pcap_lookupdev

API Overview

pcap_lookupdev is an API in libpcap. This rule belongs to the return value check type. This rule is generated using Advance.

Rule Description

tip

pcap_lookupdev() returns a pointer to a string giving the name of a network device suitable for use with pcap_create(3PCAP) and pcap_activate(3PCAP), or with pcap_open_live(3PCAP), and with pcap_lookupnet(3PCAP). If there is an error, NULL is returned and errbuf is filled in with an appropriate error message.

info

• Tags: return value check
• Parameter Index: N/A
• CWE Type: CWE-253

Rule Code

import semmle.code.cpp.dataflow.DataFlow
class TestConfiguration extends DataFlow::Configuration {
    TestConfiguration() { this = "TestConfiguration" }
    override predicate isSource(DataFlow::Node source) {
        exists(FunctionCall fc,  MacroInvocation mi |
            (fc.getTarget().hasQualifiedName("pcap_lookupdev") or (
                mi.getMacroName() = "pcap_lookupdev"
                and fc.getTarget().hasName(mi.getMacro().getBody())
              )
            )
            and fc = source.asExpr()
        )
    }
    override predicate isSink(DataFlow::Node sink) {
        exists(| sink.asExpr().getEnclosingStmt() instanceof IfStmt
            and (sink.asExpr().getParent() instanceof ComparisonOperation
                or sink.asExpr().getParent() instanceof NotExpr
                or sink.asExpr().getParent() instanceof IfStmt
            )
        )
    }
}
from TestConfiguration cfg, FunctionCall fc, MacroInvocation mi
//function not checked
where (fc.getTarget().hasQualifiedName("pcap_lookupdev") or (
        mi.getMacroName() = "pcap_lookupdev"
        and fc.getTarget().hasName(mi.getMacro().getBody())
    ))
    and (
        (fc instanceof ExprInVoidContext)
        or not exists(Expr source1, Expr sink1|cfg.hasFlow(DataFlow::exprNode(source1), DataFlow::exprNode(sink1)) and fc = source1)
    )
select fc.getLocation()