sqc 0.4.13

Software Code Quality - CERT C compliance checker
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

use crate::manifest::{RuleCategory, Severity};
use crate::prelude::RuleViolation;
use crate::rules::cert_c::CertRule;
use crate::utility::cert_c::ast_utils::get_node_text;
use tree_sitter::Node;

pub struct Pos01C;

impl CertRule for Pos01C {
    fn rule_id(&self) -> &'static str {
        "POS01-C"
    }

    fn cert_id(&self) -> &'static str {
        "POS01"
    }

    fn description(&self) -> &'static str {
        "Check for the existence of links when dealing with files"
    }

    fn severity(&self) -> Severity {
        Severity::High
    }

    fn category(&self) -> RuleCategory {
        RuleCategory::Rule
    }

    fn check(&self, node: &Node, source: &str) -> Vec<RuleViolation> {
        let mut violations = Vec::new();

        // Check both inside functions and at top-level (translation_unit)
        if node.kind() == "translation_unit" {
            // For top-level code, check if there's any lstat() in the entire file
            let has_lstat = self.subtree_has_lstat(node, source);
            self.check_open_calls_recursive(node, source, has_lstat, &mut violations);
        } else {
            // Check functions individually
            self.check_functions(node, source, &mut violations);
        }

        violations
    }
}

impl Pos01C {
    fn check_functions(&self, node: &Node, source: &str, violations: &mut Vec<RuleViolation>) {
        if node.kind() == "function_definition" {
            // Check this function for open() without proper protection
            let has_lstat = self.subtree_has_lstat(node, source);
            self.check_open_calls_recursive(node, source, has_lstat, violations);
        }

        // Recurse
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            self.check_functions(&child, source, violations);
        }
    }

    fn subtree_has_lstat(&self, node: &Node, source: &str) -> bool {
        if node.kind() == "call_expression" {
            let mut cursor = node.walk();
            for child in node.children(&mut cursor) {
                if child.kind() == "identifier" {
                    let func_name = get_node_text(&child, source);
                    if func_name == "lstat" {
                        return true;
                    }
                }
            }
        }

        // Recurse
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            if self.subtree_has_lstat(&child, source) {
                return true;
            }
        }

        false
    }

    fn check_open_calls_recursive(
        &self,
        node: &Node,
        source: &str,
        has_lstat: bool,
        violations: &mut Vec<RuleViolation>,
    ) {
        if node.kind() == "call_expression" {
            // Check if this is an open() call
            let mut cursor = node.walk();
            let mut is_open = false;
            let mut has_nofollow = false;

            for child in node.children(&mut cursor) {
                if child.kind() == "identifier" {
                    let func_name = get_node_text(&child, source);
                    if func_name == "open" {
                        is_open = true;
                    }
                }

                // Check arguments for O_NOFOLLOW
                if child.kind() == "argument_list" {
                    has_nofollow = self.has_nofollow_flag(&child, source);
                }
            }

            if is_open && !has_nofollow && !has_lstat {
                // Flag open() without O_NOFOLLOW and without lstat() validation
                let start = node.start_position();
                violations.push(RuleViolation {
                    rule_id: self.rule_id().to_string(),
                    file_path: String::new(),
                    message: "open() called without O_NOFOLLOW flag and without lstat() validation. This may be vulnerable to symlink attacks.".to_string(),
                    line: start.row + 1,
                    column: start.column + 1,
                    severity: self.severity(),
                    suggestion: Some("Use O_NOFOLLOW flag in open() call, or validate with lstat() before opening".to_string()),
                    requires_manual_review: Some(false),
                });
            }
        }

        // Recurse
        let mut cursor = node.walk();
        for child in node.children(&mut cursor) {
            self.check_open_calls_recursive(&child, source, has_lstat, violations);
        }
    }

    fn has_nofollow_flag(&self, node: &Node, source: &str) -> bool {
        // Check if any argument contains O_NOFOLLOW
        let text = get_node_text(node, source);
        text.contains("O_NOFOLLOW")
    }
}