pcap_lookupdev

API 概述

pcap_lookupdev 是 libpcap 中的一个API。该规属于return value check 类型。该规则是使用 Advance 生成的。

规则描述

提示

pcap_lookupdev() returns a pointer to a string giving the name of a network device suitable for use with pcap_create(3PCAP) and pcap_activate(3PCAP), or with pcap_open_live(3PCAP), and with pcap_lookupnet(3PCAP). If there is an error, NULL is returned and errbuf is filled in with an appropriate error message.

信息

标签：return value check

参数下标：N/A

CWE类别：CWE-253

规则代码

import semmle.code.cpp.dataflow.DataFlow
class TestConfiguration extends DataFlow::Configuration {
    TestConfiguration() { this = "TestConfiguration" }
    override predicate isSource(DataFlow::Node source) {
        exists(FunctionCall fc,  MacroInvocation mi |
            (fc.getTarget().hasQualifiedName("pcap_lookupdev") or (
                mi.getMacroName() = "pcap_lookupdev"
                and fc.getTarget().hasName(mi.getMacro().getBody())
              )
            )
            and fc = source.asExpr()
        )
    }
    override predicate isSink(DataFlow::Node sink) {
        exists(| sink.asExpr().getEnclosingStmt() instanceof IfStmt
            and (sink.asExpr().getParent() instanceof ComparisonOperation
                or sink.asExpr().getParent() instanceof NotExpr
                or sink.asExpr().getParent() instanceof IfStmt
            )
        )
    }
}
from TestConfiguration cfg, FunctionCall fc, MacroInvocation mi
//function not checked
where (fc.getTarget().hasQualifiedName("pcap_lookupdev") or (
        mi.getMacroName() = "pcap_lookupdev"
        and fc.getTarget().hasName(mi.getMacro().getBody())
    ))
    and (
        (fc instanceof ExprInVoidContext)
        or not exists(Expr source1, Expr sink1|cfg.hasFlow(DataFlow::exprNode(source1), DataFlow::exprNode(sink1)) and fc = source1)
    )
select fc.getLocation()