bool run_test(const std::string& path, const std::string& test, bool& warnings_occured, const std::string& cmd = "")
{
FILE* bin;
#ifdef PE_BLISS_WINDOWS
bin = POPEN(("\"\"" + path + test + "\" \"" + path + cmd + "\"\" 2>&1" + DEV_NULL).c_str(), "r");
#else
bin = POPEN(("\"" + path + test + "\" \"" + path + cmd + "\" 2>&1" + DEV_NULL).c_str(), "r");
#endif
if(bin == NULL)
{
std::cerr << "Cannot execute testsuite" << std::endl;
return false;
}
char buf[256];
while(fgets(buf, sizeof(buf), bin) != NULL)
{
warnings_occured = true;
std::cerr << buf;
}
#ifdef PE_BLISS_WINDOWS
return PCLOSE(bin) == 0;
#else
int stat;
int wstat = WEXITSTATUS(stat = PCLOSE(bin));
if(stat < 0 || (wstat != 0 && wstat != 128 + SIGPIPE))
return false;
else
return true;
#endif
}
/* goodG2B1() - use goodsource and badsink by changing the GLOBAL_CONST_TRUE to GLOBAL_CONST_FALSE */
static void goodG2B1()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
if(GLOBAL_CONST_FALSE)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: full path is specified */
strcpy(data, GOOD_OS_COMMAND);
}
{
FILE *pipe;
/* POTENTIAL FLAW: Executing the popen() function without specifying the full path to the executable
* can allow an attacker to run their own program */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B1() - use goodsource and badsink by changing the switch to switch(5) */
static void goodG2B1()
{
wchar_t * data;
wchar_t data_buf[100] = FULL_COMMAND;
data = data_buf;
switch(5)
{
case 6:
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
break;
default:
/* FIX: Append a fixed string to data (not user / external input) */
wcscat(data, L"*.*");
break;
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B() - use goodsource and badsink by changing the "if" so that
* both branches use the GoodSource */
static void goodG2B()
{
char * data;
char dataBuffer[100] = "";
data = dataBuffer;
if(globalReturnsTrueOrFalse())
{
/* FIX: full path is specified */
strcpy(data, GOOD_OS_COMMAND);
}
else
{
/* FIX: full path is specified */
strcpy(data, GOOD_OS_COMMAND);
}
{
FILE *pipe;
/* POTENTIAL FLAW: Executing the popen() function without specifying the full path to the executable
* can allow an attacker to run their own program */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B1() - use goodsource and badsink by changing the 5==5 to 5!=5 */
static void goodG2B1()
{
char * data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
if(5!=5)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B() - use goodsource and badsink by changing the "if" so that
* both branches use the GoodSource */
static void goodG2B()
{
char * data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
if(globalReturnsTrueOrFalse())
{
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
}
else
{
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void CWE78_OS_Command_Injection__char_environment_popen_16_bad()
{
char * data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
while(1)
{
{
/* Append input from an environment variable to data */
size_t dataLen = strlen(data);
char * environment = GETENV(ENV_VARIABLE);
/* If there is data in the environment variable */
if (environment != NULL)
{
/* POTENTIAL FLAW: Read data from an environment variable */
strncat(data+dataLen, environment, 100-dataLen-1);
}
}
break;
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2B()
{
char * data;
char * *dataPtr1 = &data;
char * *dataPtr2 = &data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
{
char * data = *dataPtr1;
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
*dataPtr1 = data;
}
{
char * data = *dataPtr2;
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
}
int mu_rndwn_sem_all(void)
{
int save_errno, exit_status = SS_NORMAL, semid;
char entry[MAX_ENTRY_LEN];
FILE *pf;
char fname[MAX_FN_LEN + 1], *fgets_res;
boolean_t rem_sem;
shm_parms *parm_buff;
if (NULL == (pf = POPEN(IPCS_SEM_CMD_STR ,"r")))
{
save_errno = errno;
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(8) ERR_SYSCALL, 5, RTS_ERROR_LITERAL("POPEN()"), CALLFROM, save_errno);
return ERR_MUNOTALLSEC;
}
while (NULL != (FGETS(entry, SIZEOF(entry), pf, fgets_res)) && entry[0] != '\n')
{
if (-1 != (semid = parse_sem_id(entry)))
{
if (is_orphaned_gtm_semaphore(semid))
{ /* semval == 0 and corresponding shared memory has been removed */
if (-1 != semctl(semid, 0, IPC_RMID))
{
gtm_putmsg_csa(CSA_ARG(NULL) VARLSTCNT(3) ERR_SEMREMOVED, 1, semid);
send_msg_csa(CSA_ARG(NULL) VARLSTCNT(3) ERR_SEMREMOVED, 1, semid);
}
}
}
}
pclose(pf);
return exit_status;
}
explicit Gnuplot(const std::string cmd = "gnuplot") :
boost::iostreams::stream<boost::iostreams::file_descriptor_sink>(
FILENO(pout = POPEN(cmd.c_str(), "w")),
boost::iostreams::never_close_handle),
pout(pout), // keeps '-Weff++' quiet
gp_pty(NULL),
debug_messages(false)
{
*this << std::scientific << std::setprecision(18); // refer <iomanip>
}
