/* goodG2B uses the GoodSource with the BadSink */
void goodG2BSink(map<int, char *> dataMap)
{
char * data = dataMap[2];
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2BSink()
{
char * data = CWE78_OS_Command_Injection__char_console_w32_execvp_45_goodG2BData;
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B uses the GoodSource with the BadSink */
void goodG2BSink(list<wchar_t *> dataList)
{
wchar_t * data = dataList.back();
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
void CWE78_OS_Command_Injection__wchar_t_file_w32_execvp_66b_badSink(wchar_t * dataArray[])
{
/* copy data out of dataArray */
wchar_t * data = dataArray[2];
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
static void goodG2B()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
data = CWE78_OS_Command_Injection__wchar_t_console_w32_execvp_61b_goodG2BSource(data);
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B uses the GoodSource with the BadSink */
static void goodG2B()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
data = goodG2BSource(data);
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
void CWE78_OS_Command_Injection__char_listen_socket_w32_execvp_42_bad()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
data = badSource(data);
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B uses the GoodSource with the BadSink */
void CWE78_OS_Command_Injection__wchar_t_listen_socket_w32_execvp_64b_goodG2BSink(void * dataVoidPtr)
{
/* cast void pointer to a pointer of the appropriate type */
wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr;
/* dereference dataPtr into data */
wchar_t * data = (*dataPtr);
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B uses the GoodSource with the BadSink */
static void goodG2B()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the if statement */
static void goodG2B2()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(GLOBAL_CONST_TRUE)
{
/* FIX: Append a fixed string to data (not user / external input) */
wcscat(data, L"*.*");
}
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
void CWE78_OS_Command_Injection__char_console_w32_execvp_17_bad()
{
int i;
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
for(i = 0; i < 1; i++)
{
{
/* Read input from the console */
size_t dataLen = strlen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgets() */
dataLen = strlen(data);
if (dataLen > 0 && data[dataLen-1] == '\n')
{
data[dataLen-1] = '\0';
}
}
else
{
printLine("fgets() failed");
/* Restore NUL terminator if fgets fails */
data[dataLen] = '\0';
}
}
}
}
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
void CWE78_OS_Command_Injection__char_file_w32_execvp_12_bad()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
if(globalReturnsTrueOrFalse())
{
{
/* Read input from a file */
size_t dataLen = strlen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (100-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgets(data+dataLen, (int)(100-dataLen), pFile) == NULL)
{
printLine("fgets() failed");
/* Restore NUL terminator if fgets fails */
data[dataLen] = '\0';
}
fclose(pFile);
}
}
}
}
else
{
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
}
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
char * data;
CWE78_OS_Command_Injection__char_listen_socket_w32_execvp_34_unionType myUnion;
char dataBuffer[100] = "";
data = dataBuffer;
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
myUnion.unionFirst = data;
{
char * data = myUnion.unionSecond;
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
}
std::string ExecuteProcess(const std::string& file, std::vector<std::string> args)
{
std::string execError = "";
// "The first argument, by convention, should point to
// the filename associated with the file being executed."
args.insert(args.begin(), Quote(file));
char** processArgs = new char*[args.size() + 1];
for (size_t a = 0; a < args.size(); ++a) {
const std::string& arg = args.at(a);
const size_t arg_size = arg.length() + 1;
processArgs[a] = new char[arg_size];
STRCPY_T(processArgs[a], arg_size, arg.c_str());
}
// "The array of pointers must be terminated by a NULL pointer."
processArgs[args.size()] = NULL;
{
// Execute
#ifdef WIN32
#define EXECVP _execvp
#else
#define EXECVP execvp
#endif
const int ret = EXECVP(file.c_str(), processArgs);
if (ret == -1) {
execError = strerror(errno);
}
}
for (size_t a = 0; a < args.size(); ++a) {
delete[] processArgs[a];
}
delete[] processArgs;
return execError;
}
void CWE78_OS_Command_Injection__wchar_t_file_w32_execvp_17_bad()
{
int i;
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
for(i = 0; i < 1; i++)
{
{
/* Read input from a file */
size_t dataLen = wcslen(data);
FILE * pFile;
/* if there is room in data, attempt to read the input from a file */
if (100-dataLen > 1)
{
pFile = fopen(FILENAME, "r");
if (pFile != NULL)
{
/* POTENTIAL FLAW: Read data from a file */
if (fgetws(data+dataLen, (int)(100-dataLen), pFile) == NULL)
{
printLine("fgetws() failed");
/* Restore NUL terminator if fgetws fails */
data[dataLen] = L'\0';
}
fclose(pFile);
}
}
}
}
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
std::string ExecuteProcess(const std::string& file, std::vector<std::string> args)
{
// "The first argument, by convention, should point to
// the filename associated with the file being executed."
