pcap_open_live

API 概述

pcap_open_live 是 libpcap 中的一个API。该规属于param-value 类型。该规则是使用 Advance 生成的。

规则描述

提示

you should use a non-zero timeout https://www.tcpdump.org/pcap.html

信息

标签：param-value

参数下标：N/A

CWE类别：N/A

规则代码

import cpp
import semmle.code.cpp.customs.non_zero
import semmle.code.cpp.dataflow.TaintTracking
import semmle.code.cpp.dataflow.DataFlow
import semmle.code.cpp.security.Security
import DataFlow::PathGraph
class TestConfiguration extends TaintTracking::Configuration {
  TestConfiguration() { this = "TestConfiguration" }

  override predicate isSource(DataFlow::Node source) {
    exists( | source.asExpr().isConstant())
  }

  override predicate isSink(DataFlow::Node sink) {
    exists(FunctionCall fc |
      fc.getTarget().hasName("pcap_open_live")
      and fc.getArgument(3) = sink.asExpr()
    )
  }
}
from FunctionCall fc, TestConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
where fc.getTarget().hasQualifiedName("pcap_open_live")
    and cfg.hasFlowPath(source, sink)
    and source.toString().toFloat() != non_zero()
select sink.getNode().getLocation()