1 /* 2 * Copyright (c) 2001-2002 Secure Software, Inc 3 * 4 * This program is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU General Public License 6 * as published by the Free Software Foundation; either version 2 7 * of the License, or (at your option) any later version. 8 * 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write to the Free Software 16 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 17 * 18 */ 19 20 #ifndef REPORT_H 21 #define REPORT_H 22 23 #include "vuln_db.h" 24 #include "engine.h" 25 #ifndef _MSC_VER 26 #include <sys/time.h> 27 #endif 28 29 30 extern int total_lines; 31 #ifdef _MSC_VER 32 extern DWORD time_started; 33 extern DWORD time_finished; 34 #else 35 extern struct timeval time_started; 36 extern struct timeval time_finished; 37 #endif 38 39 typedef enum _type_t type_t; 40 enum _type_t 41 { 42 BOProblem, 43 FSProblem, 44 InputProblem, 45 Info, 46 RaceConditionCheck, 47 RaceConditionUse, 48 StaticLocalBuffer, 49 StaticGlobalBuffer, 50 Reference, 51 PythonBacktick, 52 PhpBacktick, 53 PerlBacktick, 54 RubyBacktick, 55 None 56 }; 57 58 typedef struct _toctou_use_t toctou_use_t; 59 struct _toctou_use_t 60 { 61 char * name; 62 int lineno; 63 int column; 64 }; 65 66 typedef struct _vulnerability_t vulnerability_t; 67 struct _vulnerability_t 68 { 69 char * filename; 70 int lineno; 71 int column; 72 Vuln_t * data; 73 type_t type; 74 Severity_t severity; 75 toctou_use_t * uses; 76 vulnerability_t * next; 77 vulnerability_t * prev; 78 }; 79 80 typedef struct _input_t input_t; 81 struct _input_t 82 { 83 char * filename; 84 int lineno; 85 int column; 86 Vuln_t * data; 87 input_t * next; 88 }; 89 90 typedef struct _ignore_t ignore_t; 91 struct _ignore_t 92 { 93 char * filename; 94 int lineno; 95 char * token; /* can be NULL */ 96 ignore_t * next; 97 }; 98 99 extern int warning_level; 100 101 extern void log_staticbuffer(type_t type, int, int, Severity_t); 102 extern void log_toctou(toctou_t **, int, int, int); 103 extern void log_pythonbacktick(int, int,Severity_t); 104 extern void log_perlbacktick(int, int,Severity_t); 105 extern void log_phpbacktick(int, int,Severity_t); 106 extern void log_rubybacktick(int, int,Severity_t); 107 extern void log_vulnerability(type_t, Severity_t); 108 extern void record_input(void); 109 extern void generate_report(void); 110 extern void generate_xml(void); 111 extern void generate_html(void); 112 extern ignore_t * new_ignore(int lineno, char *token); 113 114 #endif 115