// NOTE:
// spaces in the first argument or quoted file paths
// are not supported on Windows, so translate <file>
// to a short path there
args.insert(args.begin(), GetShortFileName(file));
// "The array of pointers must be terminated by a NULL pointer."
// --> include one extra argument string and leave it NULL
std::vector<char*> processArgs(args.size() + 1, NULL);
std::string execError;
for (size_t a = 0; a < args.size(); ++a) {
const std::string& arg = args[a];
const size_t argSize = arg.length() + 1;
STRCPY_T(processArgs[a] = new char[argSize], argSize, arg.c_str());
}
#ifdef WIN32
#define EXECVP _execvp
#else
#define EXECVP execvp
#endif
if (EXECVP(args[0].c_str(), &processArgs[0]) == -1) {
LOG("[%s] error: \"%s\" %s (%d)", __FUNCTION__, args[0].c_str(), (execError = strerror(errno)).c_str(), errno);
}
#undef EXECVP
for (size_t a = 0; a < args.size(); ++a) {
delete[] processArgs[a];
}
return execError;
}
/* goodG2B1() - use goodsource and badsink by changing the globalReturnsTrue() to globalReturnsFalse() */
static void goodG2B1()
{
wchar_t * data;
wchar_t dataBuffer[100] = L"";
data = dataBuffer;
if(globalReturnsFalse())
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: Append a fixed string to data (not user / external input) */
wcscat(data, L"*.*");
}
{
wchar_t *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* wexecvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
/* goodG2B2() - use goodsource and badsink by reversing the blocks in the switch */
static void goodG2B2()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
switch(6)
{
case 6:
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
break;
default:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
}
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
void CWE78_OS_Command_Injection__char_environment_w32_execvp_01_bad()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
{
/* Append input from an environment variable to data */
size_t dataLen = strlen(data);
char * environment = GETENV(ENV_VARIABLE);
/* If there is data in the environment variable */
if (environment != NULL)
{
/* POTENTIAL FLAW: Read data from an environment variable */
strncat(data+dataLen, environment, 100-dataLen-1);
}
}
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
void CWE78_OS_Command_Injection__char_listen_socket_w32_execvp_34_bad()
{
char * data;
CWE78_OS_Command_Injection__char_listen_socket_w32_execvp_34_unionType myUnion;
char dataBuffer[100] = "";
data = dataBuffer;
{
#ifdef _WIN32
WSADATA wsaData;
int wsaDataInit = 0;
#endif
int recvResult;
struct sockaddr_in service;
char *replace;
SOCKET listenSocket = INVALID_SOCKET;
SOCKET acceptSocket = INVALID_SOCKET;
size_t dataLen = strlen(data);
do
{
#ifdef _WIN32
if (WSAStartup(MAKEWORD(2,2), &wsaData) != NO_ERROR)
{
break;
}
wsaDataInit = 1;
#endif
/* POTENTIAL FLAW: Read data using a listen socket */
listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listenSocket == INVALID_SOCKET)
{
break;
}
memset(&service, 0, sizeof(service));
service.sin_family = AF_INET;
service.sin_addr.s_addr = INADDR_ANY;
service.sin_port = htons(TCP_PORT);
if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR)
{
break;
}
if (listen(listenSocket, LISTEN_BACKLOG) == SOCKET_ERROR)
{
break;
}
acceptSocket = accept(listenSocket, NULL, NULL);
if (acceptSocket == SOCKET_ERROR)
{
break;
}
/* Abort on error or the connection was closed */
recvResult = recv(acceptSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0);
if (recvResult == SOCKET_ERROR || recvResult == 0)
{
break;
}
/* Append null terminator */
data[dataLen + recvResult / sizeof(char)] = '\0';
/* Eliminate CRLF */
replace = strchr(data, '\r');
if (replace)
{
*replace = '\0';
}
replace = strchr(data, '\n');
if (replace)
{
*replace = '\0';
}
}
while (0);
if (listenSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(listenSocket);
}
if (acceptSocket != INVALID_SOCKET)
{
CLOSE_SOCKET(acceptSocket);
}
#ifdef _WIN32
if (wsaDataInit)
{
WSACleanup();
}
#endif
}
myUnion.unionFirst = data;
{
char * data = myUnion.unionSecond;
{
char *args[] = {COMMAND_INT_PATH, COMMAND_ARG1, COMMAND_ARG2, COMMAND_ARG3, NULL};
/* execvp - searches for the location of the command among
* the directories specified by the PATH environment variable */
/* POTENTIAL FLAW: Execute command without validating input possibly leading to command injection */
EXECVP(COMMAND_INT, args);
}
}
}
