diag(FuncCall->getBeginLoc(),
     68         "Usage of ASCII file functions (here %0) is forbidden on Windows.",
     69         DiagnosticIDs::Warning)
     70        << FuncCall->getDirectCallee()->getName();
     71    diag(FuncCall->getBeginLoc(), ExtraInfo, DiagnosticIDs::Note);
     72  }
     73 }