Module cwe_checker_lib::checkers::cwe_782

This module implements a check for CWE-782: Exposed IOCTL with Insufficient Access Control.

See https://cwe.mitre.org/data/definitions/782.html for a detailed description.

How the check works:

• Calls to ioctl() get flagged as CWE hits.

False Positives:

• We cannot check whether the call contains sufficient access control.

False Negatives:

• There are other ways to expose I/O control without access control.

Statics

• CWE_MODULE
  The module name and version

Functions

• check_cwe
  Iterate through all calls of the program and flag calls to ioctl() as CWE warnings.
• generate_cwe_warning
  generate the cwe warning for CWE 782
• handle_sub
  check whether the ioctl symbol is called by any subroutine. If so, generate the cwe warning.