Module cwe_checker_lib::checkers::cwe_78

source ·
Expand description

This module implements a check for CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’).

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

See https://cwe.mitre.org/data/definitions/78.html for a detailed description.

How the check works

The check depends entirely on the string abstraction analysis that is run beforehand. The string abstraction uses a forward fixpoint analysis to determine potential strings at all nodes in the CFG. More detailed information about the string abstraction can be found in the corresponding files.

The BricksDomain, a string abstract domain defining a string as a sequence of substring sets (bricks) is used for this check. As it considers the order of characters, it can be further used for a manual post analysis of the commands given to system calls.

Symbols configurable in config.json

The system calls considered in this check can be configured in the config.json.

False Positives

  • The input comes from the user but proper sanitization was not detected by the analysis even though it exists.
  • The input comes from the user but the format string’s input format could not be distinguished as non-string input.

False Negatives

  • Missing substrings due to lost track of pointer targets
  • Non tracked function parameters cause incomplete strings that could miss possible dangerous inputs

Structs

  • Config
    The configuration struct

Statics

Functions