void CWE78_OS_Command_Injection__wchar_t_listen_socket_popen_54e_badSink(wchar_t * data)
{
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void CWE78_OS_Command_Injection__wchar_t_environment_popen_65b_goodG2BSink(wchar_t * data)
{
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
CWE78_OS_Command_Injection__wchar_t_connect_socket_popen_84_bad::~CWE78_OS_Command_Injection__wchar_t_connect_socket_popen_84_bad()
{
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void CWE78_OS_Command_Injection__char_file_popen_65b_badSink(char * data)
{
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2BSink(wchar_t * data)
{
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
CWE78_OS_Command_Injection__char_console_popen_84_goodG2B::~CWE78_OS_Command_Injection__char_console_popen_84_goodG2B()
{
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
std::string executeShellCommand(const std::string command)
{
FILE* pipe = POPEN(command.c_str(), "r");
if (!pipe) return "ERROR";
char buffer[128];
std::string result = "";
while(!feof(pipe)) {
if(fgets(buffer, 128, pipe) != NULL)
result += buffer;
}
PCLOSE(pipe);
return result;
}
/* goodG2B() uses the GoodSource with the BadSink */
static void goodG2BSink(char * data)
{
{
FILE *pipe;
/* POTENTIAL FLAW: Executing the popen() function without specifying the full path to the executable
* can allow an attacker to run their own program */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void CWE78_OS_Command_Injection__char_file_popen_67b_goodG2BSink(CWE78_OS_Command_Injection__char_file_popen_67_structType myStruct)
{
char * data = myStruct.structFirst;
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void CWE426_Untrusted_Search_Path__wchar_t_popen_81_bad::action(wchar_t * data) const
{
{
FILE *pipe;
/* POTENTIAL FLAW: Executing the wpopen() function without specifying the full path to the executable
* can allow an attacker to run their own program */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void goodG2BSink(list<wchar_t *> dataList)
{
wchar_t * data = dataList.back();
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void goodG2BSink(map<int, char *> dataMap)
{
char * data = dataMap[2];
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void CWE78_OS_Command_Injection__char_file_popen_68b_goodG2BSink()
{
char * data = CWE78_OS_Command_Injection__char_file_popen_68_goodG2BData;
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void CWE78_OS_Command_Injection__char_file_popen_66b_badSink(char * dataArray[])
{
/* copy data out of dataArray */
char * data = dataArray[2];
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void goodG2BSink(map<int, wchar_t *> dataMap)
{
wchar_t * data = dataMap[2];
{
FILE *pipe;
/* POTENTIAL FLAW: Executing the wpopen() function without specifying the full path to the executable
* can allow an attacker to run their own program */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void badSink(map<int, wchar_t *> dataMap)
{
/* copy data out of dataMap */
wchar_t * data = dataMap[2];
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, L"wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
void CWE426_Untrusted_Search_Path__char_popen_68b_goodG2BSink()
{
char * data = CWE426_Untrusted_Search_Path__char_popen_68_goodG2BData;
{
FILE *pipe;
/* POTENTIAL FLAW: Executing the popen() function without specifying the full path to the executable
* can allow an attacker to run their own program */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void CWE78_OS_Command_Injection__char_console_popen_12_bad()
{
char * data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
if(globalReturnsTrueOrFalse())
{
{
/* Read input from the console */
size_t dataLen = strlen(data);
/* if there is room in data, read into it from the console */
if (100-dataLen > 1)
{
/* POTENTIAL FLAW: Read data from the console */
if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL)
{
/* The next few lines remove the carriage return from the string that is
* inserted by fgets() */
dataLen = strlen(data);
if (dataLen > 0 && data[dataLen-1] == '\n')
{
data[dataLen-1] = '\0';
}
}
else
{
printLine("fgets() failed");
/* Restore NUL terminator if fgets fails */
data[dataLen] = '\0';
}
}
}
}
else
{
/* FIX: Append a fixed string to data (not user / external input) */
strcat(data, "*.*");
}
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
void CWE78_OS_Command_Injection__char_environment_popen_42_bad()
{
char * data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
data = badSource(data);
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
/* goodG2B uses the GoodSource with the BadSink */
static void goodG2B()
{
char * data;
char data_buf[100] = FULL_COMMAND;
data = data_buf;
data = goodG2BSource(data);
{
FILE *pipe;
/* POTENTIAL FLAW: Execute command in data possibly leading to command injection */
pipe = POPEN(data, "wb");
if (pipe != NULL)
{
PCLOSE(pipe);
}
}
}
