/* good2() reverses the bodies in the if statement */ static void good2() { if(STATIC_CONST_FIVE==5) { { char * keyName = "TEST\\TestKey"; HUSKEY hKey; /* FIX: Call SHRegOpenUSKeyA() with HKEY_CURRENT_USER (fIgnoreHKCU == FALSE) */ if (SHRegOpenUSKeyA( keyName, KEY_WRITE, NULL, &hKey, FALSE) != ERROR_SUCCESS) { printLine("Registry key could not be opened"); } else { printLine("Registry key opened successfully"); SHRegCloseUSKey(hKey); } } } }
void CWE272_Least_Privilege_Violation__w32_char_SHRegOpenUSKey_06_bad() { if(STATIC_CONST_FIVE==5) { { char * keyName = "TEST\\TestKey"; HUSKEY hKey; /* FLAW: Call SHRegOpenUSKeyA() with HKEY_LOCAL_MACHINE (fIgnoreHKCU == TRUE) violating the least privilege principal */ if (SHRegOpenUSKeyA( keyName, KEY_WRITE, NULL, &hKey, TRUE) != ERROR_SUCCESS) { printLine("Registry key could not be opened"); } else { printLine("Registry key opened successfully"); SHRegCloseUSKey(hKey); } } } }
/* good1() uses if(STATIC_CONST_FIVE!=5) instead of if(STATIC_CONST_FIVE==5) */ static void good1() { if(STATIC_CONST_FIVE!=5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { { char * keyName = "TEST\\TestKey"; HUSKEY hKey; /* FIX: Call SHRegOpenUSKeyA() with HKEY_CURRENT_USER (fIgnoreHKCU == FALSE) */ if (SHRegOpenUSKeyA( keyName, KEY_WRITE, NULL, &hKey, FALSE) != ERROR_SUCCESS) { printLine("Registry key could not be opened"); } else { printLine("Registry key opened successfully"); SHRegCloseUSKey(hKey); } } } }
/* good1() uses if(STATIC_CONST_FALSE) instead of if(STATIC_CONST_TRUE) */ static void good1() { if(STATIC_CONST_FALSE) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { { char * keyName = "TEST\\TestKey"; HUSKEY hKey; /* FIX: Call SHRegCreateUSKeyA() with SHREGSET_HKCU */ if (SHRegCreateUSKeyA( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
/* good2() reverses the bodies in the if statement */ static void good2() { if(STATIC_CONST_TRUE) { { char * keyName = "TEST\\TestKey"; HUSKEY hKey; /* FIX: Call SHRegCreateUSKeyA() with SHREGSET_HKCU */ if (SHRegCreateUSKeyA( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
void CWE272_Least_Privilege_Violation__w32_wchar_t_SHRegOpenUSKey_16_bad() { while(1) { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey; /* FLAW: Call SHRegOpenUSKeyW() with HKEY_LOCAL_MACHINE (fIgnoreHKCU == TRUE) violating the least privilege principal */ if (SHRegOpenUSKeyW( keyName, KEY_WRITE, NULL, &hKey, TRUE) != ERROR_SUCCESS) { printLine("Registry key could not be opened"); } else { printLine("Registry key opened successfully"); SHRegCloseUSKey(hKey); } } break; } }
void CWE272_Least_Privilege_Violation__w32_char_SHRegCreateUSKey_04_bad() { if(STATIC_CONST_TRUE) { { char * keyName = "TEST\\TestKey"; HUSKEY hKey; /* FLAW: Call SHRegCreateUSKeyA() with SHREGSET_HKLM violating the least privilege principal */ if (SHRegCreateUSKeyA( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKLM) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
/* good2() reverses the blocks in the switch */ static void good2() { switch(6) { case 6: { char * keyName = "TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FIX: Call SHRegCreateUSKeyA() without KEY_ALL_ACCESS as the 2nd parameter to limit access */ if (SHRegCreateUSKeyA( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } break; default: /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); break; } }
void CWE272_Least_Privilege_Violation__w32_wchar_t_SHRegCreateUSKey_17_bad() { int j; for(j = 0; j < 1; j++) { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey; /* FLAW: Call SHRegCreateUSKeyW() with SHREGSET_HKLM violating the least privilege principal */ if (SHRegCreateUSKeyW( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKLM) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
/* good2() reverses the bodies in the if statement */ static void good2() { if(staticReturnsTrue()) { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FIX: Call SHRegCreateUSKeyW() without KEY_ALL_ACCESS as the 2nd parameter to limit access */ if (SHRegCreateUSKeyW( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
void CWE284_Improper_Access_Control__w32_char_SHRegCreateUSKey_15_bad() { switch(6) { case 6: { char * keyName = "TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FLAW: Call SHRegCreateUSKeyA() with KEY_ALL_ACCESS as the 2nd parameter */ if (SHRegCreateUSKeyA( keyName, KEY_ALL_ACCESS, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } break; default: /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); break; } }
/* good1() uses if(staticReturnsFalse()) instead of if(staticReturnsTrue()) */ static void good1() { if(staticReturnsFalse()) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ printLine("Benign, fixed string"); } else { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FIX: Call SHRegCreateUSKeyW() without KEY_ALL_ACCESS as the 2nd parameter to limit access */ if (SHRegCreateUSKeyW( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
void CWE284_Improper_Access_Control__w32_wchar_t_SHRegCreateUSKey_08_bad() { if(staticReturnsTrue()) { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FLAW: Call SHRegCreateUSKeyW() with KEY_ALL_ACCESS as the 2nd parameter */ if (SHRegCreateUSKeyW( keyName, KEY_ALL_ACCESS, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
/* good1() uses the GoodSinkBody in the while loop */ static void good1() { while(1) { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey; /* FIX: Call SHRegOpenUSKeyW() with HKEY_CURRENT_USER (fIgnoreHKCU == FALSE) */ if (SHRegOpenUSKeyW( keyName, KEY_WRITE, NULL, &hKey, FALSE) != ERROR_SUCCESS) { printLine("Registry key could not be opened"); } else { printLine("Registry key opened successfully"); SHRegCloseUSKey(hKey); } } break; } }
void CWE284_Improper_Access_Control__w32_char_SHRegCreateUSKey_16_bad() { while(1) { { char * keyName = "TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FLAW: Call SHRegCreateUSKeyA() with KEY_ALL_ACCESS as the 2nd parameter */ if (SHRegCreateUSKeyA( keyName, KEY_ALL_ACCESS, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } break; } }
/* good1() uses the GoodSinkBody in the for statements */ static void good1() { int k; for(k = 0; k < 1; k++) { { wchar_t * keyName = L"TEST\\TestKey"; HUSKEY hKey; /* FIX: Call SHRegCreateUSKeyW() with SHREGSET_HKCU */ if (SHRegCreateUSKeyW( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } } }
/* good1() uses the GoodSinkBody in the while loop */ static void good1() { while(1) { { char * keyName = "TEST\\TestKey"; HUSKEY hKey = HKEY_CURRENT_USER; /* FIX: Call SHRegCreateUSKeyA() without KEY_ALL_ACCESS as the 2nd parameter to limit access */ if (SHRegCreateUSKeyA( keyName, KEY_WRITE, NULL, &hKey, SHREGSET_HKCU) != ERROR_SUCCESS) { printLine("Registry key could not be created"); } else { printLine("Registry key created successfully"); SHRegCloseUSKey(hKey); } } break; } }
void CPlugins::Enumerate() { HUSKEY hKey = NULL; if ( SHRegOpenUSKey( REGISTRY_KEY _T("\\Plugins\\General"), KEY_READ, NULL, &hKey, FALSE ) != ERROR_SUCCESS ) return; for ( DWORD nKey = 0 ; ; nKey++ ) { TCHAR szName[ 128 ], szCLSID[ 64 ]; DWORD dwType, dwName = _countof( szName ), dwCLSID = sizeof( szCLSID ); if ( SHRegEnumUSValue( hKey, nKey, szName, &dwName, &dwType, (LPBYTE)szCLSID, &dwCLSID, SHREGENUM_DEFAULT ) != ERROR_SUCCESS ) break; if ( dwType != REG_SZ ) continue; szCLSID[ 38 ] = 0; CLSID pCLSID; if ( ! Hashes::fromGuid( szCLSID, &pCLSID ) ) continue; CQuickLock oLock( m_pSection ); for ( POSITION pos = GetIterator() ; pos ; ) { if ( GetNext( pos )->m_pCLSID == pCLSID ) { pCLSID = GUID_NULL; break; } } if ( pCLSID == GUID_NULL ) continue; if ( CPlugin* pPlugin = new CPlugin( pCLSID, szName ) ) { m_pList.AddTail( pPlugin ); if ( LookupEnable( pCLSID ) ) pPlugin->Start(); } } SHRegCloseUSKey( hKey ); }